diff options
author | Benedikt Peetz <benedikt.peetz@b-peetz.de> | 2024-12-25 17:07:22 +0100 |
---|---|---|
committer | Benedikt Peetz <benedikt.peetz@b-peetz.de> | 2024-12-25 17:07:22 +0100 |
commit | 71cefc135a6184e745e64c313984c0571cc0bfff (patch) | |
tree | 765be724788d922ad8aae01219cc5450e6c8ed43 /modules/by-name/us/users/module.nix | |
parent | fix(modules/git-server): Use `vhack.persist` for data-directories (diff) | |
download | nixos-server-71cefc135a6184e745e64c313984c0571cc0bfff.zip |
refactor(system/users): Migrate to `by-name`
Diffstat (limited to '')
-rw-r--r-- | modules/by-name/us/users/module.nix | 82 |
1 files changed, 82 insertions, 0 deletions
diff --git a/modules/by-name/us/users/module.nix b/modules/by-name/us/users/module.nix new file mode 100644 index 0000000..a197b13 --- /dev/null +++ b/modules/by-name/us/users/module.nix @@ -0,0 +1,82 @@ +{ + config, + lib, + pkgs, + ... +}: let + cfg = config.vhack.users; + + mkUser = { + name, + password, + uid, + sshKey, + }: { + inherit name; + value = { + inherit name uid; + isNormalUser = true; + home = "/home/${name}"; + hashedPassword = password; + extraGroups = [ + "wheel" + ]; + openssh.authorizedKeys.keys = [ + sshKey + ]; + }; + }; + + extraUsers = lib.listToAttrs (builtins.map mkUser [ + { + name = "soispha"; + password = "$y$jFT$3.8XmUyukZvpExMUxDZkI.$IVrJgm8ysNDF/0vDD2kF6w73ozXgr1LMVRNN4Bq7pv1"; + sshKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIME4ZVa+IoZf6T3U08JG93i6QIAJ4amm7mkBzO14JSkz cardno:000F_18F83532"; + uid = 1000; + } + { + name = "sils"; + password = "$y$jFT$KpFnahVCE9JbE.5P3us8o.$ZzSxCusWqe3sL7b6DLgOXNNUf114tiiptM6T8lDxtKC"; + sshKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAe4o1PM6VasT3KZNl5NYvgkkBrPOg36dqsywd10FztS openpgp:0x21D20D6A"; + uid = 1001; + } + ]); +in { + options.vhack.users = { + enable = lib.mkEnableOption "user setup"; + }; + + config = lib.mkIf cfg.enable { + users = { + mutableUsers = false; + defaultUserShell = pkgs.bashInteractive; + + users = + { + root = { + hashedPassword = lib.mkForce null; # to lock root + openssh.authorizedKeys.keys = lib.mkForce []; + }; + } + // extraUsers; + + # TODO(@bpeetz): Is this still relevant? + # If it is, it should be moved to a separate module. <2024-12-24> + # nixremote = { + # name = "nixremote"; + # isNormalUser = true; + # createHome = true; + # home = "/home/nixremote"; + # uid = 1003; + # group = "nixremote"; + # openssh.authorizedKeys.keys = [ + # "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCbSWqFzb+WTq2JVoRGoTkCkP7AM3bNY91bsUBeoQQc8gKAWuqCrpAOmr2Q2QMaTTGEOM0CsWfWLs3ZYtynHmc7wIFc4T/sUloV+dB9oSCmOk5ePxtj8+gpPK35Ja+ug5zmXsaI4s+n9mEbuuEjn33MxDYCUzAI+aWvWe68u/j+FM3u9c3Ta009rotajjSZ/cmIltgNLsG1rnAZRpwmLVg5UL4cb9um54o/NLYFd2KAekQFVbwUQDzzqriZhWmzkfhnznBMDblf9R1xvZ18Lqv3JF21shdaR43NW1wtuntBvAdsVYK2VUEbj+3MxTkK0aQ/E9SHMtH8MRE4oxU74TeTWfIhuSZk9/wekzSNMkHP3ReFC6B9xCMYa+ZqaTaGSWLQi78AQDeM2F9rAfp3hQzyRa7T7qKlgbae/hEb07xZglqmG7eml9vPSt4AHv5Y176Q95NiiWduGoLQOmjvSBMU9/KEGrGKyLfGH1Wa2EOfPxKKcvcHW0Xi9PlPiuP0nYk= root@thinklappi" + # ]; + # }; + # }; + # groups.nixremote = { + # gid = 1004; + # }; + }; + }; +} |