2022-06-06 06:44:01 +00:00
|
|
|
{ pkgs, lib, ... }:
|
2022-05-22 08:27:02 +00:00
|
|
|
|
|
|
|
# installer docs: https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/profiles/installation-device.nix
|
|
|
|
{
|
|
|
|
# Users are exactly these specified here;
|
|
|
|
# old ones will be deleted (from /etc/passwd, etc) upon upgrade.
|
|
|
|
users.mutableUsers = false;
|
|
|
|
|
|
|
|
# docs: https://nixpkgs-manual-sphinx-markedown-example.netlify.app/generated/options-db.xml.html#users-users
|
|
|
|
users.users.colin = {
|
|
|
|
# sets group to "users" (?)
|
|
|
|
isNormalUser = true;
|
|
|
|
home = "/home/colin";
|
|
|
|
uid = 1000;
|
|
|
|
# XXX colin: this is what the installer has, but is it necessary?
|
|
|
|
# group = "users";
|
2022-05-30 21:56:48 +00:00
|
|
|
extraGroups = [
|
|
|
|
"wheel"
|
|
|
|
"nixbuild"
|
|
|
|
"networkmanager"
|
|
|
|
# phosh/mobile. XXX colin: unsure if necessary
|
|
|
|
"video"
|
|
|
|
"feedbackd"
|
|
|
|
"dialout" # required for modem access
|
|
|
|
];
|
2022-05-23 10:06:29 +00:00
|
|
|
initialPassword = lib.mkDefault "";
|
2022-05-24 03:33:08 +00:00
|
|
|
shell = pkgs.zsh;
|
2022-05-22 08:27:02 +00:00
|
|
|
# shell = pkgs.bashInteractive;
|
|
|
|
# XXX colin: create ssh key for THIS user by logging in and running:
|
|
|
|
# ssh-keygen -t ed25519
|
|
|
|
openssh.authorizedKeys.keys = [
|
|
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGSDe/y0e9PSeUwYlMPjzhW0UhNsGAGsW3lCG3apxrD5 colin@colin.desktop"
|
2022-05-22 09:06:33 +00:00
|
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG+MZ/l5d8g5hbxMB9ed1uyvhV85jwNrSVNVxb5ujQjw colin@lappy"
|
|
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPU5GlsSfbaarMvDA20bxpSZGWviEzXGD8gtrIowc1pX colin@desko"
|
2022-06-06 23:57:35 +00:00
|
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPS1qFzKurAdB9blkWomq8gI1g0T3sTs9LsmFOj5VtqX colin@uninsane"
|
2022-05-27 08:02:52 +00:00
|
|
|
# TODO: should probably only let this authenticate to my server
|
|
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGCLCA9KbjXaXNNMJJvqbPO5KQQ64JCdG8sg88AfdKzi colin@moby"
|
2022-05-22 08:27:02 +00:00
|
|
|
];
|
|
|
|
};
|
|
|
|
|
|
|
|
security.sudo = {
|
|
|
|
enable = true;
|
|
|
|
wheelNeedsPassword = false;
|
|
|
|
};
|
|
|
|
|
|
|
|
services.openssh = {
|
|
|
|
enable = true;
|
|
|
|
permitRootLogin = "no";
|
|
|
|
passwordAuthentication = false;
|
|
|
|
};
|
|
|
|
}
|