{ config, lib, ... }: let keys = import ../../../variables/keys.nix; inherit (import ../../lib/default.nix { inherit lib config; }) mkUser ; inherit (lib) types; cfg = config.users.commonUsers; in { options.users.commonUsers = { enable = lib.mkOption { default = true; type = types.bool; }; enableNonRoot = lib.mkOption { default = true; type = types.bool; }; rootPasswordFile = lib.mkOption { default = config.sops.secrets.sharedUsers-root.path; type = types.path; }; # TODO: test if this works installPassword = lib.mkOption { default = null; type = types.nullOr types.str; }; }; config = lib.mkIf cfg.enable ( lib.mkMerge [ (lib.mkIf (cfg.installPassword == null) { sops.secrets.sharedUsers-root = { sopsFile = ../../../../secrets/shared-users.yaml; neededForUsers = true; format = "yaml"; }; sops.secrets.sharedUsers-steveej = lib.mkIf cfg.enableNonRoot { sopsFile = ../../../../secrets/shared-users.yaml; neededForUsers = true; format = "yaml"; }; sops.secrets.sharedSshKeys-steveej = lib.mkIf cfg.enableNonRoot { sopsFile = ../../../../secrets/shared-users.yaml; # neededForUsers = true; format = "yaml"; }; }) { users.mutableUsers = cfg.installPassword != null; users.users.root = lib.mkMerge [ { openssh.authorizedKeys.keys = keys.users.steveej.openssh; } (lib.mkIf (cfg.installPassword != "") { password = cfg.installPassword; }) (lib.mkIf (cfg.installPassword == "") { hashedPasswordFile = cfg.rootPasswordFile; }) ]; } (lib.mkIf cfg.enableNonRoot (mkUser { username = "steveej"; uid = 1000; password = cfg.installPassword; hashedPasswordFile = lib.mkIf ( cfg.installPassword == null ) config.sops.secrets.sharedUsers-steveej.path; })) ] ); }