2023-06-28 03:34:15 +00:00
|
|
|
{ config, pkgs, lib, ... }:
|
|
|
|
|
|
|
|
let
|
|
|
|
cfg = config.sane.guest;
|
|
|
|
in
|
|
|
|
{
|
|
|
|
options = with lib; {
|
|
|
|
sane.guest.enable = mkOption {
|
|
|
|
default = false;
|
|
|
|
type = types.bool;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
2023-07-14 23:56:01 +00:00
|
|
|
config = lib.mkIf cfg.enable {
|
|
|
|
users.users.guest = {
|
2023-06-28 03:34:15 +00:00
|
|
|
isNormalUser = true;
|
|
|
|
home = "/home/guest";
|
|
|
|
subUidRanges = [
|
|
|
|
{ startUid=200000; count=1; }
|
|
|
|
];
|
|
|
|
group = "users";
|
|
|
|
initialPassword = lib.mkDefault "";
|
|
|
|
shell = pkgs.zsh;
|
|
|
|
};
|
|
|
|
|
2023-06-28 03:57:57 +00:00
|
|
|
sane.users.guest.fs.".ssh/authorized_keys".symlink.target = config.sops.secrets."guest/authorized_keys".path or "/dev/null";
|
|
|
|
|
2023-11-08 15:32:50 +00:00
|
|
|
sane.persist.sys.byStore.plaintext = lib.mkIf cfg.enable [
|
2023-06-28 03:34:15 +00:00
|
|
|
# intentionally allow other users to write to the guest folder
|
2023-07-08 00:56:20 +00:00
|
|
|
{ path = "/home/guest"; user = "guest"; group = "users"; mode = "0775"; }
|
2023-06-28 03:34:15 +00:00
|
|
|
];
|
|
|
|
};
|
|
|
|
}
|