user specifics

2024-12-29 01:21:06 -06:00 · 2024-12-29 01:21:06 -06:00 · eaa2e08f5d
commit eaa2e08f5d
parent 1b1bd60f4b
28 changed files with 946 additions and 51 deletions
--- a/modules/common/flake.nix
+++ b/modules/common/flake.nix
@ -36,6 +36,11 @@
                # default = "josh";
                description = "The primary user of the system.";
              };
+              primaryAuthorizedKeys = mkOption {
+                type = types.listOf types.str;
+                default = [ ];
+                description = "The primary user's authorized keys.";
+              };
              defaultLocal = mkOption {
                type = types.str;
                default = "en_US.UTF-8";
@ -47,6 +52,12 @@
                description = "Open the ssh port.";
              };
              docker = mkEnableOption (lib.mdDoc "Enable docker");
+              zsh = mkEnableOption (lib.mdDoc "Enable zsh");
+              users = mkOption {
+                type = types.attrsOf types.attrs;
+                default = { };
+                description = "Users to configure. Should match nix options of users.userser.<name>.*";
+              };
            };

            imports = [
@ -58,7 +69,9 @@
              ./shell/common.nix
              ./tty_caps_esc.nix
              ./docker.nix
+              ./zsh.nix
              ./fonts.nix
+              ./users.nix
            ];
            config = {
              _module.args = {
@ -169,7 +182,7 @@
              '';

              # Some basics
-              nixpkgs.config.allowUnfree = settings.allowUnfree;
+              nixpkgs.config.allowUnfree = cfg.allowUnfree;
              nixpkgs.config.allowUnfreePredicate = (pkg: true);
            };
          };
--- a/modules/common/ssh.nix
+++ b/modules/common/ssh.nix
@ -24,5 +24,33 @@ with lib;
        PermitRootLogin = "yes";
      };
    };
+
+    # Ensure SSH key pair generation for non-root users
+    systemd.services = mapAttrs' (name: _: {
+      name = "generate_ssh_key_${name}";
+      value = {
+        description = "Generate SSH key pair for ${name}";
+        wantedBy = [ "multi-user.target" ];
+        serviceConfig = {
+          User = name;
+          Type = "oneshot";
+        };
+        script = ''
+          #!/run/current-system/sw/bin/bash
+          if [ ! -f /home/${name}/.ssh/id_ed25519 ]; then
+            if [ -v DRY_RUN ]; then
+              echo "DRY_RUN is set. Would generate SSH key for ${name}.";
+            else
+              echo "Generating SSH key for ${name}.";
+              mkdir -p /home/${name}/.ssh;
+              chmod 700 /home/${name}/.ssh;
+              /run/current-system/sw/bin/ssh-keygen -t ed25519 -f /home/${name}/.ssh/id_ed25519 -N "";
+            fi
+          else
+            echo "SSH key already exists for ${name}.";
+          fi
+        '';
+      };
+    }) config.mods.common.users;
  };
 }
--- a/modules/common/users.nix
+++ b/modules/common/users.nix
@ -0,0 +1,17 @@
+{
+  lib,
+  config,
+  ...
+}:
+with lib;
+{
+  config = {
+    users.users = mapAttrs (
+      name: config:
+      {
+        inherit name;
+      }
+      // config
+    ) config.mods.common.users;
+  };
+}
--- a/modules/common/zsh.nix
+++ b/modules/common/zsh.nix
@ -0,0 +1,15 @@
+{
+  config,
+  lib,
+  ...
+}:
+with lib;
+let
+  cfg = config.mods.common;
+in
+{
+  config = mkIf cfg.zsh {
+    programs.zsh.enable = true;
+    environment.pathsToLink = [ "/share/zsh" ];
+  };
+}