# Shared user definitions for all hosts that import `nixosModules.users`. # Module (not bare attrset) so catalog entries can use `config.*` for sops paths etc. { ... }: { flake.nixosModules.usersCatalogDefaults = { config, ... }: { config.chiasson.users.catalog = { olivier = { isNormalUser = true; description = "Olivier"; extraGroups = [ "networkmanager" "wheel" "docker" "fuse" "uinput" "kvm" # `video` is required for the brightnessctl/light udev rules to grant write access # to /sys/class/backlight/*/brightness without sudo. Harmless on hosts without a # backlight (servers, desktop towers): the group simply has no devices to own. "video" ]; # Host must set `sops.secrets."users/olivier/hashedPassword".neededForUsers = true`. # With that, `.path` is under /run/secrets-for-users/… (sops-nix README). hashedPasswordFile = config.sops.secrets."users/olivier/hashedPassword".path; homeManager = { enable = true; module = { ... }: { home.username = "olivier"; home.homeDirectory = "/home/olivier"; home.stateVersion = "25.11"; programs.home-manager.enable = true; }; }; ssh = { inbound = { enable = true; authorizedHosts = "all"; }; outbound = { rbw = { enable = true; hosts = "all"; }; }; }; }; server = { isNormalUser = true; description = "Server user"; extraGroups = [ "wheel" ]; homeManager = { enable = false; module = null; }; ssh = { inbound = { enable = true; authorizedHosts = "all"; }; outbound = { rbw = { enable = false; hosts = "all"; }; }; }; }; }; }; }