reogranize files more only working on optiplex for now prepare for home manager refactoringHEAD master

author: Tim Keller <tjk@tjkeller.xyz> 2025-08-26 21:36:16 -0500
committer: Tim Keller <tjk@tjkeller.xyz> 2025-08-26 21:36:16 -0500
commit: c3c3d6f1fd19a5da015c9a9d3ae5c54f2d177be0 (patch)
tree: 559a0d9385df907f471b9bdd2bf708ec4650c718 /archetypes/tjkeller/user.nix
parent: 125313aabedb17516d735a718968bfad1289f12b (diff)
download: nixos-c3c3d6f1fd19a5da015c9a9d3ae5c54f2d177be0.tar.xz
nixos-c3c3d6f1fd19a5da015c9a9d3ae5c54f2d177be0.zip
1 files changed, 22 insertions, 0 deletions
diff --git a/archetypes/tjkeller/user.nix b/archetypes/tjkeller/user.nix
new file mode 100644
index 0000000..2695549
--- /dev/null
+++ b/archetypes/tjkeller/user.nix
@@ -0,0 +1,22 @@
+{ lib, config, pkgs, userDetails, ... }: let
+	cfg = config._archetypes.tjkeller.setPasswords;
+	hashedPasswordFile = config.sops.secrets.hashed-root-password.path;
+in {
+	options._archetypes.tjkeller.setPasswords = {
+		enable = lib.mkEnableOption "set users password. requires hashed root password from sops";
+	};
+
+	config = lib.mkIf cfg.enable {
+		# Load hashed root password secret
+		sops.secrets.hashed-root-password = {
+			sopsFile = ./resources/secrets/hashed-root-password.yaml;
+			neededForUsers = true;
+		};
+
+		# Apply password file
+		users.users = {
+			root = { inherit hashedPasswordFile; };
+			${userDetails.username} = lib.mkIf config._archetypes.users.primary.enable { inherit hashedPasswordFile; };
+		};
+	};
+}
author	Tim Keller <tjk@tjkeller.xyz>	2025-08-26 21:36:16 -0500
committer	Tim Keller <tjk@tjkeller.xyz>	2025-08-26 21:36:16 -0500
commit	c3c3d6f1fd19a5da015c9a9d3ae5c54f2d177be0 (patch)
tree	559a0d9385df907f471b9bdd2bf708ec4650c718 /archetypes/tjkeller/user.nix
parent	125313aabedb17516d735a718968bfad1289f12b (diff)
download	nixos-c3c3d6f1fd19a5da015c9a9d3ae5c54f2d177be0.tar.xz nixos-c3c3d6f1fd19a5da015c9a9d3ae5c54f2d177be0.zip