From c186bc73a8a0aed346bdb2416bf6f7b63e4aca31 Mon Sep 17 00:00:00 2001 From: Julien Malka Date: Wed, 22 Dec 2021 11:54:06 +0100 Subject: [PATCH] Playing a little bit too much with users --- base.nix | 1 + machines/macintosh/default.nix | 3 ++- secrets/secrets.yaml | 5 +++-- users/default.nix | 20 ++++++++++++++++++++ users/julien.nix | 5 +++-- 5 files changed, 29 insertions(+), 5 deletions(-) create mode 100644 users/default.nix diff --git a/base.nix b/base.nix index a290ce6..0a51251 100644 --- a/base.nix +++ b/base.nix @@ -3,6 +3,7 @@ { imports = [ + ./users/default.nix ./users/julien.nix ]; luj.nix.enable = true; diff --git a/machines/macintosh/default.nix b/machines/macintosh/default.nix index bcde40f..74f5722 100644 --- a/machines/macintosh/default.nix +++ b/machines/macintosh/default.nix @@ -57,9 +57,10 @@ git rxvt_unicode xorg.xbacklight + neovim ]; - environment.variables.EDITOR = "urxvt"; + environment.variables.EDITOR = "nvim"; programs.dconf.enable = true; diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml index 5db3fbc..656a52a 100644 --- a/secrets/secrets.yaml +++ b/secrets/secrets.yaml @@ -1,4 +1,5 @@ user-julien-password: ENC[AES256_GCM,data:CnAfCPKEG2OUcM8pyICaZ7ZwclTouENCh1pl4LqFads8yOezvOYDwZSWVGM6P6z79kEL6o5Jt4dnHvRdln8gcANElJtqk1C7zfXlp47SegqzKa7QAEMKVURsO0RQj27I7cRbRaAkBWeFCg==,iv:Gv6y9DnKuxVz+QxSIW9IVCv9DdU5cA6+WR/OSA0SNfQ=,tag:ae0jTJFelKlSSGgVkFjHww==,type:str] +user-root-password: ENC[AES256_GCM,data:zVA4ZUOvEdaNqnx/CyY5a0QPrT/uJGRe+Bm1Frcnwr0zbrQNit04w5kquyPE6crW15bPaV3SnPilNvkIPnxoaycxBVdVBE1Atk666n8NmtnaslvVkDvuT59OMmV80pMRg53zjVLXFuU1bg==,iv:V8ReiBxgx0dy9vNGTR1O+LyGw3r0dYRwlzJgZqlbgG8=,tag:CeIXrOIpBSZV99bYhLhJpw==,type:str] sops: kms: [] gcp_kms: [] @@ -32,8 +33,8 @@ sops: dStVUTRYUnlDTXk5UXN1NDJYN29KeG8KhdZjc591xMCYGAIvhhq5fcT79ozAyo7F 89Zjm96eVH+r9g5QOc6+A1GWeQrp90l7/m3TNmCRZnAa1TiWe6sYiQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2021-12-21T21:53:13Z" - mac: ENC[AES256_GCM,data:PYGLtjwSVX+Pi/fRQNcSYWKlXNg/KT1oo4UNd0+ZfsY9BhSSgtQFb9CAgQiQIhq89jNhtYhpI4Yedqw7RbNM0uTErF0fyYEpjvTRRnxumYKLVGNrPMjtWI5jyZROmmvFV67OmCvfEL5JjK87aIG5ygMPYVlJrWQ7ZRSc6LJ9Od4=,iv:q+o9VePVlYxP3bmIWLOK0QyPxDzkTfGeUC3orkUqM+4=,tag:gDnn33NNsz7OujJtK5+mpA==,type:str] + lastmodified: "2021-12-22T09:28:23Z" + mac: ENC[AES256_GCM,data:J19LHekXxaxd3dn0jaaUCnx+dzcyKS4v5WMMqB4gnTINmlQCErjsGksNApDlSvBVEXRpqrD3LwiPUjHzrWzVAEg3gvHrlIhSUkHPhnbpyJB6GXWGWztoAKhAuxJGl4N3tkc6wtWWHzhntXRlQk17vhNU3sQjMogzK5RwRUiiYBg=,iv:aVo1vKE0xyX8PUXJrvjDNW/FZvqxnGHaieR3boBi6QU=,tag:zIQIUEH+v9WOnY/xgflewQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.7.1 diff --git a/users/default.nix b/users/default.nix new file mode 100644 index 0000000..8a97653 --- /dev/null +++ b/users/default.nix @@ -0,0 +1,20 @@ +{ config, pkgs, lib, ... }: { + + + users.mutableUsers = false; + users.defaultUserShell = pkgs.fish; + sops.secrets.user-root-password.neededForUsers = true; + + programs.fish.enable = true; + +users.users.root = { + uid = config.ids.uids.root; + description = "System administrator"; + home = "/root"; + shell = lib.mkForce config.users.defaultUserShell; + group = "root"; + passwordFile = config.sops.secrets.user-root-password.path; + }; + + +} diff --git a/users/julien.nix b/users/julien.nix index 35021a0..677e140 100644 --- a/users/julien.nix +++ b/users/julien.nix @@ -1,9 +1,9 @@ { config, pkgs, lib, ... }: { - users.mutableUsers = false; sops.secrets.user-julien-password.neededForUsers = true; + users.users.julien = { isNormalUser = true; home = "/home/julien"; @@ -18,5 +18,6 @@ ]; }; - nix.allowedUsers = [ "lol" "julien" ]; + + nix.allowedUsers = [ "julien" ]; }