105 lines
2.6 KiB
Nix
105 lines
2.6 KiB
Nix
# Universe - The big bang to my universe
|
|
#
|
|
# Copyright (c) 2023-2024 Sameer Rahmani <lxsameer@gnu.org>
|
|
#
|
|
# This program is free software; you can redistribute it and/or modify
|
|
# it under the terms of the GNU General Public License as published by
|
|
# the Free Software Foundation, version 2.
|
|
#
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
params:
|
|
rec {
|
|
zshModule = {config, pkgs, ...}: {
|
|
programs.zsh = {
|
|
enable = true;
|
|
autosuggestions.enable = true;
|
|
histSize = 5000;
|
|
syntaxHighlighting.enable = true;
|
|
};
|
|
};
|
|
|
|
user = {config, pkgs, inputs, ...}:
|
|
let
|
|
rager = pkgs.callPackage ../../derivations/rager.nix {
|
|
ageBin = "${pkgs.rage}/bin/rage";
|
|
};
|
|
in {
|
|
imports = [
|
|
zshModule
|
|
inputs.agenix.nixosModules.default
|
|
|
|
];
|
|
|
|
# (r)age by default can't find age-plugin-yubikey during the configuration
|
|
# this is a wrapper to force age-plugin-yubikey into its PATH
|
|
age.ageBin = "${rager}/bin/rager";
|
|
environment.systemPackages = [
|
|
(inputs.agenix.packages.x86_64-linux.default.override { ageBin = "${rager}/bin/rager"; })
|
|
];
|
|
|
|
age.identityPaths = [
|
|
# This is an actual private key, we should avoid
|
|
# including it in the store
|
|
"/home/mary/.ssh/universe"
|
|
|
|
# Since these are stubs, its ok to include them in the store
|
|
./yubikey_1.stub.id
|
|
./yubikey_2.stub.id
|
|
|
|
];
|
|
|
|
age.secrets.user.file = ../../secrets/mary/user.age;
|
|
|
|
users = {
|
|
groups.mary = {
|
|
gid = 1001;
|
|
};
|
|
|
|
users.lxsameer1 = {
|
|
isNormalUser = true;
|
|
shell = pkgs.zsh;
|
|
uid = 9000;
|
|
group = "mary";
|
|
|
|
extraGroups = [
|
|
"wheel"
|
|
"networkmanager"
|
|
];
|
|
password = "123123";
|
|
};
|
|
|
|
users.mary = {
|
|
isNormalUser = true;
|
|
shell = pkgs.zsh;
|
|
uid = 1001;
|
|
group = "mary";
|
|
|
|
extraGroups = [
|
|
"wheel"
|
|
"networkmanager"
|
|
];
|
|
|
|
hashedPasswordFile = config.age.secrets.user.path;
|
|
|
|
openssh.authorizedKeys.keys = [
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG3aV2dwnll3KxFR57Oj6Br51c7gJ/pkRa+IkKM6slve lxsameer@lxsameer.com"
|
|
];
|
|
|
|
};
|
|
};
|
|
|
|
nix.settings = {
|
|
trusted-users = [ "root" "@wheel" "mary" ];
|
|
};
|
|
};
|
|
|
|
desktop = import ./desktop.nix;
|
|
style = import ./style.nix;
|
|
}
|