{ config, pkgs, lib, ... }: let keys = import ../../../variables/keys.nix; inherit (import ../../lib/default.nix { inherit (pkgs) lib; inherit config; }) mkUser ; inherit (lib) types; cfg = config.users.commonUsers; in { options.users.commonUsers = { enable = lib.mkOption { default = true; type = types.bool; }; enableNonRoot = lib.mkOption { default = true; type = types.bool; }; rootPasswordFile = lib.mkOption { default = config.sops.secrets.sharedUsers-root.path; type = types.path; }; # TODO: test if this works installPassword = lib.mkOption { default = ""; type = types.str; }; }; config = lib.mkIf cfg.enable ( lib.mkMerge [ (lib.mkIf (cfg.installPassword == "") { sops.secrets.sharedUsers-root = { sopsFile = ../../../../secrets/shared-users.yaml; neededForUsers = true; format = "yaml"; }; sops.secrets.sharedUsers-steveej = lib.mkIf cfg.enableNonRoot { sopsFile = ../../../../secrets/shared-users.yaml; neededForUsers = true; format = "yaml"; }; sops.secrets.sharedSshKeys-steveej = lib.mkIf cfg.enableNonRoot { sopsFile = ../../../../secrets/shared-users.yaml; # neededForUsers = true; format = "yaml"; }; }) { users.mutableUsers = cfg.installPassword != ""; users.users.root = lib.mkMerge [ { openssh.authorizedKeys.keys = keys.users.steveej.openssh; } (lib.mkIf (cfg.installPassword != "") { password = cfg.installPassword; }) (lib.mkIf (cfg.installPassword == "") { hashedPasswordFile = cfg.rootPasswordFile; }) ]; users.users.steveej = lib.mkIf cfg.enableNonRoot ( mkUser ( lib.mkMerge [ { uid = 1000; } (lib.mkIf (cfg.installPassword != "") { password = cfg.installPassword; }) (lib.mkIf (cfg.installPassword == "") { hashedPasswordFile = config.sops.secrets.sharedUsers-steveej.path; }) ] ) ); } ] ); }