{ pkgs, inputs, config, lib, ... }: let pubKeys = lib.filesystem.listFilesRecursive (../keys); hostname = config.networking.hostName; sopsHashedPasswordFile = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."passwords/${user}".path; secretsDirectory = builtins.toString inputs.nix-secrets; secretsFile = "${secretsDirectory}/secrets.yaml"; user = "media"; in { users.users.media = { isNormalUser = true; shell = pkgs.zsh; # default shell hashedPasswordFile = sopsHashedPasswordFile; openssh.authorizedKeys.keys = lib.lists.forEach pubKeys (key: builtins.readFile key); extraGroups = [ "qemu-libvirtd" "libvirtd" "wheel" "video" "audio" "disk" "networkmanager" ]; }; environment.persistence."/persist" = { hideMounts = true; users.${user}= { directories = [ "sync" "keep" ".ssh" ".config/dconf" ".config/cinnamon" ".config/nemo" ".mozilla" ".local" ]; files = [ ]; }; }; sops.secrets."passwords/${user}" = { sopsFile = "${secretsFile}"; neededForUsers = true; }; sops.secrets."ssh_keys/${user}/id_ed25519" = { path = "/home/${user}/.ssh/id_ed25519"; mode = "0600"; owner = config.users.users.media.name; }; sops.secrets."ssh_keys/${user}/id_ed25519.pub" = { path = "/home/${user}/.ssh/id_ed25519.pub"; mode = "0644"; owner = config.users.users.media.name; }; # # Need to change ownership of the secrets as they are created as root # system.activationScripts.sopsSetAgeKeyOwnwership = '' # mkdir -p /home/${user}/.config || true # chown -R ${user}:users /home/${user}/.config # ''; services.flatpak.enable = true; users.users.media = { packages = with pkgs; [ flatpak gnome.gnome-software ]; }; programs.zsh.enable = true; programs.fuse.userAllowOther = true; home-manager = { extraSpecialArgs = { inherit inputs; }; users = { ${user} = import ../../../../home/${hostname}.nix; }; }; }