blake/nix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

restructure user

Browse Source
This commit is contained in:
blake
2025-10-14 00:20:29 -05:00
parent 782ebcf4e3
commit 182cab6bf3
5 changed files with 34 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
hosts/snowbelle/configuration.nix
View File

@@ -8,7 +8,7 @@ in
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
../../users
../../users/blake
../../modules/system
../../modules/homelab
../../modules/homelab/minecraft_recpro
@@ -54,12 +54,6 @@ in
minecraft_recpro.enable = true;
};
# configure users & groups
users = {
blake.enable = true; # main user, home manager
defaultUserShell = pkgs.zsh; # the goat
};
# boot (systemd is going on me)
boot.loader.systemd-boot.enable = true; # systemd your pretty cool ya know
boot.loader.efi.canTouchEfiVariables = true;

2
modules/system/sops/default.nix
View File

@@ -19,7 +19,7 @@ in
age.keyFile = "/etc/sops/keys.txt";
secrets = {
"blake_passwd" = lib.mkIf config.users.blake.enable {
"blake_passwd" = {
owner = "root";
group = "root";
neededForUsers = true;

27
users/blake/default.nix
View File

@@ -6,19 +6,22 @@
...
}: {
# create blake user
users.users = {
blake = {
isNormalUser = true;
extraGroups = ["wheel" "networkmanager" "docker" "media" "podman" "minecraft"]; # Enable sudo for the user.
uid = 1000;
shell = pkgs.zsh;
group = "blake";
hashedPasswordFile = config.sops.secrets."blake_passwd".path;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBK0AGJfZGyqW8/krvQV+PL7axcDW/EnKyHy9M8wryQx klefki"
"ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBPdC9cCX8awvA19Ri65fvbYjZYe8X1Ef+nOZAIv92AS6u4SkJYqOvPYfqRHXORNDpbzjTV6nackyCKvV5EO4niv4MFIgdkEQwuVHcYX32/dOsWdDoeXBT/l2sFFM7JESwQ== blake@zygarde"
];
users = {
users = {
blake = {
isNormalUser = true;
extraGroups = ["wheel" "networkmanager" "docker" "media" "podman" "minecraft"]; # Enable sudo for the user.
uid = 1000;
shell = pkgs.zsh;
group = "blake";
hashedPasswordFile = config.sops.secrets."blake_passwd".path;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBK0AGJfZGyqW8/krvQV+PL7axcDW/EnKyHy9M8wryQx klefki"
"ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBPdC9cCX8awvA19Ri65fvbYjZYe8X1Ef+nOZAIv92AS6u4SkJYqOvPYfqRHXORNDpbzjTV6nackyCKvV5EO4niv4MFIgdkEQwuVHcYX32/dOsWdDoeXBT/l2sFFM7JESwQ== blake@zygarde"
];
};
};
groups.blake = { gid = 1000; };
};
# define home-manager user

34
users/blake/home.nix
View File

@@ -64,22 +64,22 @@
};
};
# import sshkeys from keyring
#home.file.".ssh/id_snowbelle".source = config.lib.file.mkOutOfStoreSymlink /home/blake/.nix/.keyring/ssh/id_snowbelle;
#home.file.".ssh/id_snowbelle.pub".source = config.lib.file.mkOutOfStoreSymlink /home/blake/.nix/.keyring/ssh/id_snowbelle.pub;
home.file.".ssh/id_snowbelle".source = config.lib.file.mkOutOfStoreSymlink /home/blake/.nix/.keyring/ssh/id_snowbelle;
home.file.".ssh/id_snowbelle.pub".source = config.lib.file.mkOutOfStoreSymlink /home/blake/.nix/.keyring/ssh/id_snowbelle.pub;
# manage secrets with sops
sops.secrets = {
"id_snowbelle" = {
owner = "blake";
group = "blake";
mode = "0600";
path = "/home/blake/.ssh/id_snowbelle";
};
"id_snowbelle.pub" = {
owner = "blake";
group = "blake";
mode = "644";
path = "/home/blake/.ssh/id_snowbelle.pub";
};
};
# # manage secrets with sops
# sops.secrets = {
# "id_snowbelle" = {
# owner = "blake";
# group = "blake";
# mode = "0600";
# path = "/home/blake/.ssh/id_snowbelle";
# };
# "id_snowbelle.pub" = {
# owner = "blake";
# group = "blake";
# mode = "644";
# path = "/home/blake/.ssh/id_snowbelle.pub";
# };
# };
}

1
users/default.nix
View File

@@ -5,6 +5,5 @@
./blake
];
users.blake.enable = lib.mkDefault true;
}