c3d2/nix-config
c3d2
/
nix-config
24
7
Fork 3
Code Issues 12 Pull Requests 2 Releases Wiki Activity

Refactor k-ot user

This commit is contained in:
Ehmry - 2022-01-16 12:25:04 +01:00
parent c2fbfef90f
commit dd05418887
8 changed files with 31 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
hosts/containers/deployer/configuration.nix
View File

@ -8,6 +8,8 @@
../../../config/admins.nix ../../../config/admins.nix
]; ];
c3d2.k-ot.enable = true;
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
nixops nixops
pass pass
@ -60,12 +62,6 @@
autoOptimiseStore = true; autoOptimiseStore = true;
}; };
users.extraUsers.k-ot = {
isNormalUser = true;
uid = 1000;
extraGroups = [ "wheel" ];
};
security.sudo.wheelNeedsPassword = false; security.sudo.wheelNeedsPassword = false;
system.stateVersion = "19.09"; # Did you read the comment? system.stateVersion = "19.09"; # Did you read the comment?

8
hosts/containers/hydra/default.nix
View File

@ -7,14 +7,6 @@
./updater.nix ./updater.nix
]; ];
c3d2 = {
users = {
emery = true;
windsleep = true;
};
# hq.statistics.enable = true;
};
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
security.pam.enableSSHAgentAuth = true; security.pam.enableSSHAgentAuth = true;

2
hosts/containers/nix-build/default.nix
View File

@ -14,8 +14,6 @@
networking.firewall.allowedTCPPorts = [ 22 ]; networking.firewall.allowedTCPPorts = [ 22 ];
networking.nameservers = [ "172.20.73.8" "9.9.9.9" ]; networking.nameservers = [ "172.20.73.8" "9.9.9.9" ];
c3d2.users.polygon = true;
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
]; ];

6
hosts/dacbert/default.nix
View File

@ -115,12 +115,8 @@
wheelNeedsPassword = false; wheelNeedsPassword = false;
}; };
users.users.k-ot = {
isNormalUser = true;
extraGroups = [ "wheel" "audio" "video" ];
};
c3d2.audioServer.enable = true; c3d2.audioServer.enable = true;
c3d2.k-ot.enable = true;
# Select internationalisation properties. # Select internationalisation properties.
console = { console = {

12
hosts/glotzbert/default.nix
View File

@ -7,11 +7,9 @@
isInHq = true; isInHq = true;
hq.interface = "eno1"; hq.interface = "eno1";
hq.enableBinaryCache = false; hq.enableBinaryCache = false;
users.k-ot = true; k-ot.enable = true;
users.emery = true;
mountCeph = "/mnt/storage"; mountCeph = "/mnt/storage";
}; };
users.users.emery.cryptHomeLuks = "/home/emery.luks.img";
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
nix = { nix = {
@ -108,16 +106,10 @@
wheelNeedsPassword = false; wheelNeedsPassword = false;
}; };
# Define a user account. Don't forget to set a password with passwd.
users.groups."k-ot" = { gid = 1000; }; users.groups."k-ot" = { gid = 1000; };
users.users."k-ot" = { users.users."k-ot" = {
isNormalUser = true;
uid = 1000;
group = "k-ot"; group = "k-ot";
extraGroups = [ "wheel" "networkmanager" "audio" "video" ]; extraGroups = [ "networkmanager" ];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGJJTSJdpDh82486uPiMhhyhnci4tScp5uUe7156MBC8 astro"
];
}; };
# This value determines the NixOS release with which your system is to be # This value determines the NixOS release with which your system is to be

6
hosts/pulsebert/default.nix
View File

@ -82,12 +82,8 @@ in
wheelNeedsPassword = false; wheelNeedsPassword = false;
}; };
users.users.k-ot = {
isNormalUser = true;
extraGroups = [ "wheel" "audio" ];
};
c3d2.audioServer.enable = true; c3d2.audioServer.enable = true;
c3d2.k-ot.enable = true;
services.nginx = { services.nginx = {
enable = true; enable = true;

2
hosts/storage-ng/default.nix
View File

@ -13,7 +13,7 @@ in
]; ];
c3d2 = { c3d2 = {
users.k-ot = true; k-ot.enable = true;
isInHq = true; isInHq = true;
mapHqHosts = true; mapHqHosts = true;
hq.interface = eth0; hq.interface = eth0;

32
modules/c3d2.nix
View File

@ -1,6 +1,6 @@
# This module defines options for use by all C3D2 machines. # This module defines options for use by all C3D2 machines.
{ config, lib, ... }: { config, lib, pkgs, ... }:
let cfg = config.c3d2; let cfg = config.c3d2;
in in
@ -49,6 +49,11 @@ in
''; '';
}; };
k-ot.enable = mkEnableOption ''
Add k-ot user to this machine. Anyone with an SSH key listed in
<literal>c3d2.users</literal> can log in as this user.
'';
hq = { hq = {
interface = mkOption { interface = mkOption {
@ -88,16 +93,27 @@ in
}; };
}; };
config = { config =
let
users.motd = lib.mkIf cfg.enableMotd (builtins.readFile ./motd); adminKeys = (with builtins; lib.lists.flatten (
users.users.root.openssh.authorizedKeys.keys = lib.mkIf cfg.allUsersCanSshRoot
(with builtins; lib.lists.flatten (
map map
(getAttr "sshKeys") (getAttr "sshKeys")
(attrValues cfg.users) (attrValues cfg.users)
)); ));
in
{
users.motd = lib.mkIf cfg.enableMotd (builtins.readFile ./motd);
}; users.users.k-ot = lib.mkIf cfg.k-ot.enable {
packages = with pkgs; [ screen tmux ];
createHome = true;
isNormalUser = true;
uid = 1000;
extraGroups = [ "audio" "video" "wheel" ];
password = "k-otk-ot";
openssh.authorizedKeys.keys = adminKeys;
};
users.users.root.openssh.authorizedKeys.keys = lib.mkIf cfg.allUsersCanSshRoot adminKeys;
};
} }