27 lines
558 B
Nix
27 lines
558 B
Nix
{
|
|
inputs,
|
|
config,
|
|
pkgs,
|
|
...
|
|
}: let
|
|
sopSec = config.sops.secrets;
|
|
in {
|
|
nix.settings.trusted-users = [
|
|
"user"
|
|
"nix-ssh"
|
|
];
|
|
users.mutableUsers = false;
|
|
users.users = {
|
|
user = {
|
|
hashedPasswordFile = sopSec."user-password-hashed".path;
|
|
extraGroups = ["wheel" "video" "libvirtd" "dialout"];
|
|
isNormalUser = true;
|
|
shell = pkgs.fish;
|
|
openssh.authorizedKeys.keyFiles = map (f: "${inputs.mysecrets}/ssh/" + f) [
|
|
"id_ed25519_sarien_user.pub"
|
|
"id_ed25519_eldrid_user.pub"
|
|
];
|
|
};
|
|
};
|
|
}
|