nixos-config/modules/users.nix

109 lines
2.4 KiB
Nix
Raw Normal View History

2020-02-17 17:00:59 +04:00
{ config, pkgs, lib, ... }: {
security.apparmor.enable = true;
programs.firejail.enable = true;
users.mutableUsers = false;
users.users.balsoft = {
isNormalUser = true;
extraGroups = [
"sudo"
"wheel"
"networkmanager"
"disk"
"dbus"
"audio"
"docker"
"sound"
"pulse"
"adbusers"
"input"
"libvirtd"
"vboxusers"
"wireshark"
2020-12-24 16:19:24 +04:00
"lp"
"scanner"
2020-02-17 17:00:59 +04:00
];
description = "Александр Бантьев";
uid = 1000;
password = "";
};
systemd.services."user@" = { serviceConfig = { Restart = "always"; }; };
2020-03-01 21:49:41 +04:00
home-manager.users.balsoft.home.activation.yubi = {
data = ''
mkdir -p .config/Yubico
[ -f /home/balsoft/.config/Yubico/u2f_keys ] || (pamu2fcfg > /home/balsoft/.config/Yubico/u2f_keys)
'';
2020-03-01 21:49:41 +04:00
after = [ "linkGeneration" ];
before = [ ];
};
2020-02-17 17:00:59 +04:00
services.udev.extraRules = ''
ACTION=="remove", ATTRS{idVendor}=="1050", RUN+="${pkgs.systemd}/bin/loginctl lock-sessions"
2020-03-02 00:56:51 +04:00
'';
2021-01-13 15:24:22 +04:00
services.getty.autologinUser = "balsoft";
2020-03-02 14:08:05 +04:00
environment.loginShellInit = ''
[[ "$(tty)" == /dev/tty? ]] && sudo /run/current-system/sw/bin/lock this
[[ "$(tty)" == /dev/tty1 ]] && sway
'';
security.pam.u2f = {
2020-03-01 23:02:26 +04:00
control = "sufficient";
cue = true;
enable = true;
};
2020-03-01 22:10:51 +04:00
environment.systemPackages = [
2020-03-02 14:02:04 +04:00
(pkgs.writeShellScriptBin "lock" ''
set -euo pipefail
2020-03-02 14:02:04 +04:00
if [[ "$1" == this ]]
then args="-s"
else args="-san"
fi
${lib.optionalString (config.deviceSpecific.isLaptop) ''USER=balsoft ${pkgs.vlock}/bin/vlock "$args"''}
2020-03-02 14:02:04 +04:00
'')
];
security.pam.services = builtins.listToAttrs (builtins.map (name: {
inherit name;
value = { unixAuth = false; };
}) [
"chpasswd"
"chsh"
"groupadd"
"groupdel"
"groupmems"
"groupmod"
"i3lock"
"i3lock-color"
"login"
"passwd"
"polkit-1"
"runuser"
"runuser-l"
"su"
"sudo"
"swaylock"
"systemd-user"
"useradd"
"userdel"
"usermod"
"vlock"
"xlock"
"xscreensaver"
]);
2020-03-01 22:10:51 +04:00
2020-02-17 17:00:59 +04:00
security.sudo = {
enable = true;
extraConfig = ''
balsoft ALL = (root) NOPASSWD: /run/current-system/sw/bin/lock
2020-03-02 14:02:04 +04:00
balsoft ALL = (root) NOPASSWD: /run/current-system/sw/bin/lock this
2020-02-17 17:00:59 +04:00
balsoft ALL = (root) NOPASSWD: ${pkgs.light}/bin/light -A 5
balsoft ALL = (root) NOPASSWD: ${pkgs.light}/bin/light -U 5
'';
};
home-manager.useUserPackages = true;
}