fix: disable password login on servers
This commit is contained in:
+10
-2
@@ -24,6 +24,10 @@ let
|
||||
{ accountName }:
|
||||
{
|
||||
config,
|
||||
host ? {
|
||||
isServer = false;
|
||||
},
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
@@ -31,20 +35,24 @@ let
|
||||
account = accounts.${accountName};
|
||||
in
|
||||
{
|
||||
sops.secrets."hashed-password-${accountName}".neededForUsers = true;
|
||||
sops.secrets = lib.optionalAttrs (!host.isServer) {
|
||||
"hashed-password-${accountName}".neededForUsers = true;
|
||||
};
|
||||
|
||||
programs.zsh.enable = true;
|
||||
|
||||
users.users.${accountName} = {
|
||||
name = accountName;
|
||||
home = account.homeDirectory;
|
||||
hashedPasswordFile = config.sops.secrets."hashed-password-${accountName}".path;
|
||||
isNormalUser = true;
|
||||
shell = pkgs.zsh;
|
||||
extraGroups = [
|
||||
"wheel"
|
||||
"networkmanager"
|
||||
];
|
||||
}
|
||||
// lib.optionalAttrs (!host.isServer) {
|
||||
hashedPasswordFile = config.sops.secrets."hashed-password-${accountName}".path;
|
||||
};
|
||||
|
||||
home-manager.users.${accountName} = {
|
||||
|
||||
Reference in New Issue
Block a user