swarsel/.dotfiles
1
0
Fork 0
mirror of https://github.com/Swarsel/.dotfiles.git synced 2026-04-15 05:39:11 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: add persistent ids to all users/groups

Browse source
This commit is contained in:
Leon Schwarzäugl 2026-01-12 22:15:57 +01:00
parent 37a8e17cc9
commit 7f65f74fef
Signed by: swarsel
GPG key ID: 26A54C31F2A4FD84
62 changed files with 533 additions and 173 deletions
Download patch file Download diff file Expand all files Collapse all files

4
modules/nixos/common/pii.nix
View file

@ -1,5 +1,5 @@
# largely based on https://github.com/oddlama/nix-config/blob/main/modules/secrets.nix
{ config, inputs, lib, nodes, ... }:
{ config, inputs, lib, nodes, globals, ... }:
let
# If the given expression is a bare set, it will be wrapped in a function,
# so that the imported file can always be applied to the inputs, similar to
@ -53,7 +53,7 @@ in
secrets = lib.mkOption {
readOnly = true;
default = lib.mapAttrs (_: x: importEncrypted x { inherit lib nodes inputs; inherit (inputs.topologyPrivate) topologyPrivate; }) config.repo.secretFiles;
default = lib.mapAttrs (_: x: importEncrypted x { inherit lib nodes globals inputs; inherit (inputs.topologyPrivate) topologyPrivate; }) config.repo.secretFiles;
type = lib.types.unspecified;
description = "Exposes the loaded repo secrets. This option is read-only.";
};

2
modules/nixos/common/users.nix
View file

@ -13,6 +13,8 @@
};
"${config.swarselsystems.mainUser}" = {
isNormalUser = true;
uid = 1000;
autoSubUidGidRange = false;
description = "Leon S";
password = lib.mkIf (minimal || config.swarselsystems.isPublic) "setup";
hashedPasswordFile = lib.mkIf (!minimal && !config.swarselsystems.isPublic) config.sops.secrets.main-user-hashed-pw.path;