I’ve moved from creating users via users.users.* to using an IDM provider called Kanidm which integrates with PAM.
As a result I lose out on declarative user management, and a single example of one thing which I now have to do imperatively is users.users.<name>.linger = true;. I can still enable linger imperatively via loginctl enable-linger <name> but I’d rather it be part of my Nix configuration, either for a single user or all users.
I can still define users.users.* for Kanidm-created users, but it clashes because NixOS overrides the autogenerated uid and gid set by Kanidm. I suspect it completely creates a new user overriding the IDM provided user. This defeats the purpose of using an external IDM provider.
I know that NixOS provides options to authenticate users with LDAP, but I couldn’t find any reference or examples to also managing those users the Nix way.
Is it possible to declaratively manage externally sourced users, be it from LDAP or else, the Nix way? Maybe via overlays or creating a custom module?