{ config, lib, pkgs, fleetHmModules, fleetFlake, ... }: let cfg = config.ccr; inherit (lib) types; in { options.ccr = { enable = lib.mkEnableOption "ccr"; username = lib.mkOption { type = types.str; default = "ccr"; }; description = lib.mkOption { type = types.str; default = "Andrea Ciceri"; }; shell = lib.mkOption { type = lib.types.package; default = pkgs.fish; }; modules = lib.mkOption { type = types.listOf types.str; default = []; }; packages = lib.mkOption { type = types.listOf types.package; default = []; }; autologin = lib.mkOption { type = types.bool; default = false; }; authorizedKeys = lib.mkOption { type = types.listOf types.str; default = builtins.attrValues (import "${fleetFlake}/lib").keys.users; }; hashedPassword = lib.mkOption { type = types.str; default = "$6$JGOefuRk7kL$fK9.5DFnLLoW08GL4eKRyf958jyZdw//hLMaz4pp28jJuSFb24H6R3dgt1.sMs0huPY85rludSw4dnQJG5xSw1"; # mkpasswd -m sha-512 }; extraGroups = lib.mkOption { type = types.listOf types.str; default = {}; }; extraModules = lib.mkOption { type = types.listOf types.deferredModule; default = []; }; backupPaths = lib.mkOption { type = types.listOf types.str; default = []; }; }; config = lib.mkIf cfg.enable { # FIXME shouldn't set these groups by default ccr.extraGroups = ["wheel" "fuse" "video" "dialout" "systemd-journal" "camera"]; ccr.modules = ["shell" "git" "nix-index"]; backup.paths = cfg.backupPaths; users.users.${cfg.username} = { inherit (config.ccr) hashedPassword extraGroups description; uid = 1000; isNormalUser = true; shell = cfg.shell; openssh.authorizedKeys.keys = config.ccr.authorizedKeys; }; programs.fish.enable = true; services.getty.autologinUser = if config.ccr.autologin then cfg.username else null; home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; home-manager.users.${cfg.username} = { imports = fleetHmModules cfg.modules ++ [ { _module.args = { inherit (config.age) secrets; inherit (cfg) username; }; } ] ++ cfg.extraModules; home.packages = cfg.packages; home.stateVersion = config.system.stateVersion; }; }; }