Browse Source

Move user configuration into c3d2 module

storage-ng
Emery Hemingway 5 months ago
parent
commit
9e91b7c21e

+ 1
- 0
hosts/glotzbert/configuration.nix View File

@@ -4,6 +4,7 @@
4 4
   imports = [ ./hardware-configuration.nix ../../lib ];
5 5
 
6 6
   c3d2 = {
7
+    users.k-ot = true;
7 8
     isInHq = true;
8 9
     hq.interface = "enp0s10";
9 10
     enableHail = true;

+ 4
- 2
hosts/hydra/configuration.nix View File

@@ -7,13 +7,15 @@
7 7
     ./cache.nix
8 8
     ../../lib
9 9
     ../../lib/hq.nix
10
-    ../../lib/emery.nix
11
-    ../../lib/windsleep.nix
12 10
     ../../lib/buildfarmer.nix
13 11
     ../../lib/yggdrasil.nix
14 12
   ];
15 13
 
16 14
   c3d2 = {
15
+    users = {
16
+      emery = true;
17
+      windsleep = true;
18
+    };
17 19
     isInHq = true;
18 20
     mapHqHosts = true;
19 21
     hq.interface = "eth0";

+ 4
- 2
hosts/pulsebert/configuration.nix View File

@@ -13,14 +13,16 @@ in {
13 13
     ../../lib
14 14
     ../../lib/admins.nix
15 15
     ../../lib/hq.nix
16
-    ../../lib/users.nix
17 16
     ../../lib/mpd.nix
18 17
     ../../lib/yggdrasil.nix
19
-    ../../lib/emery.nix
20 18
     ./mpdConsole.nix
21 19
   ];
22 20
 
23 21
   c3d2 = {
22
+    users = {
23
+      emery = true;
24
+      k-ot = true;
25
+    };
24 26
     isInHq = true;
25 27
     mapHqHosts = true;
26 28
     hq = {

+ 4
- 2
hosts/server7/configuration.nix View File

@@ -6,8 +6,6 @@ in {
6 6
     <nixpkgs/nixos/modules/profiles/minimal.nix>
7 7
     ../../lib
8 8
     ../../lib/default-gateway.nix
9
-    ../../lib/emery.nix
10
-    ../../lib/windsleep.nix
11 9
     ../../lib/buildfarmer.nix
12 10
     ../../lib/yggdrasil.nix
13 11
     ./containers
@@ -17,6 +15,10 @@ in {
17 15
   ];
18 16
 
19 17
   c3d2 = {
18
+    users = {
19
+      emery = true;
20
+      windsleep = true;
21
+    };
20 22
     isInHq = true;
21 23
     mapHqHosts = true;
22 24
     hq = {

+ 26
- 0
hosts/server7/containers/ncdc/default.nix View File

@@ -0,0 +1,26 @@
1
+name:
2
+
3
+(import ../outer-defaults.nix name) // {
4
+
5
+  bindMounts."/srv/ceph/c3d2" = {
6
+    hostPath = "/srv/ceph/c3d2";
7
+    isReadOnly = true;
8
+  };
9
+
10
+  config = { config, pkgs, lib, ... }:
11
+    let ncdcPort = 1512;
12
+    in {
13
+      imports = [ ../inner-defaults.nix ../../../../lib/yggdrasil-hq.nix ];
14
+
15
+      c3d2.users.k-ot = true;
16
+
17
+      services.openssh.enable = true;
18
+      programs.mosh.enable = true;
19
+
20
+      environment.systemPackages = with pkgs; [ tmux ncdc ];
21
+
22
+      networking.firewall.enable = false;
23
+      hq.yggdrasil.enable = true;
24
+    };
25
+
26
+}

+ 0
- 1
hosts/server7/hydra.nix View File

@@ -159,7 +159,6 @@ let
159 159
     };
160 160
 in { config, pkgs, ... }: {
161 161
 
162
-  users.users.root.password = "k-ot";
163 162
   services.hydra = {
164 163
     enable = true;
165 164
     hydraURL = "https://server7.hq.c3d2.de";

+ 8
- 10
hosts/storage-ng/configuration.nix View File

@@ -11,13 +11,11 @@ in {
11 11
     ../../lib
12 12
     ../../lib/hq.nix
13 13
     ../../lib/shared.nix
14
-    ../../lib/users.nix
15
-    ./ncdc.nix
16 14
     ../../lib/default-gateway.nix
17
-    ../../lib/emery.nix
18 15
   ];
19 16
 
20 17
   c3d2 = {
18
+    users.k-ot = true;
21 19
     isInHq = true;
22 20
     mapHqHosts = true;
23 21
     hq.interface = eth0;
@@ -36,13 +34,13 @@ in {
36 34
     # usePredictableInterfacenames = false;
37 35
     interfaces.${eth0} = {
38 36
       ipv4.addresses = [{
39
-      address = "172.22.99.20";
40
-      prefixLength = 24;
41
-    }];
42
-    ipv6.addresses = [{
43
-      address = "2a02:8106:208:5201::20";
44
-      prefixLength = 64;
45
-    }];
37
+        address = "172.22.99.20";
38
+        prefixLength = 24;
39
+      }];
40
+      ipv6.addresses = [{
41
+        address = "2a02:8106:208:5201::20";
42
+        prefixLength = 64;
43
+      }];
46 44
     };
47 45
 
48 46
     defaultGateway.interface = eth0;

+ 4
- 1
lib/default.nix View File

@@ -2,7 +2,7 @@
2 2
 # That includes physical servers, VMs, containers, and personal machines.
3 3
 #
4 4
 
5
-{ config, lib, ... }:
5
+{ config, lib, pkgs, ... }:
6 6
 
7 7
 let
8 8
   hqPrefix64 = "fd23:42:c3d2:523";
@@ -34,6 +34,8 @@ let
34 34
 
35 35
 in {
36 36
 
37
+  imports = [ ./users ];
38
+
37 39
   options.c3d2 = with lib;
38 40
     with lib.types; {
39 41
 
@@ -113,6 +115,7 @@ in {
113 115
     hostRegistry = import ../host-registry.nix;
114 116
     mkIfIsInHq = lib.mkIf cfg.isInHq;
115 117
   in {
118
+    # Configuration specific to this machine
116 119
 
117 120
     assertions = [
118 121
       {

+ 0
- 35
lib/emery.nix View File

@@ -1,35 +0,0 @@
1
-{ config, pkgs, ... }:
2
-
3
-{
4
-
5
-  nix.trustedUsers = [ "emery" ];
6
-
7
-  programs = {
8
-    fish.enable = true;
9
-    tmux.enable = true;
10
-  };
11
-
12
-  users.users.emery = {
13
-    isNormalUser = true;
14
-    description = "Emery";
15
-    extraGroups = [ "users" "wheel" ];
16
-    hashedPassword =
17
-      "$6$ZgiLSFCQPW0DB0i$aPeZ9E62y2OvqRbNAEL.8IK30YgvyLy6UOitN6A.li.YmUrmYAh1ukB844MFp3KlTpYzi5e80hRIg1Vx1F0uO/";
18
-    openssh.authorizedKeys.keys = [
19
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICgL2kRs+cXAcUzOO2Tp+mtMBVuHqMuslQy3LN+HLSP4 emery@nixos"
20
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMVmyXQNE5IhcFdAWNfd4Cgg+rc+z/uClSQdPcaAVbYf emery@nixos"
21
-    ];
22
-
23
-    shell = pkgs.fish;
24
-  };
25
-
26
-  users.users.root.openssh = {
27
-    inherit (config.users.users.emery.openssh) authorizedKeys;
28
-  };
29
-
30
-  users.users.buildfarmer.openssh = {
31
-    inherit (config.users.users.emery.openssh) authorizedKeys;
32
-  };
33
-
34
-  nix.sshServe.keys = config.users.users.emery.openssh.authorizedKeys.keys;
35
-}

+ 28
- 0
lib/users/default.nix View File

@@ -0,0 +1,28 @@
1
+{ config, lib, pkgs, ... }:
2
+with builtins;
3
+let
4
+  userModules = let
5
+    userDir = readDir ./.;
6
+    filter = name: kind: name != "default.nix" && kind != "directory";
7
+  in lib.filterAttrs filter userDir;
8
+
9
+  import' = name:
10
+    lib.mkIf config.c3d2.users.${name}
11
+    (import (./. + "/${name}.nix") { inherit config lib pkgs; });
12
+
13
+  userNames = let f = replaceStrings [ ".nix" ] [ "" ];
14
+  in map f (attrNames userModules);
15
+
16
+in {
17
+  options.c3d2.users = let
18
+    f = name: {
19
+      inherit name;
20
+      value = lib.mkOption {
21
+        type = lib.types.bool;
22
+        default = false;
23
+      };
24
+    };
25
+  in listToAttrs (map f userNames);
26
+
27
+  config = lib.mkMerge (map import' userNames);
28
+}

+ 30
- 0
lib/users/emery.nix View File

@@ -0,0 +1,30 @@
1
+{ pkgs, ... }:
2
+
3
+let
4
+  keys = [
5
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICgL2kRs+cXAcUzOO2Tp+mtMBVuHqMuslQy3LN+HLSP4 emery@nixos"
6
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMVmyXQNE5IhcFdAWNfd4Cgg+rc+z/uClSQdPcaAVbYf emery@nixos"
7
+  ];
8
+in {
9
+
10
+  nix.trustedUsers = [ "emery" ];
11
+
12
+  programs = {
13
+    fish.enable = true;
14
+    tmux.enable = true;
15
+  };
16
+
17
+  users.users.emery = {
18
+    isNormalUser = true;
19
+    description = "Emery";
20
+    extraGroups = [ "users" "wheel" ];
21
+    hashedPassword =
22
+      "$6$ZgiLSFCQPW0DB0i$aPeZ9E62y2OvqRbNAEL.8IK30YgvyLy6UOitN6A.li.YmUrmYAh1ukB844MFp3KlTpYzi5e80hRIg1Vx1F0uO/";
23
+    openssh.authorizedKeys.keys = keys;
24
+    shell = pkgs.fish;
25
+  };
26
+
27
+  users.users.root.openssh.authorizedKeys.keys = keys;
28
+
29
+  nix.sshServe.keys = keys;
30
+}

lib/users.nix → lib/users/k-ot.nix View File

@@ -1,13 +1,10 @@
1
-{ pkgs, ... }:
2
-
3
-{
1
+{ pkgs, ... }: {
4 2
   users.users.k-ot = {
5
-    packages = with pkgs;
6
-      [ screen tmux ];
3
+    packages = with pkgs; [ screen tmux ];
7 4
     createHome = true;
8 5
     isNormalUser = true;
9 6
     uid = 1000;
10
-    extraGroups = [ "wheel" "audio" ];
7
+    extraGroups = [ "audio" ];
11 8
     password = "k-otk-ot";
12 9
   };
13 10
 }

lib/windsleep.nix → lib/users/windsleep.nix View File

@@ -1,4 +1,4 @@
1
-{ config, pkgs, ... }:
1
+{ pkgs, ... }:
2 2
 
3 3
 let
4 4
   keys = [
@@ -21,11 +21,6 @@ in {
21 21
     shell = pkgs.zsh;
22 22
   };
23 23
 
24
-  users.users.root.openssh = {
25
-    inherit (config.users.users.windsleep.openssh) authorizedKeys;
26
-  };
27
-
28
-  users.users.buildfarmer.openssh = {
29
-    inherit (config.users.users.windsleep.openssh) authorizedKeys;
30
-  };
24
+  users.users.root.openssh.authorizedKeys.keys = keys;
25
+  nix.sshServe.keys = keys;
31 26
 }

Loading…
Cancel
Save