85 lines
1.6 KiB
Nix
85 lines
1.6 KiB
Nix
{
|
|
config,
|
|
lib,
|
|
pkgs,
|
|
...
|
|
}:
|
|
{
|
|
users.mutableUsers = false;
|
|
|
|
users.users.ashie = {
|
|
isNormalUser = true;
|
|
initialPassword = "password"; # Temporary password, change with 'passwd' after login
|
|
# hashedPasswordFile = config.sops.secrets.hashed_password.path;
|
|
uid = 1000;
|
|
shell = pkgs.fish;
|
|
extraGroups = [
|
|
"wheel"
|
|
"podman"
|
|
"render"
|
|
"video"
|
|
];
|
|
packages = with pkgs; [
|
|
tree
|
|
];
|
|
subUidRanges = [
|
|
{
|
|
startUid = 200000000;
|
|
count = 100000000;
|
|
}
|
|
];
|
|
subGidRanges = [
|
|
{
|
|
startGid = 200000000;
|
|
count = 100000000;
|
|
}
|
|
];
|
|
openssh.authorizedKeys.keys = [
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGrff2OCTbuThkfOYQmf4T+pbA+rk4tGodk7HsXf30rN u0_a337@localhost"
|
|
];
|
|
};
|
|
|
|
# Disable root password login
|
|
users.users.root = {
|
|
hashedPassword = "!";
|
|
subUidRanges = [
|
|
{
|
|
startUid = 100000;
|
|
count = 100000000;
|
|
}
|
|
];
|
|
subGidRanges = [
|
|
{
|
|
startGid = 100000;
|
|
count = 100000000;
|
|
}
|
|
];
|
|
};
|
|
|
|
# Restrict su to wheel group
|
|
security.pam.services.su.requireWheel = true;
|
|
|
|
# Alias sudo to doas for muscle memory
|
|
environment.shellAliases = {
|
|
sudo = "doas";
|
|
};
|
|
|
|
# System user for Podman --userns=auto allocations
|
|
users.users.containers = {
|
|
isSystemUser = true;
|
|
group = "containers";
|
|
subUidRanges = [
|
|
{
|
|
startUid = 200000;
|
|
count = 100000000;
|
|
}
|
|
];
|
|
subGidRanges = [
|
|
{
|
|
startGid = 200000;
|
|
count = 100000000;
|
|
}
|
|
];
|
|
};
|
|
users.groups.containers = { };
|
|
}
|