forked from Bos55/nix-config
Tibo De Peuter
1c437333f3
Migrated authorized SSH keys and personal metadata (emails, tokens) to sops-nix to prevent infrastructure fingerprinting. Introduced centralized secrets module with placeholder fallbacks.
41 lines
982 B
Nix
41 lines
982 B
Nix
{ config, lib, pkgs, ... }:
|
|
|
|
let
|
|
cfg = config.homelab.users.admin;
|
|
in {
|
|
options.homelab.users.admin = {
|
|
enable = lib.mkEnableOption "user System Administrator";
|
|
authorizedKeys = lib.mkOption {
|
|
type = lib.types.listOf lib.types.str;
|
|
default = [
|
|
# HomeLab > NixOS > admin > ssh
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGWIOOEqTy8cWKpENVbzD4p7bsQgQb/Dgpzk8i0dZ00T"
|
|
];
|
|
};
|
|
};
|
|
|
|
config = lib.mkIf cfg.enable {
|
|
nix.settings.trusted-users = [
|
|
config.users.users.gh0st.name
|
|
];
|
|
|
|
users.users.gh0st = {
|
|
description = "System Administrator";
|
|
isNormalUser = true;
|
|
extraGroups = [
|
|
config.users.groups.wheel.name # Enable 'sudo' for the user.
|
|
];
|
|
initialPassword = "ChangeMe";
|
|
openssh.authorizedKeys.keyFiles = [
|
|
config.sops.secrets.user_keys_admin.path
|
|
];
|
|
packages = with pkgs; [
|
|
curl
|
|
git
|
|
tmux
|
|
vim
|
|
wget
|
|
];
|
|
};
|
|
};
|
|
}
|