{ pkgs, username, ... }: let binPath = "/run/current-system/sw/bin/"; in { nix.settings.trusted-users = [ username ]; # Define a user account. Don't forget to set a password with ‘passwd’. users = { users."${username}" = { # the hashed password with salt is generated by run `mkpasswd`. hashedPassword = "$y$j9T$inkrp6FuM46uoPFVrOlbz1$igJed6pECf4AENVaLT4mk.Q4z02MmxjWnGo.OVvCyC."; home = "/home/${username}"; isNormalUser = true; description = username; extraGroups = [ "users" "wheel" "networkmanager" "audio" ]; openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCc62MxAVqX8LDFAiDiXlc8d3JU1S3xYVO8WpfgoVYPyrd2fkK2Dr1tSedJyGWc3ADOxzUbsTic8b1BOdmbx4ZPwI+a3nJrVVkmIRSAs5haEZqG8NXDv1kl4xL+J9tVA2jwScl6MRzqyVMgtIAvnsVW9+DrL2Y2b20NvuWz3XndZ8vEUFZLLCQJQRpGrY2ZnTvNXZo12GrD5daiMii52ZuhfNBx17oFnf70sj+phZbp5m2mKL9jfKaDSG+E7Pa/IbB/iivD/QSm0SueYXbsdtMBhtsxvH/i0pJogUlVpa42CRIDUVoHOvfk0Hk83xyIIl2b78xfGEyCQBBU6sSk726xXpqzfxJJ7FiYqhLMKKDFmD28EOs4BUveyZudWNcP0a1+uBBcrefNAwU6EOSg65BOxxvZFbNG1I7YDTiKvYFy965+WkN5QKbBVSy08ziS1MQt224ZooAdxCKESGRr9IqKvq9ONnb0MtmC4ht/n8U9VaeLVq3XDXZZHEUq0cw748k= alex@gaea" ]; }; }; # DO NOT promote the specified user to input password for `nix-store` and `nix-copy-closure` security.sudo = { # wheelNeedsPassword = false; extraRules = [ { users = [ username ]; commands = [ { command = "${pkgs.systemd}/systemctl"; options = [ "NOPASSWD" ]; } { command = "${binPath}/nix-store"; options = [ "NOPASSWD" ]; } { command = "${binPath}/nixos-rebuild"; options = [ "NOPASSWD" "SETENV" ]; } { command = "${binPath}/reboot"; options = [ "NOPASSWD" ]; } { command = "${binPath}/poweroff"; options = [ "NOPASSWD" ]; } { command = "/run/wrappers/bin/mount"; options = [ "NOPASSWD" ]; } { command = "/run/wrappers/bin/umount"; options = [ "NOPASSWD" ]; } ]; } ]; }; }