I want to create a user account on my computer that is very restricted.
On Arch Linux I just didn’t make that user root, also I made sure nix
wasn’t in that users PATH
, additionally I didn’t put that user into allowed-users
.
I was totally fine that I had to install software for that user manually and globally using pacman
.
Now as I have switched to nixOS, I still have that user not in allowed-users
, but I’d be happy if that user where able to manage whitelisted software on their own.
I’d be fine with nix-env
only as a starting point (they will probably only install an office, a browser and some games) though if I could perhaps convince them to use home-manager
later on, I’d be happy if that works as well.
Plus points if it is possible to deny logins without my (or my wifes) explicit consens when not in the main usage time.
More pluspoints if I could tell NetworkManager that this user should use a different proxy and DNS than all the other accounts on the computer, without touching any existing user sessions in the background…
Any hints on making this possible and there fore a user accound “child safe”?