init

2025-04-25 23:10:55 +08:00
commit ccf46b865e
114 changed files with 6419 additions and 0 deletions
--- a/modules/nixos/user.nix
+++ b/modules/nixos/user.nix
@@ -0,0 +1,70 @@
+{ pkgs, username, ... }:
+
+let
+  binPath = "/run/current-system/sw/bin/";
+in
+{
+  nix.settings.trusted-users = [ username ];
+
+  # Define a user account. Don't forget to set a password with ‘passwd’.
+  users = {
+    users."${username}" = {
+      # the hashed password with salt is generated by run `mkpasswd`.
+      hashedPassword = "$y$j9T$inkrp6FuM46uoPFVrOlbz1$igJed6pECf4AENVaLT4mk.Q4z02MmxjWnGo.OVvCyC.";
+      home = "/home/${username}";
+      isNormalUser = true;
+      description = username;
+      extraGroups = [
+        "users"
+        "wheel"
+        "networkmanager"
+        "audio"
+      ];
+      openssh.authorizedKeys.keys = [
+        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCc62MxAVqX8LDFAiDiXlc8d3JU1S3xYVO8WpfgoVYPyrd2fkK2Dr1tSedJyGWc3ADOxzUbsTic8b1BOdmbx4ZPwI+a3nJrVVkmIRSAs5haEZqG8NXDv1kl4xL+J9tVA2jwScl6MRzqyVMgtIAvnsVW9+DrL2Y2b20NvuWz3XndZ8vEUFZLLCQJQRpGrY2ZnTvNXZo12GrD5daiMii52ZuhfNBx17oFnf70sj+phZbp5m2mKL9jfKaDSG+E7Pa/IbB/iivD/QSm0SueYXbsdtMBhtsxvH/i0pJogUlVpa42CRIDUVoHOvfk0Hk83xyIIl2b78xfGEyCQBBU6sSk726xXpqzfxJJ7FiYqhLMKKDFmD28EOs4BUveyZudWNcP0a1+uBBcrefNAwU6EOSg65BOxxvZFbNG1I7YDTiKvYFy965+WkN5QKbBVSy08ziS1MQt224ZooAdxCKESGRr9IqKvq9ONnb0MtmC4ht/n8U9VaeLVq3XDXZZHEUq0cw748k= alex@gaea"
+      ];
+    };
+  };
+
+  # DO NOT promote the specified user to input password for `nix-store` and `nix-copy-closure`
+  security.sudo = {
+    # wheelNeedsPassword = false;
+    extraRules = [
+      {
+        users = [ username ];
+        commands =
+          [
+            {
+              command = "${pkgs.systemd}/systemctl";
+              options = [ "NOPASSWD" ];
+            }
+            {
+              command = "${binPath}/nix-store";
+              options = [ "NOPASSWD" ];
+            }
+            {
+              command = "${binPath}/nixos-rebuild";
+              options = [ "NOPASSWD" "SETENV" ];
+            }
+            {
+              command = "${binPath}/reboot";
+              options = [ "NOPASSWD" ];
+            }
+            {
+              command = "${binPath}/poweroff";
+              options = [ "NOPASSWD" ];
+            }
+            {
+              command = "/run/wrappers/bin/mount";
+              options = [ "NOPASSWD" ];
+            }
+            {
+              command = "/run/wrappers/bin/umount";
+              options = [ "NOPASSWD" ];
+            }
+          ];
+      }
+    ];
+  };
+}
+