3 files changed, 24 insertions, 5 deletions

diff --git a/modules/users/default.nix b/modules/users/default.nix
index f293f77..0b2ffd9 100644
--- a/modules/users/default.nix
+++ b/modules/users/default.nix
@@ -236,7 +236,13 @@ in
 
             requireFDA ${name} "created"
 
-            sysadminctl -addUser ${lib.escapeShellArgs ([ v.name "-UID" v.uid "-GID" v.gid ] ++ (lib.optionals (v.description != null) [ "-fullName" v.description ]) ++ [ "-home" v.home "-shell" (shellPath v.shell) ])} 2> /dev/null
+            sysadminctl -addUser ${lib.escapeShellArgs ([
+              v.name
+              "-UID" v.uid
+              "-GID" v.gid ]
+              ++ (lib.optionals (v.description != null) [ "-fullName" v.description ])
+              ++ (lib.optionals (v.home != null) [ "-home" v.home ])
+              ++ [ "-shell" (shellPath v.shell) ])} 2> /dev/null
 
             # We need to check as `sysadminctl -addUser` still exits with exit code 0 when there's an error
             if ! id ${name} &> /dev/null; then
@@ -245,7 +251,10 @@ in
             fi
 
             dscl . -create ${dsclUser} IsHidden ${if v.isHidden then "1" else "0"}
-            ${optionalString v.createHome "createhomedir -cu ${name}"}
+
+            # `sysadminctl -addUser` won't create the home directory if we use the `-home`
+            # flag so we need to do it ourselves
+            ${optionalString (v.home != null && v.createHome) "createhomedir -cu ${name} > /dev/null"}
           fi
 
           # Update properties on known users to keep them inline with configuration
diff --git a/modules/users/user.nix b/modules/users/user.nix
index a0c8aab..b9c9799 100644
--- a/modules/users/user.nix
+++ b/modules/users/user.nix
@@ -53,9 +53,17 @@
     # };
 
     home = mkOption {
-      type = types.path;
-      default = "/var/empty";
-      description = "The user's home directory.";
+      type = types.nullOr types.path;
+      default = null;
+      description = ''
+        The user's home directory. This defaults to `null`.
+
+        When this is set to `null`, the value is managed by macOS instead of
+        `nix-darwin`. This means if the user has not been created yet,
+        `sysadminctl` will be called without the `-home` flag which means the
+        user will have a default home directory of `/Users/<name>` which will
+        be created by `sysadminctl`.
+      '';
     };
 
     createHome = mkOption {
diff --git a/tests/users-groups.nix b/tests/users-groups.nix
index d06eedd..8fc435a 100644
--- a/tests/users-groups.nix
+++ b/tests/users-groups.nix
@@ -20,6 +20,7 @@
 
   users.users."created.user".uid = 42001;
   users.users."created.user".description = null;
+  users.users."created.user".home = null;
 
   users.users."unknown.user".uid = 42002;
 
@@ -49,6 +50,7 @@
     grep "sysadminctl -addUser ${lib.escapeShellArgs [ "foo" "-UID" 42000 "-GID" 42000 "-fullName" "Foo user" "-home" "/Users/foo" "-shell" "/run/current-system/sw/bin/bash" ]}" ${config.out}/activate
     grep "createhomedir -cu ${lib.escapeShellArg "foo"}" ${config.out}/activate
     grep "sysadminctl -addUser ${lib.escapeShellArgs [ "created.user" "-UID" 42001 ]} .* ${lib.escapeShellArgs [ "-shell" "/sbin/nologin" ]}" ${config.out}/activate
+    (! grep "sysadminctl -addUser ${lib.escapeShellArg "created.user"} .* -home" ${config.out}/activate)
     (! grep "deleteUser ${lib.escapeShellArg "created.user"}" ${config.out}/activate)
     (! grep "dscl . -delete ${lib.escapeShellArg "/Groups/created.user"}" ${config.out}/activate)