old
1{
2 myvars,
3 config,
4 ...
5}: {
6 # Don't allow mutation of users outside the config.
7 users.mutableUsers = false;
8
9 users.groups = {
10 "${myvars.username}" = {};
11 ssh-secrets-users = {};
12 };
13
14 users.users."${myvars.username}" = {
15 # generated by `mkpasswd -m scrypt`
16 # we have to use initialHashedPassword here when using tmpfs for /
17 inherit (myvars) initialHashedPassword;
18 home = "/home/${myvars.username}";
19 isNormalUser = true;
20 extraGroups = [
21 myvars.username
22 "users"
23 "networkmanager"
24 "wheel"
25 "aria2"
26 "ssh-secrets-users"
27 ];
28 };
29
30 # root's ssh key are mainly used for remote deployment
31 users.users.root = {
32 inherit (myvars) initialHashedPassword;
33 openssh.authorizedKeys.keys = myvars.sshAuthorizedKeys;
34 };
35}