c3d2/nix-config
c3d2
/
nix-config
24
7
Fork 3
Code Issues 12 Pull Requests 2 Releases Wiki Activity

Refactor k-ot user

This commit is contained in:
Ehmry - 2022-01-16 12:25:04 +01:00
parent c2fbfef90f
commit dd05418887
8 changed files with 31 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
hosts/containers/deployer/configuration.nix
View File

@ -8,6 +8,8 @@
../../../config/admins.nix
];
c3d2.k-ot.enable = true;
environment.systemPackages = with pkgs; [
nixops
pass
@ -60,12 +62,6 @@
autoOptimiseStore = true;
};
users.extraUsers.k-ot = {
isNormalUser = true;
uid = 1000;
extraGroups = [ "wheel" ];
};
security.sudo.wheelNeedsPassword = false;
system.stateVersion = "19.09"; # Did you read the comment?

8
hosts/containers/hydra/default.nix
View File

@ -7,14 +7,6 @@
./updater.nix
];
c3d2 = {
users = {
emery = true;
windsleep = true;
};
# hq.statistics.enable = true;
};
nixpkgs.config.allowUnfree = true;
security.pam.enableSSHAgentAuth = true;

2
hosts/containers/nix-build/default.nix
View File

@ -14,8 +14,6 @@
networking.firewall.allowedTCPPorts = [ 22 ];
networking.nameservers = [ "172.20.73.8" "9.9.9.9" ];
c3d2.users.polygon = true;
imports = [
./hardware-configuration.nix
];

6
hosts/dacbert/default.nix
View File

@ -115,12 +115,8 @@
wheelNeedsPassword = false;
};
users.users.k-ot = {
isNormalUser = true;
extraGroups = [ "wheel" "audio" "video" ];
};
c3d2.audioServer.enable = true;
c3d2.k-ot.enable = true;
# Select internationalisation properties.
console = {

12
hosts/glotzbert/default.nix
View File

@ -7,11 +7,9 @@
isInHq = true;
hq.interface = "eno1";
hq.enableBinaryCache = false;
users.k-ot = true;
users.emery = true;
k-ot.enable = true;
mountCeph = "/mnt/storage";
};
users.users.emery.cryptHomeLuks = "/home/emery.luks.img";
nixpkgs.config.allowUnfree = true;
nix = {
@ -108,16 +106,10 @@
wheelNeedsPassword = false;
};
# Define a user account. Don't forget to set a password with passwd.
users.groups."k-ot" = { gid = 1000; };
users.users."k-ot" = {
isNormalUser = true;
uid = 1000;
group = "k-ot";
extraGroups = [ "wheel" "networkmanager" "audio" "video" ];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGJJTSJdpDh82486uPiMhhyhnci4tScp5uUe7156MBC8 astro"
];
extraGroups = [ "networkmanager" ];
};
# This value determines the NixOS release with which your system is to be

6
hosts/pulsebert/default.nix
View File

@ -82,12 +82,8 @@ in
wheelNeedsPassword = false;
};
users.users.k-ot = {
isNormalUser = true;
extraGroups = [ "wheel" "audio" ];
};
c3d2.audioServer.enable = true;
c3d2.k-ot.enable = true;
services.nginx = {
enable = true;

2
hosts/storage-ng/default.nix
View File

@ -13,7 +13,7 @@ in
];
c3d2 = {
users.k-ot = true;
k-ot.enable = true;
isInHq = true;
mapHqHosts = true;
hq.interface = eth0;

32
modules/c3d2.nix
View File

@ -1,6 +1,6 @@
# This module defines options for use by all C3D2 machines.
{ config, lib, ... }:
{ config, lib, pkgs, ... }:
let cfg = config.c3d2;
in
@ -49,6 +49,11 @@ in
'';
};
k-ot.enable = mkEnableOption ''
Add k-ot user to this machine. Anyone with an SSH key listed in
<literal>c3d2.users</literal> can log in as this user.
'';
hq = {
interface = mkOption {
@ -88,16 +93,27 @@ in
};
};
config = {
users.motd = lib.mkIf cfg.enableMotd (builtins.readFile ./motd);
users.users.root.openssh.authorizedKeys.keys = lib.mkIf cfg.allUsersCanSshRoot
(with builtins; lib.lists.flatten (
config =
let
adminKeys = (with builtins; lib.lists.flatten (
map
(getAttr "sshKeys")
(attrValues cfg.users)
));
in
{
users.motd = lib.mkIf cfg.enableMotd (builtins.readFile ./motd);
};
users.users.k-ot = lib.mkIf cfg.k-ot.enable {
packages = with pkgs; [ screen tmux ];
createHome = true;
isNormalUser = true;
uid = 1000;
extraGroups = [ "audio" "video" "wheel" ];
password = "k-otk-ot";
openssh.authorizedKeys.keys = adminKeys;
};
users.users.root.openssh.authorizedKeys.keys = lib.mkIf cfg.allUsersCanSshRoot adminKeys;
};
}