aviac
58e1796853
we write the contents of the hashedPasswordFile into a string to prevent issues with paths that are used from the host and are invalid on the deployment target
23 lines
422 B
Nix
23 lines
422 B
Nix
{
|
|
config,
|
|
lib,
|
|
pkgs,
|
|
modulesPath,
|
|
...
|
|
}:
|
|
{
|
|
users.users = {
|
|
# connection only via hashed password;
|
|
dev = {
|
|
isNormalUser = true;
|
|
home = "/home/dev";
|
|
description = "User used to manually connect to this system (e.g. for maintenance)";
|
|
extraGroups = [
|
|
"docker"
|
|
"wheel"
|
|
];
|
|
hashedPassword = "${builtins.readFile ./../dev_user_password.pw}";
|
|
};
|
|
};
|
|
}
|
|
|