pvv-nixos-config/docs/users.md

User management

Due to some complications with how NixOS creates users compared to how we used to create users with the salt-based setup, the NixOS machine users are created and managed separately. We tend to create users on-demand, whenever someone in PVV maintenance want to work on the NixOS machines.

Setting up a new user

You can find the files for the existing users, and thereby examples of user files in the users directory. When creating a new file here, you should name it your-username.nix, and add at least the following contents:

{ pkgs, ... }:
{
  users.users."<username>" = {
    isNormalUser = true;
    extraGroups = [
      "wheel" # In case you wanna use sudo (you probably do)
      "nix-builder-users" # Arbitrary access to write to the nix store
    ];

    # Any packages you frequently use to manage servers go here.
    # Please don't pull gigantonormous packages here unless you
    # absolutely need them, and remember that any package can be
    # pulled via nix-shell if you only use it once in a blue moon.
    packages = with pkgs; [
      bottom
      eza
    ];

    # Not strictly needed, but we recommend adding your public SSH
    # key here. If it is not present, you will have to log into the
    # machine as 'root' before setting your password for every NixOS
    # machine you have not logged into yet.
    openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIjiQ0wg4lpC7YBMAAHoGmgwqHOBi+EUz5mmCymGlIyT my-key"
    ];
  };
}

The file will be picked up automatically, so creating the file and adding the contents should be enough to get you registered. You should open a PR with the new code so the machines will be rebuilt with your user present.

See also Secret Management for how to add your keys to the system that lets us add secrets (API keys, password, etc.) to the NixOS config.