users
*An instance of this module will create a user account on the added machines, along with a generated password that is constant across machines and user settings. *
System
Usage
{
inventory.instances = {
# Deploy user alice on all machines. Don't prompt for password (will be
# auto-generated).
user-alice = {
module = {
name = "users";
input = "clan";
};
roles.default.tags.all = { };
roles.default.settings = {
user = "alice";
prompt = false;
};
};
# Deploy user bob only on his laptop. Prompt for a password.
user-bob = {
module = {
name = "users";
input = "clan";
};
roles.default.machines.bobs-laptop = { };
roles.default.settings.user = "bob";
};
};
}
Roles
The users module has the following roles:
- default
Options for the default
role
groups
Additional groups the user should be added to. You can add any group that exists on your system. Make sure these group exists on all machines where the user is enabled.
Commonly used groups:
- "wheel" - Allows the user to run commands as root using
sudo
. - "networkmanager" - Allows the user to manage network connections.
- "video" - Allows the user to access video devices.
- "input" - Allows the user to access input devices.
Type: list of string
Default:
Declared in: clanServices/users/default.nix
prompt
Whether the user should be prompted for a password.
Effects:
- enabled (
true
) - Prompt for a password during the machine installation or update workflow. - disabled (
false
) - Generate a password during the machine installation or update workflow.
The password can be shown in two steps:
clan vars list <machine-name>
clan vars get <machine-name> <name-of-password-variable>
Type: boolean
Default:
Declared in: clanServices/users/default.nix
user
The user the password should be generated for.
Type: string
Declared in: clanServices/users/default.nix