From 4370c6a22d9cdc364c69bec421b45fa47254e9ec Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Sun, 1 Feb 2026 20:55:47 +0000
Subject: [PATCH] Validate username format

Co-authored-by: ragusa-it <196988693+ragusa-it@users.noreply.github.com>
---
 modules/common.nix | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/modules/common.nix b/modules/common.nix
index d77c70f..26479bc 100644
--- a/modules/common.nix
+++ b/modules/common.nix
@@ -1,6 +1,12 @@
 { config, pkgs, inputs, system, hostname, username, ... }:
 
 {
+  assertions = [
+    {
+      assertion = builtins.match "^[a-z_][a-z0-9_-]*$" username != null;
+      message = "username must be a simple system user name without path separators.";
+    }
+  ];
   # --------------------------------------------------------------------------
   # BOOT
   # --------------------------------------------------------------------------