diff --git a/hosts/glotzbert/configuration.nix b/hosts/glotzbert/configuration.nix index 75039d14..b9fe982d 100644 --- a/hosts/glotzbert/configuration.nix +++ b/hosts/glotzbert/configuration.nix @@ -4,6 +4,7 @@ imports = [ ./hardware-configuration.nix ../../lib ]; c3d2 = { + users.k-ot = true; isInHq = true; hq.interface = "enp0s10"; enableHail = true; diff --git a/hosts/hydra/configuration.nix b/hosts/hydra/configuration.nix index 14bc8b47..3e6992d5 100644 --- a/hosts/hydra/configuration.nix +++ b/hosts/hydra/configuration.nix @@ -7,13 +7,15 @@ ./cache.nix ../../lib ../../lib/hq.nix - ../../lib/emery.nix - ../../lib/windsleep.nix ../../lib/buildfarmer.nix ../../lib/yggdrasil.nix ]; c3d2 = { + users = { + emery = true; + windsleep = true; + }; isInHq = true; mapHqHosts = true; hq.interface = "eth0"; diff --git a/hosts/pulsebert/configuration.nix b/hosts/pulsebert/configuration.nix index 6f5614c0..30fe76b6 100644 --- a/hosts/pulsebert/configuration.nix +++ b/hosts/pulsebert/configuration.nix @@ -13,14 +13,16 @@ in { ../../lib ../../lib/admins.nix ../../lib/hq.nix - ../../lib/users.nix ../../lib/mpd.nix ../../lib/yggdrasil.nix - ../../lib/emery.nix ./mpdConsole.nix ]; c3d2 = { + users = { + emery = true; + k-ot = true; + }; isInHq = true; mapHqHosts = true; hq = { diff --git a/hosts/server7/configuration.nix b/hosts/server7/configuration.nix index 2933060a..4c2c329a 100644 --- a/hosts/server7/configuration.nix +++ b/hosts/server7/configuration.nix @@ -6,8 +6,6 @@ in { ../../lib ../../lib/default-gateway.nix - ../../lib/emery.nix - ../../lib/windsleep.nix ../../lib/buildfarmer.nix ../../lib/yggdrasil.nix ./containers @@ -17,6 +15,10 @@ in { ]; c3d2 = { + users = { + emery = true; + windsleep = true; + }; isInHq = true; mapHqHosts = true; hq = { diff --git a/hosts/server7/containers/ncdc/default.nix b/hosts/server7/containers/ncdc/default.nix new file mode 100644 index 00000000..521369bb --- /dev/null +++ b/hosts/server7/containers/ncdc/default.nix @@ -0,0 +1,26 @@ +name: + +(import ../outer-defaults.nix name) // { + + bindMounts."/srv/ceph/c3d2" = { + hostPath = "/srv/ceph/c3d2"; + isReadOnly = true; + }; + + config = { config, pkgs, lib, ... }: + let ncdcPort = 1512; + in { + imports = [ ../inner-defaults.nix ../../../../lib/yggdrasil-hq.nix ]; + + c3d2.users.k-ot = true; + + services.openssh.enable = true; + programs.mosh.enable = true; + + environment.systemPackages = with pkgs; [ tmux ncdc ]; + + networking.firewall.enable = false; + hq.yggdrasil.enable = true; + }; + +} diff --git a/hosts/server7/hydra.nix b/hosts/server7/hydra.nix index 45f34df2..5d57ed3d 100644 --- a/hosts/server7/hydra.nix +++ b/hosts/server7/hydra.nix @@ -159,7 +159,6 @@ let }; in { config, pkgs, ... }: { - users.users.root.password = "k-ot"; services.hydra = { enable = true; hydraURL = "https://server7.hq.c3d2.de"; diff --git a/hosts/storage-ng/configuration.nix b/hosts/storage-ng/configuration.nix index db903a7c..bccc08a0 100644 --- a/hosts/storage-ng/configuration.nix +++ b/hosts/storage-ng/configuration.nix @@ -11,13 +11,11 @@ in { ../../lib ../../lib/hq.nix ../../lib/shared.nix - ../../lib/users.nix - ./ncdc.nix ../../lib/default-gateway.nix - ../../lib/emery.nix ]; c3d2 = { + users.k-ot = true; isInHq = true; mapHqHosts = true; hq.interface = eth0; @@ -36,13 +34,13 @@ in { # usePredictableInterfacenames = false; interfaces.${eth0} = { ipv4.addresses = [{ - address = "172.22.99.20"; - prefixLength = 24; - }]; - ipv6.addresses = [{ - address = "2a02:8106:208:5201::20"; - prefixLength = 64; - }]; + address = "172.22.99.20"; + prefixLength = 24; + }]; + ipv6.addresses = [{ + address = "2a02:8106:208:5201::20"; + prefixLength = 64; + }]; }; defaultGateway.interface = eth0; diff --git a/lib/default.nix b/lib/default.nix index 9b360380..8086bb75 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -2,7 +2,7 @@ # That includes physical servers, VMs, containers, and personal machines. # -{ config, lib, ... }: +{ config, lib, pkgs, ... }: let hqPrefix64 = "fd23:42:c3d2:523"; @@ -34,6 +34,8 @@ let in { + imports = [ ./users ]; + options.c3d2 = with lib; with lib.types; { @@ -113,6 +115,7 @@ in { hostRegistry = import ../host-registry.nix; mkIfIsInHq = lib.mkIf cfg.isInHq; in { + # Configuration specific to this machine assertions = [ { diff --git a/lib/emery.nix b/lib/emery.nix deleted file mode 100644 index 284f8ae4..00000000 --- a/lib/emery.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ config, pkgs, ... }: - -{ - - nix.trustedUsers = [ "emery" ]; - - programs = { - fish.enable = true; - tmux.enable = true; - }; - - users.users.emery = { - isNormalUser = true; - description = "Emery"; - extraGroups = [ "users" "wheel" ]; - hashedPassword = - "$6$ZgiLSFCQPW0DB0i$aPeZ9E62y2OvqRbNAEL.8IK30YgvyLy6UOitN6A.li.YmUrmYAh1ukB844MFp3KlTpYzi5e80hRIg1Vx1F0uO/"; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICgL2kRs+cXAcUzOO2Tp+mtMBVuHqMuslQy3LN+HLSP4 emery@nixos" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMVmyXQNE5IhcFdAWNfd4Cgg+rc+z/uClSQdPcaAVbYf emery@nixos" - ]; - - shell = pkgs.fish; - }; - - users.users.root.openssh = { - inherit (config.users.users.emery.openssh) authorizedKeys; - }; - - users.users.buildfarmer.openssh = { - inherit (config.users.users.emery.openssh) authorizedKeys; - }; - - nix.sshServe.keys = config.users.users.emery.openssh.authorizedKeys.keys; -} diff --git a/lib/users/default.nix b/lib/users/default.nix new file mode 100644 index 00000000..0143d251 --- /dev/null +++ b/lib/users/default.nix @@ -0,0 +1,28 @@ +{ config, lib, pkgs, ... }: +with builtins; +let + userModules = let + userDir = readDir ./.; + filter = name: kind: name != "default.nix" && kind != "directory"; + in lib.filterAttrs filter userDir; + + import' = name: + lib.mkIf config.c3d2.users.${name} + (import (./. + "/${name}.nix") { inherit config lib pkgs; }); + + userNames = let f = replaceStrings [ ".nix" ] [ "" ]; + in map f (attrNames userModules); + +in { + options.c3d2.users = let + f = name: { + inherit name; + value = lib.mkOption { + type = lib.types.bool; + default = false; + }; + }; + in listToAttrs (map f userNames); + + config = lib.mkMerge (map import' userNames); +} diff --git a/lib/users/emery.nix b/lib/users/emery.nix new file mode 100644 index 00000000..27834ed1 --- /dev/null +++ b/lib/users/emery.nix @@ -0,0 +1,30 @@ +{ pkgs, ... }: + +let + keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICgL2kRs+cXAcUzOO2Tp+mtMBVuHqMuslQy3LN+HLSP4 emery@nixos" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMVmyXQNE5IhcFdAWNfd4Cgg+rc+z/uClSQdPcaAVbYf emery@nixos" + ]; +in { + + nix.trustedUsers = [ "emery" ]; + + programs = { + fish.enable = true; + tmux.enable = true; + }; + + users.users.emery = { + isNormalUser = true; + description = "Emery"; + extraGroups = [ "users" "wheel" ]; + hashedPassword = + "$6$ZgiLSFCQPW0DB0i$aPeZ9E62y2OvqRbNAEL.8IK30YgvyLy6UOitN6A.li.YmUrmYAh1ukB844MFp3KlTpYzi5e80hRIg1Vx1F0uO/"; + openssh.authorizedKeys.keys = keys; + shell = pkgs.fish; + }; + + users.users.root.openssh.authorizedKeys.keys = keys; + + nix.sshServe.keys = keys; +} diff --git a/lib/users.nix b/lib/users/k-ot.nix similarity index 53% rename from lib/users.nix rename to lib/users/k-ot.nix index 818432e5..551e4fe6 100644 --- a/lib/users.nix +++ b/lib/users/k-ot.nix @@ -1,13 +1,10 @@ -{ pkgs, ... }: - -{ +{ pkgs, ... }: { users.users.k-ot = { - packages = with pkgs; - [ screen tmux ]; + packages = with pkgs; [ screen tmux ]; createHome = true; isNormalUser = true; uid = 1000; - extraGroups = [ "wheel" "audio" ]; + extraGroups = [ "audio" ]; password = "k-otk-ot"; }; } diff --git a/lib/windsleep.nix b/lib/users/windsleep.nix similarity index 75% rename from lib/windsleep.nix rename to lib/users/windsleep.nix index c56db31b..f50e38ed 100644 --- a/lib/windsleep.nix +++ b/lib/users/windsleep.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: +{ pkgs, ... }: let keys = [ @@ -21,11 +21,6 @@ in { shell = pkgs.zsh; }; - users.users.root.openssh = { - inherit (config.users.users.windsleep.openssh) authorizedKeys; - }; - - users.users.buildfarmer.openssh = { - inherit (config.users.users.windsleep.openssh) authorizedKeys; - }; + users.users.root.openssh.authorizedKeys.keys = keys; + nix.sshServe.keys = keys; }