fix: disable password login on servers
This commit is contained in:
+10
-2
@@ -24,6 +24,10 @@ let
|
|||||||
{ accountName }:
|
{ accountName }:
|
||||||
{
|
{
|
||||||
config,
|
config,
|
||||||
|
host ? {
|
||||||
|
isServer = false;
|
||||||
|
},
|
||||||
|
lib,
|
||||||
pkgs,
|
pkgs,
|
||||||
...
|
...
|
||||||
}:
|
}:
|
||||||
@@ -31,20 +35,24 @@ let
|
|||||||
account = accounts.${accountName};
|
account = accounts.${accountName};
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
sops.secrets."hashed-password-${accountName}".neededForUsers = true;
|
sops.secrets = lib.optionalAttrs (!host.isServer) {
|
||||||
|
"hashed-password-${accountName}".neededForUsers = true;
|
||||||
|
};
|
||||||
|
|
||||||
programs.zsh.enable = true;
|
programs.zsh.enable = true;
|
||||||
|
|
||||||
users.users.${accountName} = {
|
users.users.${accountName} = {
|
||||||
name = accountName;
|
name = accountName;
|
||||||
home = account.homeDirectory;
|
home = account.homeDirectory;
|
||||||
hashedPasswordFile = config.sops.secrets."hashed-password-${accountName}".path;
|
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
shell = pkgs.zsh;
|
shell = pkgs.zsh;
|
||||||
extraGroups = [
|
extraGroups = [
|
||||||
"wheel"
|
"wheel"
|
||||||
"networkmanager"
|
"networkmanager"
|
||||||
];
|
];
|
||||||
|
}
|
||||||
|
// lib.optionalAttrs (!host.isServer) {
|
||||||
|
hashedPasswordFile = config.sops.secrets."hashed-password-${accountName}".path;
|
||||||
};
|
};
|
||||||
|
|
||||||
home-manager.users.${accountName} = {
|
home-manager.users.${accountName} = {
|
||||||
|
|||||||
Reference in New Issue
Block a user