Use Pulumi to provision and Nix to configure (#12)

PulumiWebServer/Nix/userconfig.nix

@@ -1,34 +1,55 @@
-{pkgs, ...}: {
-  users.mutableUsers = false;
-  users.users."@@USER@@" = {
-    isNormalUser = true;
-    home = "/home/@@USER@@";
-    extraGroups = ["wheel"];
-    openssh.authorizedKeys.keys = ["@@AUTHORIZED_KEYS@@"];
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}: {
+  options = {
+    services.userconfig = {
+      user = lib.mkOption {
+        type = lib.types.str;
+        description = lib.mdDoc "Primary user to create";
+      };
+      sshKeys = lib.mkOption {
+        type = lib.types.listOf lib.types.str;
+        description = lib.mdDoc "SSH public keys to register as authorised login methods for this user";
+      };
+    };
   };
 
-  security.sudo = {
-    enable = true;
-    extraRules = [
-      {
-        users = ["@@USER@@"];
-        commands = [
-          {
-            command = "ALL";
-            options = ["NOPASSWD"];
-          }
-        ];
-      }
+  config = {
+    users.mutableUsers = false;
+
+    users.users."${config.services.userconfig.user}" = {
+      isNormalUser = true;
+      home = "/home/${config.services.userconfig.user}";
+      extraGroups = ["wheel"];
+      openssh.authorizedKeys.keys = config.services.userconfig.sshKeys;
+    };
+
+    security.sudo = {
+      enable = true;
+      extraRules = [
+        {
+          users = ["${config.services.userconfig.user}"];
+          commands = [
+            {
+              command = "ALL";
+              options = ["NOPASSWD"];
+            }
+          ];
+        }
+      ];
+    };
+
+    nix.extraOptions = ''
+      experimental-features = nix-command flakes
+    '';
+
+    environment.systemPackages = [
+      pkgs.vim
+      pkgs.git
+      pkgs.home-manager
     ];
   };
-
-  nix.extraOptions = ''
-    experimental-features = nix-command flakes
-  '';
-
-  environment.systemPackages = [
-    pkgs.vim
-    pkgs.git
-    pkgs.home-manager
-  ];
 }