Refactor k-ot user
This commit is contained in:
parent
c2fbfef90f
commit
dd05418887
|
@ -8,6 +8,8 @@
|
|||
../../../config/admins.nix
|
||||
];
|
||||
|
||||
c3d2.k-ot.enable = true;
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
nixops
|
||||
pass
|
||||
|
@ -60,12 +62,6 @@
|
|||
autoOptimiseStore = true;
|
||||
};
|
||||
|
||||
users.extraUsers.k-ot = {
|
||||
isNormalUser = true;
|
||||
uid = 1000;
|
||||
extraGroups = [ "wheel" ];
|
||||
};
|
||||
|
||||
security.sudo.wheelNeedsPassword = false;
|
||||
|
||||
system.stateVersion = "19.09"; # Did you read the comment?
|
||||
|
|
|
@ -7,14 +7,6 @@
|
|||
./updater.nix
|
||||
];
|
||||
|
||||
c3d2 = {
|
||||
users = {
|
||||
emery = true;
|
||||
windsleep = true;
|
||||
};
|
||||
# hq.statistics.enable = true;
|
||||
};
|
||||
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
|
||||
security.pam.enableSSHAgentAuth = true;
|
||||
|
|
|
@ -14,8 +14,6 @@
|
|||
networking.firewall.allowedTCPPorts = [ 22 ];
|
||||
networking.nameservers = [ "172.20.73.8" "9.9.9.9" ];
|
||||
|
||||
c3d2.users.polygon = true;
|
||||
|
||||
imports = [
|
||||
./hardware-configuration.nix
|
||||
];
|
||||
|
|
|
@ -115,12 +115,8 @@
|
|||
wheelNeedsPassword = false;
|
||||
};
|
||||
|
||||
users.users.k-ot = {
|
||||
isNormalUser = true;
|
||||
extraGroups = [ "wheel" "audio" "video" ];
|
||||
};
|
||||
|
||||
c3d2.audioServer.enable = true;
|
||||
c3d2.k-ot.enable = true;
|
||||
|
||||
# Select internationalisation properties.
|
||||
console = {
|
||||
|
|
|
@ -7,11 +7,9 @@
|
|||
isInHq = true;
|
||||
hq.interface = "eno1";
|
||||
hq.enableBinaryCache = false;
|
||||
users.k-ot = true;
|
||||
users.emery = true;
|
||||
k-ot.enable = true;
|
||||
mountCeph = "/mnt/storage";
|
||||
};
|
||||
users.users.emery.cryptHomeLuks = "/home/emery.luks.img";
|
||||
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
nix = {
|
||||
|
@ -108,16 +106,10 @@
|
|||
wheelNeedsPassword = false;
|
||||
};
|
||||
|
||||
# Define a user account. Don't forget to set a password with ‘passwd’.
|
||||
users.groups."k-ot" = { gid = 1000; };
|
||||
users.users."k-ot" = {
|
||||
isNormalUser = true;
|
||||
uid = 1000;
|
||||
group = "k-ot";
|
||||
extraGroups = [ "wheel" "networkmanager" "audio" "video" ];
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGJJTSJdpDh82486uPiMhhyhnci4tScp5uUe7156MBC8 astro"
|
||||
];
|
||||
extraGroups = [ "networkmanager" ];
|
||||
};
|
||||
|
||||
# This value determines the NixOS release with which your system is to be
|
||||
|
|
|
@ -82,12 +82,8 @@ in
|
|||
wheelNeedsPassword = false;
|
||||
};
|
||||
|
||||
users.users.k-ot = {
|
||||
isNormalUser = true;
|
||||
extraGroups = [ "wheel" "audio" ];
|
||||
};
|
||||
|
||||
c3d2.audioServer.enable = true;
|
||||
c3d2.k-ot.enable = true;
|
||||
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
|
|
|
@ -13,7 +13,7 @@ in
|
|||
];
|
||||
|
||||
c3d2 = {
|
||||
users.k-ot = true;
|
||||
k-ot.enable = true;
|
||||
isInHq = true;
|
||||
mapHqHosts = true;
|
||||
hq.interface = eth0;
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# This module defines options for use by all C3D2 machines.
|
||||
|
||||
{ config, lib, ... }:
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
let cfg = config.c3d2;
|
||||
in
|
||||
|
@ -49,6 +49,11 @@ in
|
|||
'';
|
||||
};
|
||||
|
||||
k-ot.enable = mkEnableOption ''
|
||||
Add k-ot user to this machine. Anyone with an SSH key listed in
|
||||
<literal>c3d2.users</literal> can log in as this user.
|
||||
'';
|
||||
|
||||
hq = {
|
||||
|
||||
interface = mkOption {
|
||||
|
@ -88,16 +93,27 @@ in
|
|||
};
|
||||
|
||||
};
|
||||
config = {
|
||||
|
||||
users.motd = lib.mkIf cfg.enableMotd (builtins.readFile ./motd);
|
||||
|
||||
users.users.root.openssh.authorizedKeys.keys = lib.mkIf cfg.allUsersCanSshRoot
|
||||
(with builtins; lib.lists.flatten (
|
||||
config =
|
||||
let
|
||||
adminKeys = (with builtins; lib.lists.flatten (
|
||||
map
|
||||
(getAttr "sshKeys")
|
||||
(attrValues cfg.users)
|
||||
));
|
||||
in
|
||||
{
|
||||
users.motd = lib.mkIf cfg.enableMotd (builtins.readFile ./motd);
|
||||
|
||||
};
|
||||
users.users.k-ot = lib.mkIf cfg.k-ot.enable {
|
||||
packages = with pkgs; [ screen tmux ];
|
||||
createHome = true;
|
||||
isNormalUser = true;
|
||||
uid = 1000;
|
||||
extraGroups = [ "audio" "video" "wheel" ];
|
||||
password = "k-otk-ot";
|
||||
openssh.authorizedKeys.keys = adminKeys;
|
||||
};
|
||||
|
||||
users.users.root.openssh.authorizedKeys.keys = lib.mkIf cfg.allUsersCanSshRoot adminKeys;
|
||||
};
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue