31 lines
1.1 KiB
Nix
31 lines
1.1 KiB
Nix
{ pkgs, ... }: {
|
|
users = {
|
|
# Don't allow imperative modifications to users (incompatible with impermanence)
|
|
mutableUsers = false;
|
|
|
|
users = {
|
|
root = {
|
|
# TODO: The passwordfile is manually generated during the initial setup
|
|
# to avoid (hashed) secrets in the public git repo. It should replaced
|
|
# with a proper secret management scheme, such as agenix.
|
|
hashedPasswordFile = "/nix/persist/passwordfile";
|
|
};
|
|
caspervk = {
|
|
isNormalUser = true;
|
|
description = "Casper V. Kristensen";
|
|
# TODO: The hashedPasswordFile is manually generated during the initial
|
|
# setup to avoid (hashed) secrets in the public git repo. It should
|
|
# replaced with a proper secret management scheme, such as agenix.
|
|
hashedPasswordFile = "/nix/persist/passwordfile";
|
|
extraGroups = [
|
|
"wheel" # allows sudo
|
|
"video" # allows controlling brightness
|
|
# todo: systemd-journal, audio, input, power, nix ?
|
|
];
|
|
uid = 1000;
|
|
packages = with pkgs; [ ];
|
|
};
|
|
};
|
|
};
|
|
}
|