39 lines
998 B
Nix
39 lines
998 B
Nix
{
|
|
inputs,
|
|
config,
|
|
pkgs,
|
|
...
|
|
}: let
|
|
sopSec = config.sops.secrets;
|
|
secrets = inputs.mysecrets;
|
|
in {
|
|
nix.settings.trusted-users = [
|
|
"user"
|
|
"remotebuild"
|
|
];
|
|
users.mutableUsers = false;
|
|
users.users = {
|
|
user = {
|
|
hashedPasswordFile = sopSec."user-password-hashed".path;
|
|
# passwordFile = config.sops.secrets.user-password.path;
|
|
isNormalUser = true;
|
|
extraGroups = ["wheel" "video" "libvirtd" "dialout"];
|
|
shell = pkgs.fish;
|
|
openssh.authorizedKeys.keyFiles = [
|
|
"${secrets}/ssh/id_ed25519_sarien_user.pub"
|
|
"${secrets}/ssh/id_ed25519_eldrid_user.pub"
|
|
];
|
|
};
|
|
remotebuild = {
|
|
isNormalUser = true;
|
|
createHome = false;
|
|
group = "remotebuild";
|
|
openssh.authorizedKeys.keyFiles = [
|
|
"${secrets}/ssh/id_ed25519_eldrid_rmbuild.pub"
|
|
# "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHPR1H7nWA2ay5PORdMJFnJcvVwpk3pTxMPJHQWSF3Z root@vylxae"
|
|
];
|
|
};
|
|
};
|
|
users.groups.remotebuild = {};
|
|
}
|