Move user configuration into c3d2 module

This commit is contained in:
Emery Hemingway 2020-01-26 15:43:20 +01:00
parent 6033155062
commit 9e91b7c21e
13 ha cambiato i file con 115 aggiunte e 67 eliminazioni

Vedi File

@ -4,6 +4,7 @@
imports = [ ./hardware-configuration.nix ../../lib ];
c3d2 = {
users.k-ot = true;
isInHq = true;
hq.interface = "enp0s10";
enableHail = true;

Vedi File

@ -7,13 +7,15 @@
./cache.nix
../../lib
../../lib/hq.nix
../../lib/emery.nix
../../lib/windsleep.nix
../../lib/buildfarmer.nix
../../lib/yggdrasil.nix
];
c3d2 = {
users = {
emery = true;
windsleep = true;
};
isInHq = true;
mapHqHosts = true;
hq.interface = "eth0";

Vedi File

@ -13,14 +13,16 @@ in {
../../lib
../../lib/admins.nix
../../lib/hq.nix
../../lib/users.nix
../../lib/mpd.nix
../../lib/yggdrasil.nix
../../lib/emery.nix
./mpdConsole.nix
];
c3d2 = {
users = {
emery = true;
k-ot = true;
};
isInHq = true;
mapHqHosts = true;
hq = {

Vedi File

@ -6,8 +6,6 @@ in {
<nixpkgs/nixos/modules/profiles/minimal.nix>
../../lib
../../lib/default-gateway.nix
../../lib/emery.nix
../../lib/windsleep.nix
../../lib/buildfarmer.nix
../../lib/yggdrasil.nix
./containers
@ -17,6 +15,10 @@ in {
];
c3d2 = {
users = {
emery = true;
windsleep = true;
};
isInHq = true;
mapHqHosts = true;
hq = {

Vedi File

@ -0,0 +1,26 @@
name:
(import ../outer-defaults.nix name) // {
bindMounts."/srv/ceph/c3d2" = {
hostPath = "/srv/ceph/c3d2";
isReadOnly = true;
};
config = { config, pkgs, lib, ... }:
let ncdcPort = 1512;
in {
imports = [ ../inner-defaults.nix ../../../../lib/yggdrasil-hq.nix ];
c3d2.users.k-ot = true;
services.openssh.enable = true;
programs.mosh.enable = true;
environment.systemPackages = with pkgs; [ tmux ncdc ];
networking.firewall.enable = false;
hq.yggdrasil.enable = true;
};
}

Vedi File

@ -159,7 +159,6 @@ let
};
in { config, pkgs, ... }: {
users.users.root.password = "k-ot";
services.hydra = {
enable = true;
hydraURL = "https://server7.hq.c3d2.de";

Vedi File

@ -11,13 +11,11 @@ in {
../../lib
../../lib/hq.nix
../../lib/shared.nix
../../lib/users.nix
./ncdc.nix
../../lib/default-gateway.nix
../../lib/emery.nix
];
c3d2 = {
users.k-ot = true;
isInHq = true;
mapHqHosts = true;
hq.interface = eth0;
@ -36,13 +34,13 @@ in {
# usePredictableInterfacenames = false;
interfaces.${eth0} = {
ipv4.addresses = [{
address = "172.22.99.20";
prefixLength = 24;
}];
ipv6.addresses = [{
address = "2a02:8106:208:5201::20";
prefixLength = 64;
}];
address = "172.22.99.20";
prefixLength = 24;
}];
ipv6.addresses = [{
address = "2a02:8106:208:5201::20";
prefixLength = 64;
}];
};
defaultGateway.interface = eth0;

Vedi File

@ -2,7 +2,7 @@
# That includes physical servers, VMs, containers, and personal machines.
#
{ config, lib, ... }:
{ config, lib, pkgs, ... }:
let
hqPrefix64 = "fd23:42:c3d2:523";
@ -34,6 +34,8 @@ let
in {
imports = [ ./users ];
options.c3d2 = with lib;
with lib.types; {
@ -113,6 +115,7 @@ in {
hostRegistry = import ../host-registry.nix;
mkIfIsInHq = lib.mkIf cfg.isInHq;
in {
# Configuration specific to this machine
assertions = [
{

Vedi File

@ -1,35 +0,0 @@
{ config, pkgs, ... }:
{
nix.trustedUsers = [ "emery" ];
programs = {
fish.enable = true;
tmux.enable = true;
};
users.users.emery = {
isNormalUser = true;
description = "Emery";
extraGroups = [ "users" "wheel" ];
hashedPassword =
"$6$ZgiLSFCQPW0DB0i$aPeZ9E62y2OvqRbNAEL.8IK30YgvyLy6UOitN6A.li.YmUrmYAh1ukB844MFp3KlTpYzi5e80hRIg1Vx1F0uO/";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICgL2kRs+cXAcUzOO2Tp+mtMBVuHqMuslQy3LN+HLSP4 emery@nixos"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMVmyXQNE5IhcFdAWNfd4Cgg+rc+z/uClSQdPcaAVbYf emery@nixos"
];
shell = pkgs.fish;
};
users.users.root.openssh = {
inherit (config.users.users.emery.openssh) authorizedKeys;
};
users.users.buildfarmer.openssh = {
inherit (config.users.users.emery.openssh) authorizedKeys;
};
nix.sshServe.keys = config.users.users.emery.openssh.authorizedKeys.keys;
}

28
lib/users/default.nix Normal file
Vedi File

@ -0,0 +1,28 @@
{ config, lib, pkgs, ... }:
with builtins;
let
userModules = let
userDir = readDir ./.;
filter = name: kind: name != "default.nix" && kind != "directory";
in lib.filterAttrs filter userDir;
import' = name:
lib.mkIf config.c3d2.users.${name}
(import (./. + "/${name}.nix") { inherit config lib pkgs; });
userNames = let f = replaceStrings [ ".nix" ] [ "" ];
in map f (attrNames userModules);
in {
options.c3d2.users = let
f = name: {
inherit name;
value = lib.mkOption {
type = lib.types.bool;
default = false;
};
};
in listToAttrs (map f userNames);
config = lib.mkMerge (map import' userNames);
}

30
lib/users/emery.nix Normal file
Vedi File

@ -0,0 +1,30 @@
{ pkgs, ... }:
let
keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICgL2kRs+cXAcUzOO2Tp+mtMBVuHqMuslQy3LN+HLSP4 emery@nixos"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMVmyXQNE5IhcFdAWNfd4Cgg+rc+z/uClSQdPcaAVbYf emery@nixos"
];
in {
nix.trustedUsers = [ "emery" ];
programs = {
fish.enable = true;
tmux.enable = true;
};
users.users.emery = {
isNormalUser = true;
description = "Emery";
extraGroups = [ "users" "wheel" ];
hashedPassword =
"$6$ZgiLSFCQPW0DB0i$aPeZ9E62y2OvqRbNAEL.8IK30YgvyLy6UOitN6A.li.YmUrmYAh1ukB844MFp3KlTpYzi5e80hRIg1Vx1F0uO/";
openssh.authorizedKeys.keys = keys;
shell = pkgs.fish;
};
users.users.root.openssh.authorizedKeys.keys = keys;
nix.sshServe.keys = keys;
}

Vedi File

@ -1,13 +1,10 @@
{ pkgs, ... }:
{
{ pkgs, ... }: {
users.users.k-ot = {
packages = with pkgs;
[ screen tmux ];
packages = with pkgs; [ screen tmux ];
createHome = true;
isNormalUser = true;
uid = 1000;
extraGroups = [ "wheel" "audio" ];
extraGroups = [ "audio" ];
password = "k-otk-ot";
};
}

Vedi File

@ -1,4 +1,4 @@
{ config, pkgs, ... }:
{ pkgs, ... }:
let
keys = [
@ -21,11 +21,6 @@ in {
shell = pkgs.zsh;
};
users.users.root.openssh = {
inherit (config.users.users.windsleep.openssh) authorizedKeys;
};
users.users.buildfarmer.openssh = {
inherit (config.users.users.windsleep.openssh) authorizedKeys;
};
users.users.root.openssh.authorizedKeys.keys = keys;
nix.sshServe.keys = keys;
}