so many sops

2025-03-17 21:34:52 -05:00
parent 7741fc575f
commit 32eadb044d
53 changed files with 801 additions and 591 deletions
--- a/hosts/nas/users.nix
+++ b/hosts/nas/users.nix
@@ -0,0 +1,93 @@
+{ pkgs, config, ... }:
+let
+  user = "admin";
+  passwordFile = config.sops.secrets."jallen-nas/admin_password".path;
+  authorizedKeyFiles = [
+    config.sops.secrets."ssh-keys-public/desktop-nixos".path 
+    config.sops.secrets."ssh-keys-public/desktop-nixos-root".path 
+    config.sops.secrets."ssh-keys-public/desktop-windows".path
+    config.sops.secrets."ssh-keys-public/macbook-macos".path
+  ];
+in
+{
+
+  # Define a user account. Don't forget to set a password with ‘passwd’.
+  users = {
+    # See https://search.nixos.org/options?channel=unstable&show=users.mutableUsers&from=0&size=50&sort=relevance&type=packages&query=users.users
+    mutableUsers = false;
+    groups.jallen-nas.gid = 1000; # create nas group cause truenas perms
+
+    # Admin account
+    users."${user}" = {
+      isNormalUser = true;
+      linger = true;
+      extraGroups = [
+        "wheel"
+        "networkmanager"
+        "docker"
+        "podman"
+        "libvirtd"
+        "nix-apps"
+        "jallen-nas"
+        "media"
+        "nscd"
+        "grafana"
+        "traefik"
+        "avahi"
+        "62900"
+        "1001"
+      ];
+      hashedPasswordFile = passwordFile;
+      shell = pkgs.zsh;
+      openssh.authorizedKeys.keyFiles = authorizedKeyFiles;
+      packages = with pkgs; [
+        cachix
+        fastfetch
+        git
+        parted
+        aspell
+        aspellDicts.en
+        aspellDicts.en-computers
+        aspellDicts.en-science
+        aha
+        papirus-icon-theme
+        firefox
+        swtpm
+        tigervnc
+      ];
+    };
+
+    # Nix app account
+    users.nix-apps = {
+      isSystemUser = true;
+      uid = 911;
+      group = "jallen-nas";
+      extraGroups = [
+        "jallen-nas"
+        "docker"
+        "podman"
+      ];
+      hashedPasswordFile = passwordFile;
+    };
+
+    groups.nut.name = "nut";
+    users.upsuser = {
+      group = "nut";
+      isNormalUser = false;
+      isSystemUser = true;
+      createHome = true;
+      home = "/var/lib/nut";
+      homeMode = "750";
+      hashedPasswordFile = passwordFile;
+    };
+
+    users.nextcloud = {
+      isNormalUser = true;
+      extraGroups = [
+        "jallen-nas"
+        "nix-apps"
+      ];
+      hashedPasswordFile = passwordFile;
+    };
+  };
+}