From b0a0d1efcd26af8f03f03617d8a97a17d8b2572e Mon Sep 17 00:00:00 2001
From: Timo Bingmann <tbgit@panthema.net>
Date: Tue, 4 Nov 2025 18:50:32 -0800
Subject: [PATCH] linux: add openssh and tb user account

---
 flake.nix                |  2 ++
 system/linux/openssh.nix | 14 ++++++++++++++
 system/linux/user-tb.nix | 14 ++++++++++++++
 3 files changed, 30 insertions(+)
 create mode 100644 system/linux/openssh.nix
 create mode 100644 system/linux/user-tb.nix

diff --git a/flake.nix b/flake.nix
index b6c1a21..0cbc38f 100644
--- a/flake.nix
+++ b/flake.nix
@@ -23,7 +23,9 @@
     nixosModules.linux = { ... }: {
       imports = [
         ./system/linux/i18n.nix
+        ./system/linux/openssh.nix
         ./system/linux/system.nix
+        ./system/linux/user-tb.nix
       ];
     };
 
diff --git a/system/linux/openssh.nix b/system/linux/openssh.nix
new file mode 100644
index 0000000..1213c78
--- /dev/null
+++ b/system/linux/openssh.nix
@@ -0,0 +1,14 @@
+{ ... }:
+{
+  # This setups a SSH server. Very important if you're setting up a headless system.
+  # Feel free to remove if you don't need it.
+  services.openssh = {
+    enable = true;
+    settings = {
+      # Require a ssh key login for root.
+      PermitRootLogin = "prohibit-password";
+      # Use keys only. Remove if you want to SSH using password (not recommended)
+      PasswordAuthentication = true;
+    };
+  };
+}
diff --git a/system/linux/user-tb.nix b/system/linux/user-tb.nix
new file mode 100644
index 0000000..fa59feb
--- /dev/null
+++ b/system/linux/user-tb.nix
@@ -0,0 +1,14 @@
+{ ... }:
+{
+  # Define a user account. Don't forget to set a password with ‘passwd’.
+  users.users.tb = {
+    isNormalUser = true;
+    description = "Timo Bingmann";
+    uid = 7777;
+    group = "users";
+    extraGroups = [ "wheel" "networkmanager" "video" "docker" "scanner" ];
+    home = "/home/tb";
+    homeMode = "711";
+    hashedPassword = "$y$j9T$wYCQHfl0OyCyXBQRo7aOe.$5LY3ulvc1uKT/Squ7VSVSXvMR/FRg2MUbOmUfnN5CR7";
+  };
+}