From 1517a064bf421ab33edf86f4517860e009ccfe13 Mon Sep 17 00:00:00 2001
From: Bailey Stevens <me@mtxyz.me>
Date: Thu, 3 Aug 2023 14:11:59 -0400
Subject: [PATCH] Runs application as non-root user.

---
 configuration.nix | 25 ++++++++++++++++++++-----
 1 file changed, 20 insertions(+), 5 deletions(-)

diff --git a/configuration.nix b/configuration.nix
index 107862a..0833ded 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -14,11 +14,26 @@
     graphfix xorg.xauth xorg.xinit
  ];
   
-  users.users.root = {
-    openssh.authorizedKeys.keyFiles = [
-      ./authorized_keys
-    ];
+  users = {
+    mutableUsers = false;
+    users = {
+      root.openssh.authorizedKeys.keyFiles = [
+        ./authorized_keys
+      ];
+      appuser = {
+        isNormalUser = true;
+        group = "appuser";
+        password = "";
+        packages = with pkgs; [
+          graphfix
+        ];
+      };
+    };
+  };
+
+  services.openssh = {
+    enable = true;
+    settings.PasswordAuthentication = false;
   };
-  services.openssh.enable = true;
 }