Users: add option for regularUser

2025-07-12 13:44:16 +02:00
parent 3871cb7ab4
commit 0dd5b284eb
2 changed files with 19 additions and 2 deletions
--- a/clanServices/users/default.nix
+++ b/clanServices/users/default.nix
@@ -37,6 +37,22 @@
              - `clan vars get <machine-name> <name-of-password-variable>`
            '';
          };
+          regularUser = lib.mkOption {
+            type = lib.types.bool;
+            default = true;
+            example = false;
+            description = ''
+              Whether the user should be a regular user or a system user.
+
+              Regular users are normal users that can log in and have a home directory.
+
+              System users are used for system services and do not have a home directory.
+
+              !!! Warning
+                  `root` cannot be a regular user.
+                  You must set this to `false` for `root`
+            '';
+          };
          groups = lib.mkOption {
            type = lib.types.listOf lib.types.str;
            default = [ ];
@@ -74,7 +90,7 @@
          }:
          {
            users.users.${settings.user} = {
-              isNormalUser = true;
+              isNormalUser = settings.regularUser;
              extraGroups = settings.groups;

              hashedPasswordFile =
--- a/clanServices/users/tests/vm/default.nix
+++ b/clanServices/users/tests/vm/default.nix
@@ -13,6 +13,8 @@
          roles.default.machines."server".settings = {
            user = "root";
            prompt = false;
+            # Important: 'root' must not be a regular user. See: https://github.com/NixOS/nixpkgs/issues/424404
+            regularUser = false;
          };
        };
        user-password-test = {
@@ -31,7 +33,6 @@
    server = {
      users.users.testuser.group = "testuser";
      users.groups.testuser = { };
-      users.users.testuser.isNormalUser = true;
    };
  };