users: apply default permissions to any user who goes through the sane.users module
This commit is contained in:
parent
ab7068c819
commit
44b15ba8ed
|
@ -52,13 +52,6 @@
|
|||
|
||||
sane.users.colin = {
|
||||
default = true;
|
||||
# ensure ~ perms are known to sane.fs module.
|
||||
# TODO: this is generic enough to be lifted up into sane.fs itself.
|
||||
fs."/".dir.acl = {
|
||||
user = "colin";
|
||||
group = config.users.users.colin.group;
|
||||
mode = config.users.users.colin.homeMode;
|
||||
};
|
||||
|
||||
persist.plaintext = [
|
||||
"archive"
|
||||
|
|
|
@ -11,8 +11,8 @@ in
|
|||
};
|
||||
};
|
||||
|
||||
config = {
|
||||
users.users.guest = lib.mkIf cfg.enable {
|
||||
config = lib.mkIf cfg.enable {
|
||||
users.users.guest = {
|
||||
isNormalUser = true;
|
||||
home = "/home/guest";
|
||||
subUidRanges = [
|
||||
|
|
|
@ -40,7 +40,7 @@ let
|
|||
};
|
||||
};
|
||||
};
|
||||
userModule = types.submodule ({ name, config, ... }: {
|
||||
userModule = let nixConfig = config; in types.submodule ({ name, config, ... }: {
|
||||
options = userOptions.options // {
|
||||
default = mkOption {
|
||||
type = types.bool;
|
||||
|
@ -63,6 +63,11 @@ let
|
|||
# if we're the default user, inherit whatever settings were routed to the default user
|
||||
(mkIf config.default sane-user-cfg)
|
||||
{
|
||||
fs."/".dir.acl = {
|
||||
user = name;
|
||||
group = nixConfig.users.users."${name}".group;
|
||||
mode = nixConfig.users.users."${name}".homeMode;
|
||||
};
|
||||
fs.".profile".symlink.text =
|
||||
let
|
||||
env = lib.mapAttrsToList
|
||||
|
|
Loading…
Reference in New Issue
Block a user