profiles/user.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76

{
  pkgs,
  lib,
  config,
  inputs,
  ...
}: {
  config = {
    age.secrets.id_ed25519 = {
      file = ../secrets/id_ed25519.age;
      mode = "600";
      owner = "tzlil";
      group = "users";
    };

    programs.fish.enable = true; # needed now
    users.users.tzlil = {
      isNormalUser = true;
      description = "Me";
      extraGroups = ["wheel"];
      packages = [pkgs.git];
      shell = pkgs.fish;
      hashedPassword = "$6$FAQYKz3OCtRNOP7h$XsApvP.r./Jv5MRI1idDI9BMnA26xxEvXFlE61Zls.QA3EK2x76XsetdpxSlgViylnRwRuq5XQMc3GeAJ7tum1";
      # passwordFile = config.age.secrets.password.path;
      openssh.authorizedKeys.keys = [
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMDyzrs9sbstv3KFK5FV8qYlSknnEy8Cn+qch4dJLmHA"
      ];
    };

    nix.settings.allowed-users = ["root" "tzlil"];
    nix.settings.trusted-users = ["root" "tzlil"];

    home-manager = {
      useGlobalPkgs = true;
      useUserPackages = true;
      backupFileExtension = "backup";
    };

    home-manager.users.tzlil = {pkgs, ...} @ hm: {
      home = {
        stateVersion = "22.05";
        username = "tzlil";
        homeDirectory = "/home/tzlil";
        sessionVariables.SSH_AUTH_SOCK = "/run/user/1000/ssh-agent";
      };
      programs.ssh = {
        enable = true;
        userKnownHostsFile = builtins.toFile "known_hosts" "
          pc ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINu5lRKb1Ao4uj1tAV10QHKIvXfC8ncQ65b+oJtxrd1e
          vm ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHS6LK6rCmJCR/rKVJYVmJTL8fAdyJSLlgC3mesd6QVS
          vps ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMdOuj27GB703ZRKRqhytlaLJsKucaRa//yswxijAZT7
        ";
        matchBlocks."*".identityFile = config.age.secrets."id_ed25519".path;
      };
      systemd.user.services.ssh-agent = let
        agentTimeout = "1h";
      in {
        Unit = {
          Description = "SSH Agent";
          WantedBy = ["default.target"];
        };
        Service = {
          ExecStartPre = "${pkgs.coreutils}/bin/rm -f %t/ssh-agent";
          ExecStart =
            "${pkgs.openssh}/bin/ssh-agent "
            + "-t ${agentTimeout} "
            + "-a %t/ssh-agent";
          StandardOutput = "null";
          Type = "forking";
          Restart = "on-failure";
          SuccessExitStatus = "0 2";
        };
      };
    };
  };
}