diff --git a/nix/modules/users.nix b/nix/modules/users.nix index 527e479..6dd5d4e 100644 --- a/nix/modules/users.nix +++ b/nix/modules/users.nix @@ -1,35 +1,37 @@ { config, lib, ... }: let cfg = config.flake; - inherit (config.flake.lib) forAllUsers' flattenAttrs; - inherit (lib.attrsets) filterAttrs; - owner = flattenAttrs (filterAttrs (_: v: (v.primary or false)) cfg.manifest.users); + inherit (cfg.lib) forAllUsers'; + inherit (lib.lists) optional; in { flake.modules.nixos.default = { pkgs, config, ... }: { #TODO: move sudo/security options elsewhere - security.sudo.wheelNeedsPassword = false; - nix.settings.trusted-users = [ "@wheel" ]; + # security.sudo.wheelNeedsPassword = false; + # nix.settings.trusted-users = [ "@wheel" ]; #TODO: move to shell config - programs.${owner.shell}.enable = true; + # programs.${owner.shell}.enable = true; #TODO: move ssh key settings elsewhere + # users.users.root.openssh.authorizedKeys.keys = [ owner.pubkey ]; users = { mutableUsers = false; groups.users.gid = 100; - users.root.openssh.authorizedKeys.keys = [ owner.pubkey ]; - users.${owner.username} = { - isNormalUser = true; - # hashedPasswordFile - extraGroups = [ "wheel" ]; - shell = pkgs.${owner.shell}; - openssh.authorizedKeys.keys = [ owner.pubkey ]; - }; + users = forAllUsers' ( + _: value: { + isNormalUser = true; + extraGroups = optional (value.primary or false) "wheel"; + # FIXME: remove when we make the shell module + ignoreShellProgramCheck = true; + shell = pkgs.${value.shell}; + openssh.authorizedKeys.keys = [ value.pubkey ]; + } + ); }; + home-manager.users = forAllUsers' ( name: _: { - #TODO: move into nixos/darwin config - should not apply to homeConfigurations home.username = name; home.homeDirectory = config.users.users.${name}.home; }