94 lines
2 KiB
Nix
94 lines
2 KiB
Nix
{
|
|
config,
|
|
pkgs,
|
|
...
|
|
}:
|
|
{
|
|
imports = [
|
|
./home/user.nix
|
|
./home/root.nix
|
|
./home/agents.nix
|
|
];
|
|
sops.secrets."user/password" = {
|
|
neededForUsers = true;
|
|
sopsFile = ./secrets/home.yaml;
|
|
};
|
|
sops.secrets."root/password" = {
|
|
neededForUsers = true;
|
|
sopsFile = ./secrets/home.yaml;
|
|
};
|
|
users = {
|
|
mutableUsers = true;
|
|
|
|
users = {
|
|
root = {
|
|
homeMode = "700";
|
|
hashedPasswordFile = config.sops.secrets."root/password".path;
|
|
};
|
|
# microvm = {
|
|
# uid = 999;
|
|
# isSystemUser = true;
|
|
# };
|
|
# work = {
|
|
# uid = 1001;
|
|
# homeMode = "770";
|
|
# home = "/home/work";
|
|
# isNormalUser = true;
|
|
# shell = pkgs.fish;
|
|
# group = "work";
|
|
# extraGroups = [
|
|
# "public"
|
|
# ];
|
|
# linger = true;
|
|
# };
|
|
agent = {
|
|
uid = 1002;
|
|
homeMode = "770";
|
|
home = "/home/agent";
|
|
shell = pkgs.fish;
|
|
isNormalUser = true;
|
|
group = "agent";
|
|
extraGroups = [ "public" ];
|
|
linger = true;
|
|
};
|
|
# sandbox = {
|
|
# uid = 1003;
|
|
# homeMode = "770";
|
|
# home = "/home/sandbox";
|
|
# shell = pkgs.fish;
|
|
# isNormalUser = true;
|
|
# group = "sandbox";
|
|
# extraGroups = [ "public" ];
|
|
# linger = true;
|
|
# };
|
|
user = {
|
|
uid = 1000;
|
|
homeMode = "700";
|
|
home = "/home/user";
|
|
shell = pkgs.fish;
|
|
isNormalUser = true;
|
|
group = "user";
|
|
extraGroups = [
|
|
"libvirt"
|
|
"systemd-journal"
|
|
"kvm"
|
|
"public"
|
|
"agent"
|
|
"sandbox"
|
|
"audio"
|
|
"video"
|
|
"bluetooth"
|
|
# "work"
|
|
];
|
|
hashedPasswordFile = config.sops.secrets."user/password".path;
|
|
linger = true;
|
|
};
|
|
};
|
|
groups = {
|
|
user.gid = 1000;
|
|
agent.gid = 1002;
|
|
public.gid = 777;
|
|
# sandbox.gid = 1003;
|
|
};
|
|
};
|
|
}
|