nixos/modules/malte.nix

105 lines
2.5 KiB
Nix

{
pkgs,
lib,
config,
inputs,
...
}: let
cfg = config.users.custom.malte;
in {
options.users.custom.malte = with lib; {
enable = mkEnableOption "user 'malte' on this machine";
};
config = lib.mkIf cfg.enable {
users.users.malte = {
description = "Malte Tammena";
hashedPassword = "$6$zqEC2iJJ98Ne$lRERO30msyjJm7oJCqRD/xj3NIm4De37gD.VUzfg7aceosE/6S6eNAaruIakgUtSC970MHRPoNlCEy1RoFuyh.";
isNormalUser = true;
extraGroups = [
"wheel"
"networkmanager"
"video"
"render"
"lp"
"kvm"
"libvirtd"
"podman"
"corectrl"
"scanner"
"input"
config.users.groups.adbusers.name
config.users.groups.keys.name
];
# Yes, use the best, please
shell = pkgs.fish;
# Allow my yubikey everywhere
openssh.authorizedKeys.keyFiles = [../users/malte/yubikey.pub];
};
users.groups.adbusers = {};
home-manager.users.malte.imports = [../users/malte/home.nix inputs.nix-colors.homeManagerModule inputs.hyprland.homeManagerModules.default];
programs.fish.enable = true;
services.udev.packages = [
pkgs.android-udev-rules
];
# TODO: Remove after switching occupation
services.clamav.daemon.enable = true;
services.clamav.updater.enable = true;
services.flatpak.enable = true;
programs.hyprland = {
enable = true;
xwayland = {
enable = true;
};
enableNvidiaPatches = config.settings.nvidiaUsed;
};
# TODO: Remove/Move
services.mysql = {
enable = true;
package = pkgs.mariadb;
ensureDatabases = ["notenbuch"];
ensureUsers = [
{
name = "malte";
ensurePermissions = {
"notenbuch.*" = "ALL PRIVILEGES";
"*.*" = "CREATE USER, GRANT OPTION, RELOAD, SELECT, DROP";
};
}
];
};
sops.secrets = let
sopsFile = ../secrets/users/malte/secrets.yaml;
owner = "malte";
mode = "0400";
in {
restic-backup-malte = {
inherit sopsFile owner mode;
key = "restic-backup";
};
radicale-password = {
inherit sopsFile owner mode;
};
pw-mail-pm = {
inherit sopsFile owner mode;
};
pw-mail-uni = {
inherit sopsFile owner mode;
};
pw-mail-gmx = {
inherit sopsFile owner mode;
};
pw-mail-schulverwalter = {
inherit sopsFile owner mode;
};
};
};
}