wiro.world / dotfiles
yep, more dotfiles
fork atom

lib: add tss group to elevated users

wiro.world 88638a5f 9493a40d

verified
+10 -9
+4 -4
configurations.nix
··· 9 9 "neo-wiro-laptop" = createSystem pkgs [ 10 10 (system "neo-wiro-laptop" "laptop") 11 11 (managedDiskLayout "luks-btrfs" { device = "nvme0n1"; swapSize = 12; }) 12 - (user "milomoisson" { description = "Milo Moisson"; profile = "desktop"; keys = keys.users; }) 12 + (user "milomoisson" { description = "Milo Moisson"; profile = "desktop"; keys = keys.users; elevated = true; }) 13 13 ]; 14 14 15 15 "archaic-wiro-laptop" = createSystem pkgs [ 16 16 (system "archaic-wiro-laptop" "laptop") 17 - (user "milomoisson" { description = "Milo Moisson"; profile = "desktop"; keys = keys.users; }) 17 + (user "milomoisson" { description = "Milo Moisson"; profile = "desktop"; keys = keys.users; elevated = true; }) 18 18 ]; 19 19 20 20 # Servers ··· 22 22 (host "weird-row-server") 23 23 (managedDiskLayout "ext4-hetzner" { device = "sda"; swapSize = 2; }) 24 24 # TODO: should we keep a real user there? 25 - (user "milomoisson" { description = "Milo Moisson"; profile = "server"; keys = keys.users; }) 25 + (user "milomoisson" { description = "Milo Moisson"; profile = "server"; keys = keys.users; elevated = true; }) 26 26 ]; 27 27 }; 28 28 ··· 37 37 darwinConfigurations = with flake-lib.darwin; { 38 38 "apple-wiro-laptop" = createSystem pkgs [ 39 39 (system "apple-wiro-laptop" "macintosh") 40 - (user "milomoisson" { description = "Milo Moisson"; profile = "macintosh"; keys = keys.users; }) 40 + (user "milomoisson" { description = "Milo Moisson"; profile = "macintosh"; keys = keys.users; elevated = true; }) 41 41 ]; 42 42 }; 43 43 }
+6 -5
lib/flake/user.nix
··· 1 - name: { description, profile, keys ? [ ], user ? { } }: 1 + name: { description, profile, keys ? [ ], user ? { }, elevated }: 2 2 3 3 { self 4 4 , pkgs ··· 35 35 home = "/Users/${name}"; 36 36 } else { 37 37 home = "/home/${name}"; 38 + isNormalUser = true; 38 39 extraGroups = [ 39 - # TODO: remove or put under an condition 40 - "wheel" # sudo access 41 - "networkmanager" # needed for nm 40 + "networkmanager" 41 + ] ++ lib.optionals elevated [ 42 + "wheel" # root access 43 + "tss" # tpm access 42 44 ]; 43 - isNormalUser = true; 44 45 }) // user; 45 46 46 47 home-manager = {