users: add hermes user

1 files changed, 25 insertions, 9 deletions

diff --git a/config/users.nix b/config/users.nix
index c6b2e7d..8dc27a3 100644
--- a/config/users.nix
+++ b/config/users.nix
@@ -1,16 +1,32 @@
 {pkgs, ...}: {
   personal.user.enable = true;
   users = {
-    users."nixremote" = {
-      isSystemUser = true;
-      shell = pkgs.busybox-sandbox-shell;
-      group = "nixremote";
-      openssh.authorizedKeys.keys = [
-        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEgohiYF2Dsaq6ImGaslnKJMwpiVtwAaM9cm1tpSRr7t root@kerberos"
-        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGstvYymapGvkjvKbFqkMZtE9ft9uEM13n8q798HtOT+ root@hermes"
-      ];
+    users = {
+      nixremote = {
+        isSystemUser = true;
+        shell = pkgs.busybox-sandbox-shell;
+        group = "nixremote";
+        openssh.authorizedKeys.keys = [
+          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEgohiYF2Dsaq6ImGaslnKJMwpiVtwAaM9cm1tpSRr7t root@kerberos"
+        ];
+      };
+      hermes = {
+        isNormalUser = true;
+        shell = pkgs.busybox-sandbox-shell;
+        openssh.authorizedKeys.keys = [
+          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGstvYymapGvkjvKbFqkMZtE9ft9uEM13n8q798HtOT+ root@hermes"
+        ];
+        homeMode = "700";
+      };
     };
     groups.nixremote = {};
   };
-  nix.settings.trusted-users = ["nixremote"];
+
+  system.userActivationScripts.hermesSetup = ''
+    if [ $(whoami) = hermes ]
+    then
+      mkdir --parents --mode=700 nixos-configuration
+      git init --bare nixos-configuration
+    fi
+  '';
 }