init

2025-04-20 11:16:39 +08:00
commit 61a1651cf0
90 changed files with 3861 additions and 0 deletions
--- a/modules/nixos/user-group.nix
+++ b/modules/nixos/user-group.nix
@@ -0,0 +1,62 @@
+{ pkgs, username, ... }:
+
+{
+  nix.settings.trusted-users = [ username ];
+
+  # Define a user account. Don't forget to set a password with ‘passwd’.
+  users = {
+    groups = {
+      docker = { };
+    };
+    users."${username}" = {
+      # the hashed password with salt is generated by run `mkpasswd`.
+      hashedPassword = "$y$j9T$inkrp6FuM46uoPFVrOlbz1$igJed6pECf4AENVaLT4mk.Q4z02MmxjWnGo.OVvCyC.";
+      home = "/home/${username}";
+      isNormalUser = true;
+      description = username;
+      extraGroups = [
+        "users"
+        "wheel"
+        "networkmanager"
+        "audio"
+      ];
+      openssh.authorizedKeys.keys = [
+        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDQOn+imHUzz7KvNYE1mBTjwhMZ0HMyVNwkc6p/6Qak0ejzdyx6mNk9AlKOZB1UQvniWBT8z//u/8DqMT9OL8X0VZmQQTTIpSnvuYRxkH6thkoX9c0umo9GrMGWZN3WIsD71dfiJLMagqPxX7HWgkONBFxJHmBUfP4CXLgLdZs7dUMBm5tILx09zWU7Ttv120NuFdPYENAg8hNka3hjBbXbnDQdp2Y8TPY2Dbcg3MnVZ6Q7LMfKUkVYIoDHEiN6ZAJQaYIU+f2PeNxCb5WqRo2AiZwuzJtQO0VARRIf8hAs5wnX3gU68sWBvLr7payeaYsAyD+C7I4EpyNA8TrwKotrmripv+y5hjHiG7fL97vZEzSfIJH2KEAg7ojGDBbcwAcBKGn4PjwaCdUM7MGm6hj7cMHJf/32rXyc4u7LUZxTjXS5/dKWhF+sCycbBASRlSW93jlnxoUY/zPK4IRnzaF0WL7kUxfBglfFf8UMSgAZNncESNr36hsWFKcFqKUto48= alex@zion.xzdcbj.com.cn"
+      ];
+    };
+  };
+
+  # DO NOT promote the specified user to input password for `nix-store` and `nix-copy-closure`
+  security.sudo = {
+    # wheelNeedsPassword = false;
+    extraRules = [
+      {
+        users = [ username ];
+        commands =
+          [
+            {
+              command = "/run/current-system/sw/bin/nix-store";
+              options = [ "NOPASSWD" ];
+            }
+            {
+              command = "/run/current-system/sw/bin/nixos-rebuild";
+              options = [ "NOPASSWD" "SETENV" ];
+            }
+            {
+              command = "${pkgs.systemd}/bin/systemctl suspend";
+              options = [ "NOPASSWD" ];
+            }
+            {
+              command = "${pkgs.systemd}/bin/reboot";
+              options = [ "NOPASSWD" ];
+            }
+            {
+              command = "${pkgs.systemd}/bin/poweroff";
+              options = [ "NOPASSWD" ];
+            }
+          ];
+      }
+    ];
+  };
+}
+