machine_setup/nix/configuration/roles/user/default.nix

{
  config,
  lib,
  pkgs,
  ...
}:

{
  imports = [ ];

  options.me = {
    user.enable = lib.mkOption {
      type = lib.types.bool;
      default = false;
      example = true;
      description = "Whether we want to create my user.";
    };
  };

  config = lib.mkIf config.me.user.enable {
    services.getty = {
      autologinUser = "talexander"; # I use full disk encryption so the user password is irrelevant.
      autologinOnce = true;
    };
    users.mutableUsers = false;
    users.users.talexander = {
      isNormalUser = true;
      createHome = true; # https://github.com/NixOS/nixpkgs/issues/6481
      group = "talexander";
      extraGroups = [ "wheel" ];
      uid = 11235;
      packages = with pkgs; [
        tree
      ];
      # Generate with `mkpasswd -m scrypt`
      hashedPassword = "$7$CU..../....VXvNQ8za3wSGpdzGXNT50/$HcFtn/yvwPMCw4888BelpiAPLAxe/zU87fD.d/N6U48";
      openssh.authorizedKeys.keys = [
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID0+4zi26M3eYWnIrciR54kOlGxzfgCXG+o4ea1zpzrk openpgp:0x7FF123C8"
        "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEI6mu6I5Jp+Ib0vJxapGHbEShZjyvzV8jz5DnzDrI39AAAABHNzaDo="
        "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIAFNcSXwvy+brYTOGo56G93Ptuq2MmZsjvRWAfMqbmMLAAAABHNzaDo="
      ];
    };
    users.groups.talexander.gid = 11235;

    environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
      hideMounts = true;
      users.talexander = {
        directories = [
          {
            directory = "persist";
            user = "talexander";
            group = "talexander";
            mode = "0700";
          }
        ];
      };
    };
  };
}
Restructure flake.nix for a simpler config for building different images off the same NixOS config. 2025-10-11 00:08:02 -04:00			`{`
			`config,`
			`lib,`
			`pkgs,`
			`...`
			`}:`

			`{`
			`imports = [ ];`

			`options.me = {`
			`user.enable = lib.mkOption {`
			`type = lib.types.bool;`
			`default = false;`
			`example = true;`
			`description = "Whether we want to create my user.";`
			`};`
			`};`

			`config = lib.mkIf config.me.user.enable {`
			`services.getty = {`
			`autologinUser = "talexander"; # I use full disk encryption so the user password is irrelevant.`
			`autologinOnce = true;`
			`};`
			`users.mutableUsers = false;`
			`users.users.talexander = {`
			`isNormalUser = true;`
			`createHome = true; # https://github.com/NixOS/nixpkgs/issues/6481`
			`group = "talexander";`
			`extraGroups = [ "wheel" ];`
			`uid = 11235;`
			`packages = with pkgs; [`
			`tree`
			`];`
			# Generate with `mkpasswd -m scrypt`
			`hashedPassword = "$7$CU..../....VXvNQ8za3wSGpdzGXNT50/$HcFtn/yvwPMCw4888BelpiAPLAxe/zU87fD.d/N6U48";`
			`openssh.authorizedKeys.keys = [`
			`"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID0+4zi26M3eYWnIrciR54kOlGxzfgCXG+o4ea1zpzrk openpgp:0x7FF123C8"`
			`"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEI6mu6I5Jp+Ib0vJxapGHbEShZjyvzV8jz5DnzDrI39AAAABHNzaDo="`
			`"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIAFNcSXwvy+brYTOGo56G93Ptuq2MmZsjvRWAfMqbmMLAAAABHNzaDo="`
			`];`
			`};`
			`users.groups.talexander.gid = 11235;`

			`environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {`
			`hideMounts = true;`
			`users.talexander = {`
			`directories = [`
			`{`
			`directory = "persist";`
			`user = "talexander";`
			`group = "talexander";`
			`mode = "0700";`
			`}`
			`];`
			`};`
			`};`
			`};`
			`}`