hunner/nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add user account for agents

Browse source
This commit is contained in:
Hunter Haugen 2026-03-06 13:19:03 -08:00
parent eba7f5746b
commit dab6541947
Signed by: hunner
GPG key ID: EF99694AA599DDAD
1 changed files with 23 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

25
hosts/liminal/configuration.nix
View file

@ -255,11 +255,32 @@
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
sops.secrets.hashedPassword.neededForUsers = true; sops.secrets.hashedPassword.neededForUsers = true;
# Define a user account. Don't forget to set a password with 'passwd'. # Define user accounts
users.groups.ai = {};
users.users.agents = {
isSystemUser = true;
description = "Account for AI agent sandboxing";
group = "ai";
home = "/home/agents";
createHome = true;
homeMode = "0770";
extraGroups = [ "docker" "audio" "video" "dialout" ];
shell = pkgs.zsh;
packages = with pkgs; [
nodejs
docker-credential-helpers
pass
pkgs.unstable.claude-code
codex
just
socat
pkgs.beads
];
};
users.users.hunner = { users.users.hunner = {
isNormalUser = true; isNormalUser = true;
description = "Hunter Haugen"; description = "Hunter Haugen";
extraGroups = [ "docker" "networkmanager" "wheel" "audio" "video" "dialout" ]; extraGroups = [ "docker" "networkmanager" "wheel" "audio" "video" "dialout" "ai" ];
hashedPasswordFile = config.sops.secrets.hashedPassword.path; hashedPasswordFile = config.sops.secrets.hashedPassword.path;
shell = pkgs.zsh; shell = pkgs.zsh;
packages = with pkgs; [ packages = with pkgs; [