Playing a little bit too much with users

2025-03-25 21:30:52 +01:00 · 2021-12-22 11:54:06 +01:00 · 2021-12-22 11:54:06 +01:00 · c186bc73a8
commit c186bc73a8
parent 516034c19f
5 changed files with 29 additions and 5 deletions
--- a/base.nix
+++ b/base.nix
@ -3,6 +3,7 @@
 {

  imports = [ 
+    ./users/default.nix
    ./users/julien.nix 
  ];
  luj.nix.enable = true;
--- a/machines/macintosh/default.nix
+++ b/machines/macintosh/default.nix
@ -57,9 +57,10 @@
    git
    rxvt_unicode
    xorg.xbacklight
+    neovim
  ];

-  environment.variables.EDITOR = "urxvt";
+  environment.variables.EDITOR = "nvim";

  programs.dconf.enable = true;

--- a/secrets/secrets.yaml
+++ b/secrets/secrets.yaml
@ -1,4 +1,5 @@
 user-julien-password: ENC[AES256_GCM,data:CnAfCPKEG2OUcM8pyICaZ7ZwclTouENCh1pl4LqFads8yOezvOYDwZSWVGM6P6z79kEL6o5Jt4dnHvRdln8gcANElJtqk1C7zfXlp47SegqzKa7QAEMKVURsO0RQj27I7cRbRaAkBWeFCg==,iv:Gv6y9DnKuxVz+QxSIW9IVCv9DdU5cA6+WR/OSA0SNfQ=,tag:ae0jTJFelKlSSGgVkFjHww==,type:str]
+user-root-password: ENC[AES256_GCM,data:zVA4ZUOvEdaNqnx/CyY5a0QPrT/uJGRe+Bm1Frcnwr0zbrQNit04w5kquyPE6crW15bPaV3SnPilNvkIPnxoaycxBVdVBE1Atk666n8NmtnaslvVkDvuT59OMmV80pMRg53zjVLXFuU1bg==,iv:V8ReiBxgx0dy9vNGTR1O+LyGw3r0dYRwlzJgZqlbgG8=,tag:CeIXrOIpBSZV99bYhLhJpw==,type:str]
 sops:
    kms: []
    gcp_kms: []
@ -32,8 +33,8 @@ sops:
            dStVUTRYUnlDTXk5UXN1NDJYN29KeG8KhdZjc591xMCYGAIvhhq5fcT79ozAyo7F
            89Zjm96eVH+r9g5QOc6+A1GWeQrp90l7/m3TNmCRZnAa1TiWe6sYiQ==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2021-12-21T21:53:13Z"
-    mac: ENC[AES256_GCM,data:PYGLtjwSVX+Pi/fRQNcSYWKlXNg/KT1oo4UNd0+ZfsY9BhSSgtQFb9CAgQiQIhq89jNhtYhpI4Yedqw7RbNM0uTErF0fyYEpjvTRRnxumYKLVGNrPMjtWI5jyZROmmvFV67OmCvfEL5JjK87aIG5ygMPYVlJrWQ7ZRSc6LJ9Od4=,iv:q+o9VePVlYxP3bmIWLOK0QyPxDzkTfGeUC3orkUqM+4=,tag:gDnn33NNsz7OujJtK5+mpA==,type:str]
+    lastmodified: "2021-12-22T09:28:23Z"
+    mac: ENC[AES256_GCM,data:J19LHekXxaxd3dn0jaaUCnx+dzcyKS4v5WMMqB4gnTINmlQCErjsGksNApDlSvBVEXRpqrD3LwiPUjHzrWzVAEg3gvHrlIhSUkHPhnbpyJB6GXWGWztoAKhAuxJGl4N3tkc6wtWWHzhntXRlQk17vhNU3sQjMogzK5RwRUiiYBg=,iv:aVo1vKE0xyX8PUXJrvjDNW/FZvqxnGHaieR3boBi6QU=,tag:zIQIUEH+v9WOnY/xgflewQ==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.7.1
--- a/users/default.nix
+++ b/users/default.nix
@ -0,0 +1,20 @@
+{ config, pkgs, lib, ... }: {
+
+
+  users.mutableUsers = false;
+  users.defaultUserShell = pkgs.fish;
+  sops.secrets.user-root-password.neededForUsers = true;
+
+  programs.fish.enable = true;
+
+users.users.root = {
+        uid = config.ids.uids.root;
+        description = "System administrator";
+        home = "/root";
+        shell = lib.mkForce config.users.defaultUserShell;
+        group = "root";
+        passwordFile = config.sops.secrets.user-root-password.path;
+      };
+
+
+}
--- a/users/julien.nix
+++ b/users/julien.nix
@ -1,9 +1,9 @@
 { config, pkgs, lib, ... }: {


-  users.mutableUsers = false;
  sops.secrets.user-julien-password.neededForUsers = true;

+
  users.users.julien = {
    isNormalUser = true;
    home = "/home/julien";
@ -18,5 +18,6 @@
    ];
  };

-  nix.allowedUsers = [ "lol" "julien" ];
+
+  nix.allowedUsers = [ "julien" ];
 }