diff options
Diffstat (limited to 'modules/nixos')
| -rw-r--r-- | modules/nixos/defaults/users.nix | 1 | ||||
| -rw-r--r-- | modules/nixos/profiles/server.nix | 18 | ||||
| -rw-r--r-- | modules/nixos/users/default.nix | 7 | ||||
| -rw-r--r-- | modules/nixos/users/system.nix | 17 |
4 files changed, 32 insertions, 11 deletions
diff --git a/modules/nixos/defaults/users.nix b/modules/nixos/defaults/users.nix index 0cec52a..4746d65 100644 --- a/modules/nixos/defaults/users.nix +++ b/modules/nixos/defaults/users.nix @@ -4,6 +4,7 @@ pkgs, ... }: + { users = { defaultUserShell = pkgs.bash; diff --git a/modules/nixos/profiles/server.nix b/modules/nixos/profiles/server.nix index d54285d..8934863 100644 --- a/modules/nixos/profiles/server.nix +++ b/modules/nixos/profiles/server.nix @@ -18,10 +18,6 @@ in { options.profiles.server = { enable = lib.mkEnableOption "the Server profile"; - - hostUser = lib.mkEnableOption "a default interactive user" // { - default = true; - }; }; config = lib.mkIf cfg.enable ( @@ -36,6 +32,10 @@ in boot.tmp.cleanOnBoot = lib.mkDefault true; + borealis.users = { + system.enable = true; + }; + # We don't need it here documentation.enable = false; @@ -65,17 +65,15 @@ in secrets.enable = true; }; + # I use exclusively Tailscale auth on some machines + users.allowNoPasswordLogin = true; + zramSwap.enable = true; } - (lib.mkIf cfg.hostUser { + (lib.mkIf config.borealis.users.system.enable { # Hardening access to `nix` as no other users *should* ever really touch it nix.settings.allowed-users = [ config.networking.hostName ]; - - users.users.${config.networking.hostName} = { - isNormalUser = true; - extraGroups = [ "wheel" ]; - }; }) ] ); diff --git a/modules/nixos/users/default.nix b/modules/nixos/users/default.nix index df767b4..fa6ee8c 100644 --- a/modules/nixos/users/default.nix +++ b/modules/nixos/users/default.nix @@ -1 +1,6 @@ -{ imports = [ ./seth.nix ]; } +{ + imports = [ + ./seth.nix + ./system.nix + ]; +} diff --git a/modules/nixos/users/system.nix b/modules/nixos/users/system.nix new file mode 100644 index 0000000..15c58cc --- /dev/null +++ b/modules/nixos/users/system.nix @@ -0,0 +1,17 @@ +{ config, lib, ... }: + +let + cfg = config.borealis.users.system; +in + +{ + options.borealis.users.system = { + enable = lib.mkEnableOption "an untrusted system user"; + }; + + config = lib.mkIf cfg.enable { + users.users.${config.networking.hostName} = { + isNormalUser = true; + }; + }; +} |