105 lines
2.4 KiB
Nix
105 lines
2.4 KiB
Nix
{
|
|
pkgs,
|
|
lib,
|
|
config,
|
|
inputs,
|
|
...
|
|
}: let
|
|
cfg = config.users.custom.malte;
|
|
in {
|
|
options.users.custom.malte = with lib; {
|
|
enable = mkEnableOption "user 'malte' on this machine";
|
|
};
|
|
|
|
config = lib.mkIf cfg.enable {
|
|
users.users.malte = {
|
|
description = "Malte Tammena";
|
|
hashedPassword = "$6$zqEC2iJJ98Ne$lRERO30msyjJm7oJCqRD/xj3NIm4De37gD.VUzfg7aceosE/6S6eNAaruIakgUtSC970MHRPoNlCEy1RoFuyh.";
|
|
isNormalUser = true;
|
|
extraGroups = [
|
|
"wheel"
|
|
"networkmanager"
|
|
"video"
|
|
"render"
|
|
"lp"
|
|
"kvm"
|
|
"libvirtd"
|
|
"podman"
|
|
"corectrl"
|
|
"scanner"
|
|
"input"
|
|
config.users.groups.adbusers.name
|
|
config.users.groups.keys.name
|
|
];
|
|
# Yes, use the best, please
|
|
shell = pkgs.fish;
|
|
# Allow my yubikey everywhere
|
|
openssh.authorizedKeys.keyFiles = [../secrets/pub/yubikey.pub];
|
|
};
|
|
users.groups.adbusers = {};
|
|
|
|
home-manager.users.malte.imports = [../users/malte/default.nix inputs.nix-colors.homeManagerModule inputs.hyprland.homeManagerModules.default];
|
|
programs.fish.enable = true;
|
|
|
|
services.udev.packages = [
|
|
pkgs.android-udev-rules
|
|
];
|
|
|
|
networking.networkmanager.plugins = [
|
|
pkgs.networkmanager-openconnect
|
|
];
|
|
|
|
# TODO: Remove after switching occupation
|
|
services.clamav.daemon.enable = true;
|
|
services.clamav.updater.enable = true;
|
|
|
|
services.flatpak.enable = true;
|
|
|
|
# TODO: Remove/Move
|
|
services.mysql = {
|
|
enable = true;
|
|
package = pkgs.mariadb;
|
|
ensureDatabases = ["notenbuch" "gnomen"];
|
|
ensureUsers = [
|
|
{
|
|
name = "malte";
|
|
ensurePermissions = {
|
|
"*.*" = "ALL PRIVILEGES";
|
|
};
|
|
}
|
|
];
|
|
};
|
|
|
|
hardware.keyboard.qmk.enable = true;
|
|
|
|
sops.secrets = let
|
|
sopsFile = ../secrets/users/malte/secrets.yaml;
|
|
owner = "malte";
|
|
mode = "0400";
|
|
in {
|
|
restic-backup-malte = {
|
|
inherit sopsFile owner mode;
|
|
key = "restic-backup";
|
|
};
|
|
openai-heygpt-api-key = {
|
|
inherit sopsFile owner mode;
|
|
};
|
|
nix-conf-secrets = {
|
|
inherit sopsFile owner mode;
|
|
};
|
|
pw-mail-pm = {
|
|
inherit sopsFile owner mode;
|
|
};
|
|
pw-mail-uni = {
|
|
inherit sopsFile owner mode;
|
|
};
|
|
pw-mail-gmx = {
|
|
inherit sopsFile owner mode;
|
|
};
|
|
pw-mail-schulverwalter = {
|
|
inherit sopsFile owner mode;
|
|
};
|
|
};
|
|
};
|
|
}
|