Move user configuration into c3d2 module
This commit is contained in:
parent
6033155062
commit
9e91b7c21e
|
@ -4,6 +4,7 @@
|
|||
imports = [ ./hardware-configuration.nix ../../lib ];
|
||||
|
||||
c3d2 = {
|
||||
users.k-ot = true;
|
||||
isInHq = true;
|
||||
hq.interface = "enp0s10";
|
||||
enableHail = true;
|
||||
|
|
|
@ -7,13 +7,15 @@
|
|||
./cache.nix
|
||||
../../lib
|
||||
../../lib/hq.nix
|
||||
../../lib/emery.nix
|
||||
../../lib/windsleep.nix
|
||||
../../lib/buildfarmer.nix
|
||||
../../lib/yggdrasil.nix
|
||||
];
|
||||
|
||||
c3d2 = {
|
||||
users = {
|
||||
emery = true;
|
||||
windsleep = true;
|
||||
};
|
||||
isInHq = true;
|
||||
mapHqHosts = true;
|
||||
hq.interface = "eth0";
|
||||
|
|
|
@ -13,14 +13,16 @@ in {
|
|||
../../lib
|
||||
../../lib/admins.nix
|
||||
../../lib/hq.nix
|
||||
../../lib/users.nix
|
||||
../../lib/mpd.nix
|
||||
../../lib/yggdrasil.nix
|
||||
../../lib/emery.nix
|
||||
./mpdConsole.nix
|
||||
];
|
||||
|
||||
c3d2 = {
|
||||
users = {
|
||||
emery = true;
|
||||
k-ot = true;
|
||||
};
|
||||
isInHq = true;
|
||||
mapHqHosts = true;
|
||||
hq = {
|
||||
|
|
|
@ -6,8 +6,6 @@ in {
|
|||
<nixpkgs/nixos/modules/profiles/minimal.nix>
|
||||
../../lib
|
||||
../../lib/default-gateway.nix
|
||||
../../lib/emery.nix
|
||||
../../lib/windsleep.nix
|
||||
../../lib/buildfarmer.nix
|
||||
../../lib/yggdrasil.nix
|
||||
./containers
|
||||
|
@ -17,6 +15,10 @@ in {
|
|||
];
|
||||
|
||||
c3d2 = {
|
||||
users = {
|
||||
emery = true;
|
||||
windsleep = true;
|
||||
};
|
||||
isInHq = true;
|
||||
mapHqHosts = true;
|
||||
hq = {
|
||||
|
|
|
@ -0,0 +1,26 @@
|
|||
name:
|
||||
|
||||
(import ../outer-defaults.nix name) // {
|
||||
|
||||
bindMounts."/srv/ceph/c3d2" = {
|
||||
hostPath = "/srv/ceph/c3d2";
|
||||
isReadOnly = true;
|
||||
};
|
||||
|
||||
config = { config, pkgs, lib, ... }:
|
||||
let ncdcPort = 1512;
|
||||
in {
|
||||
imports = [ ../inner-defaults.nix ../../../../lib/yggdrasil-hq.nix ];
|
||||
|
||||
c3d2.users.k-ot = true;
|
||||
|
||||
services.openssh.enable = true;
|
||||
programs.mosh.enable = true;
|
||||
|
||||
environment.systemPackages = with pkgs; [ tmux ncdc ];
|
||||
|
||||
networking.firewall.enable = false;
|
||||
hq.yggdrasil.enable = true;
|
||||
};
|
||||
|
||||
}
|
|
@ -159,7 +159,6 @@ let
|
|||
};
|
||||
in { config, pkgs, ... }: {
|
||||
|
||||
users.users.root.password = "k-ot";
|
||||
services.hydra = {
|
||||
enable = true;
|
||||
hydraURL = "https://server7.hq.c3d2.de";
|
||||
|
|
|
@ -11,13 +11,11 @@ in {
|
|||
../../lib
|
||||
../../lib/hq.nix
|
||||
../../lib/shared.nix
|
||||
../../lib/users.nix
|
||||
./ncdc.nix
|
||||
../../lib/default-gateway.nix
|
||||
../../lib/emery.nix
|
||||
];
|
||||
|
||||
c3d2 = {
|
||||
users.k-ot = true;
|
||||
isInHq = true;
|
||||
mapHqHosts = true;
|
||||
hq.interface = eth0;
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
# That includes physical servers, VMs, containers, and personal machines.
|
||||
#
|
||||
|
||||
{ config, lib, ... }:
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
let
|
||||
hqPrefix64 = "fd23:42:c3d2:523";
|
||||
|
@ -34,6 +34,8 @@ let
|
|||
|
||||
in {
|
||||
|
||||
imports = [ ./users ];
|
||||
|
||||
options.c3d2 = with lib;
|
||||
with lib.types; {
|
||||
|
||||
|
@ -113,6 +115,7 @@ in {
|
|||
hostRegistry = import ../host-registry.nix;
|
||||
mkIfIsInHq = lib.mkIf cfg.isInHq;
|
||||
in {
|
||||
# Configuration specific to this machine
|
||||
|
||||
assertions = [
|
||||
{
|
||||
|
|
|
@ -1,35 +0,0 @@
|
|||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
|
||||
nix.trustedUsers = [ "emery" ];
|
||||
|
||||
programs = {
|
||||
fish.enable = true;
|
||||
tmux.enable = true;
|
||||
};
|
||||
|
||||
users.users.emery = {
|
||||
isNormalUser = true;
|
||||
description = "Emery";
|
||||
extraGroups = [ "users" "wheel" ];
|
||||
hashedPassword =
|
||||
"$6$ZgiLSFCQPW0DB0i$aPeZ9E62y2OvqRbNAEL.8IK30YgvyLy6UOitN6A.li.YmUrmYAh1ukB844MFp3KlTpYzi5e80hRIg1Vx1F0uO/";
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICgL2kRs+cXAcUzOO2Tp+mtMBVuHqMuslQy3LN+HLSP4 emery@nixos"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMVmyXQNE5IhcFdAWNfd4Cgg+rc+z/uClSQdPcaAVbYf emery@nixos"
|
||||
];
|
||||
|
||||
shell = pkgs.fish;
|
||||
};
|
||||
|
||||
users.users.root.openssh = {
|
||||
inherit (config.users.users.emery.openssh) authorizedKeys;
|
||||
};
|
||||
|
||||
users.users.buildfarmer.openssh = {
|
||||
inherit (config.users.users.emery.openssh) authorizedKeys;
|
||||
};
|
||||
|
||||
nix.sshServe.keys = config.users.users.emery.openssh.authorizedKeys.keys;
|
||||
}
|
|
@ -0,0 +1,28 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
with builtins;
|
||||
let
|
||||
userModules = let
|
||||
userDir = readDir ./.;
|
||||
filter = name: kind: name != "default.nix" && kind != "directory";
|
||||
in lib.filterAttrs filter userDir;
|
||||
|
||||
import' = name:
|
||||
lib.mkIf config.c3d2.users.${name}
|
||||
(import (./. + "/${name}.nix") { inherit config lib pkgs; });
|
||||
|
||||
userNames = let f = replaceStrings [ ".nix" ] [ "" ];
|
||||
in map f (attrNames userModules);
|
||||
|
||||
in {
|
||||
options.c3d2.users = let
|
||||
f = name: {
|
||||
inherit name;
|
||||
value = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
default = false;
|
||||
};
|
||||
};
|
||||
in listToAttrs (map f userNames);
|
||||
|
||||
config = lib.mkMerge (map import' userNames);
|
||||
}
|
|
@ -0,0 +1,30 @@
|
|||
{ pkgs, ... }:
|
||||
|
||||
let
|
||||
keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICgL2kRs+cXAcUzOO2Tp+mtMBVuHqMuslQy3LN+HLSP4 emery@nixos"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMVmyXQNE5IhcFdAWNfd4Cgg+rc+z/uClSQdPcaAVbYf emery@nixos"
|
||||
];
|
||||
in {
|
||||
|
||||
nix.trustedUsers = [ "emery" ];
|
||||
|
||||
programs = {
|
||||
fish.enable = true;
|
||||
tmux.enable = true;
|
||||
};
|
||||
|
||||
users.users.emery = {
|
||||
isNormalUser = true;
|
||||
description = "Emery";
|
||||
extraGroups = [ "users" "wheel" ];
|
||||
hashedPassword =
|
||||
"$6$ZgiLSFCQPW0DB0i$aPeZ9E62y2OvqRbNAEL.8IK30YgvyLy6UOitN6A.li.YmUrmYAh1ukB844MFp3KlTpYzi5e80hRIg1Vx1F0uO/";
|
||||
openssh.authorizedKeys.keys = keys;
|
||||
shell = pkgs.fish;
|
||||
};
|
||||
|
||||
users.users.root.openssh.authorizedKeys.keys = keys;
|
||||
|
||||
nix.sshServe.keys = keys;
|
||||
}
|
|
@ -1,13 +1,10 @@
|
|||
{ pkgs, ... }:
|
||||
|
||||
{
|
||||
{ pkgs, ... }: {
|
||||
users.users.k-ot = {
|
||||
packages = with pkgs;
|
||||
[ screen tmux ];
|
||||
packages = with pkgs; [ screen tmux ];
|
||||
createHome = true;
|
||||
isNormalUser = true;
|
||||
uid = 1000;
|
||||
extraGroups = [ "wheel" "audio" ];
|
||||
extraGroups = [ "audio" ];
|
||||
password = "k-otk-ot";
|
||||
};
|
||||
}
|
|
@ -1,4 +1,4 @@
|
|||
{ config, pkgs, ... }:
|
||||
{ pkgs, ... }:
|
||||
|
||||
let
|
||||
keys = [
|
||||
|
@ -21,11 +21,6 @@ in {
|
|||
shell = pkgs.zsh;
|
||||
};
|
||||
|
||||
users.users.root.openssh = {
|
||||
inherit (config.users.users.windsleep.openssh) authorizedKeys;
|
||||
};
|
||||
|
||||
users.users.buildfarmer.openssh = {
|
||||
inherit (config.users.users.windsleep.openssh) authorizedKeys;
|
||||
};
|
||||
users.users.root.openssh.authorizedKeys.keys = keys;
|
||||
nix.sshServe.keys = keys;
|
||||
}
|
Loading…
Reference in New Issue