From 82bbb02b58964eec8f3f427026729341a5b33a6f Mon Sep 17 00:00:00 2001
From: ErrorNoInternet <errornointernet@envs.net>
Date: Sun, 3 May 2026 18:28:35 -0400
Subject: [PATCH] treewide: create global user list

---
 flake.nix        |  1 +
 lib/default.nix  | 21 ++++++++++++++++
 lib/ssh/keys.nix |  8 ------
 lib/users.nix    | 26 ++++++++++++++++++++
 nixos/users.nix  | 63 ++++++++++--------------------------------------
 5 files changed, 61 insertions(+), 58 deletions(-)
 create mode 100644 lib/default.nix
 delete mode 100644 lib/ssh/keys.nix
 create mode 100644 lib/users.nix

diff --git a/flake.nix b/flake.nix
index c14f462..f35d2de 100644
--- a/flake.nix
+++ b/flake.nix
@@ -53,6 +53,7 @@
         };
 
       flake = {
+        lib = import ./lib;
         pins = import ./npins;
       };
 
diff --git a/lib/default.nix b/lib/default.nix
new file mode 100644
index 0000000..c53d3bb
--- /dev/null
+++ b/lib/default.nix
@@ -0,0 +1,21 @@
+rec {
+  users = import ./users.nix;
+
+  adminSSHKeys = builtins.concatLists (
+    map (user: getSSHKeys user.name) (
+      builtins.filter (user: user.value.admin or false) (attrsToList users)
+    )
+  );
+
+  attrsToList = mapAttrsToList nameValuePair;
+  mapAttrsToList = f: attrs: builtins.attrValues (builtins.mapAttrs f attrs);
+  nameValuePair = name: value: { inherit name value; };
+  toList = x: if builtins.isList x then x else [ x ];
+
+  getSSHKeys =
+    username:
+    if (builtins.hasAttr "ssh" users.${username}) then
+      toList users.${username}.ssh
+    else
+      builtins.warn "user ${username} declared without ssh keys" [ ];
+}
diff --git a/lib/ssh/keys.nix b/lib/ssh/keys.nix
deleted file mode 100644
index 425911b..0000000
--- a/lib/ssh/keys.nix
+++ /dev/null
@@ -1,8 +0,0 @@
-{
-  error = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDzdpxex2GlFVf5G2qsh3Ixa/XCMjnbq4JSTmAev7WYJ error.nointernet@gmail.com";
-  javalsai = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDFjavnLqxIzFLIUpUWDOwhlYeoII4Qk1/9e0yWWxD/P";
-  max = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDxVfJhzPDZ108UjB3Vj/akzlzYn27kyAw29AuYAr7gvG5vrqhLUYYmK8t+ZVWVpc1g6cK7OF1oUn2E5Qfmy6wqyZQXftAZ4OcRS0MB71W1bAcRq3rGe6KQDm8RSEeygX+zO+2Z6zQmVWgPr/I+JFQZ8wiWdP8X8djqTRdhqUD+SR3ZgTcnY3aLmeB/I56rcZQ3lKIeg/pEsyQ8weptlV0rTWamna6Z7Nw48VwWNSI+6EqfW2/4/edm0Ue8jMNqNZ0yx+kHJbudPgZgSR1SiR2rqlEEUaiQJQQV3VdY4DhGm7143ZSKUxyKlfTuQ7qR1zSIg6f5V71A37ik9YiSbBlOZO86swR4qHESoMNf608IuqRt2NdALHwozFPUCu16qnhu5JTk8twSAzrAhOk5zWQj1LYMoQEBhcFSmwir/1gE71NSjYtqXGVAdfkVmZ4uqG5+a1D7H3VXWOqu/j839M045O1ZBY6X3lKDsEJ1Z1+LCl/NojWnvPtJUHYI6+SdQ6k=";
-
-  vectorum = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCwfPaylCSN7ZqB6Trz8CmQlyzf0NUIy06uschdIOkdzjUNe/dPGbyEFZy/4SDBhg585x8hwfhfYjLGrneYq+O42DBDTDKxduWnIdl5zgPRqt7jB59jkukf9WUdpUdZsKCM5K97HCnizNEKGRnYllVPVQSapPhOm5dZlUD9YVv1UqbDuxtWOLvArkL52e9T+yL6FagRg6NPqA70MXPMk+S2H7lotFVxP2Eg//BCaQ0/H1vhNy6P4N6LLq3sVK1DSJyd2v8zHkdb2Zo0/Ygukol10KizSsEcihm8+bXp699uSgWIsaIQgDZlE1yx2iabmzQST1kL9+USnZZBZ+KxwtLCCI8mpCv6sxlhq2Zzim5HvsyMYM+zdHWIn1s2c6mEl4ntBAB4s5wAggS5Gjh/BfJLSvGsTFMC/XYX4gWFXynY5NlcopeENL2Afg4gbQvKkxYkWB/TMZWuqj5c5kCy+7F0881DpYxapq6kQ6IE4gkGiEQdhVFGWEFoV/k9iHrl6aanqvFtvuBHHgkXAGPpHAZDVZdp9lU0tqNQIM/eGINq4Or6wd9XDYyj5ezDEBxx1pPgweUDZrNe9+vKR+3AwbzB/XQPxTCcjd4d7Yx58jPLflFP1dDYT+3bvp+vA7UpHcJnISbVNu0SiSaIqLYhwDj1od5l6JDfRCqnMF1T59nRCQ==";
-  pickzelle = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPUYQUWoL8iGc+PSrRrHyNwcOcmgGwPvJAM9HRJkPqcW pixel@DOOM-Machine";
-}
diff --git a/lib/users.nix b/lib/users.nix
new file mode 100644
index 0000000..c26d102
--- /dev/null
+++ b/lib/users.nix
@@ -0,0 +1,26 @@
+{
+  error = {
+    ssh = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDzdpxex2GlFVf5G2qsh3Ixa/XCMjnbq4JSTmAev7WYJ error.nointernet@gmail.com";
+    admin = true;
+    ddns = true;
+  };
+
+  javalsai = {
+    ssh = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDFjavnLqxIzFLIUpUWDOwhlYeoII4Qk1/9e0yWWxD/P";
+    admin = true;
+    ddns = true;
+  };
+
+  max = {
+    ssh = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDxVfJhzPDZ108UjB3Vj/akzlzYn27kyAw29AuYAr7gvG5vrqhLUYYmK8t+ZVWVpc1g6cK7OF1oUn2E5Qfmy6wqyZQXftAZ4OcRS0MB71W1bAcRq3rGe6KQDm8RSEeygX+zO+2Z6zQmVWgPr/I+JFQZ8wiWdP8X8djqTRdhqUD+SR3ZgTcnY3aLmeB/I56rcZQ3lKIeg/pEsyQ8weptlV0rTWamna6Z7Nw48VwWNSI+6EqfW2/4/edm0Ue8jMNqNZ0yx+kHJbudPgZgSR1SiR2rqlEEUaiQJQQV3VdY4DhGm7143ZSKUxyKlfTuQ7qR1zSIg6f5V71A37ik9YiSbBlOZO86swR4qHESoMNf608IuqRt2NdALHwozFPUCu16qnhu5JTk8twSAzrAhOk5zWQj1LYMoQEBhcFSmwir/1gE71NSjYtqXGVAdfkVmZ4uqG5+a1D7H3VXWOqu/j839M045O1ZBY6X3lKDsEJ1Z1+LCl/NojWnvPtJUHYI6+SdQ6k=";
+    admin = true;
+  };
+
+  vectorum = {
+    ssh = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCwfPaylCSN7ZqB6Trz8CmQlyzf0NUIy06uschdIOkdzjUNe/dPGbyEFZy/4SDBhg585x8hwfhfYjLGrneYq+O42DBDTDKxduWnIdl5zgPRqt7jB59jkukf9WUdpUdZsKCM5K97HCnizNEKGRnYllVPVQSapPhOm5dZlUD9YVv1UqbDuxtWOLvArkL52e9T+yL6FagRg6NPqA70MXPMk+S2H7lotFVxP2Eg//BCaQ0/H1vhNy6P4N6LLq3sVK1DSJyd2v8zHkdb2Zo0/Ygukol10KizSsEcihm8+bXp699uSgWIsaIQgDZlE1yx2iabmzQST1kL9+USnZZBZ+KxwtLCCI8mpCv6sxlhq2Zzim5HvsyMYM+zdHWIn1s2c6mEl4ntBAB4s5wAggS5Gjh/BfJLSvGsTFMC/XYX4gWFXynY5NlcopeENL2Afg4gbQvKkxYkWB/TMZWuqj5c5kCy+7F0881DpYxapq6kQ6IE4gkGiEQdhVFGWEFoV/k9iHrl6aanqvFtvuBHHgkXAGPpHAZDVZdp9lU0tqNQIM/eGINq4Or6wd9XDYyj5ezDEBxx1pPgweUDZrNe9+vKR+3AwbzB/XQPxTCcjd4d7Yx58jPLflFP1dDYT+3bvp+vA7UpHcJnISbVNu0SiSaIqLYhwDj1od5l6JDfRCqnMF1T59nRCQ==";
+  };
+
+  pickzelle = {
+    ssh = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPUYQUWoL8iGc+PSrRrHyNwcOcmgGwPvJAM9HRJkPqcW pixel@DOOM-Machine";
+  };
+}
diff --git a/nixos/users.nix b/nixos/users.nix
index 121a353..89b831f 100644
--- a/nixos/users.nix
+++ b/nixos/users.nix
@@ -1,25 +1,6 @@
 { lib, self, ... }:
 let
-  users = [
-    {
-      name = "error";
-      options.admin = true;
-    }
-    {
-      name = "javalsai";
-      options.admin = true;
-    }
-    {
-      name = "max";
-      options.admin = true;
-    }
-    {
-      name = "vectorum";
-    }
-    {
-      name = "pickzelle";
-    }
-  ];
+  inherit (self.lib) users;
 
   adminGroups = [
     "adm"
@@ -30,30 +11,13 @@ let
     "wheel"
   ];
 
-  getSSHKeys =
-    username:
-    let
-      sshKeys = import "${self}/lib/ssh/keys.nix";
-    in
-    if (builtins.hasAttr username sshKeys) then
-      lib.lists.toList sshKeys.${username}
-    else
-      lib.warn "user ${username} declared without ssh key" [ ];
-
-  mkUser =
-    name: uid: options:
-    let
-      admin = options.admin or false;
-
-    in
-    {
-      users.users.${name} = {
-        isNormalUser = true;
-        extraGroups = lib.optionals admin adminGroups;
-        inherit uid;
-
-        openssh.authorizedKeys.keys = getSSHKeys name;
-      };
+  mkUser = name: uid: admin: {
+    users.users.${name} = {
+      inherit uid;
+      isNormalUser = true;
+      extraGroups = lib.optionals admin adminGroups;
+      openssh.authorizedKeys.keys = self.lib.getSSHKeys name;
+    };
 
     systemd.slices."user-${builtins.toString uid}".sliceConfig = {
       CPUQuota = "50%";
@@ -69,21 +33,20 @@ in
 lib.recursiveUpdate
   (builtins.foldl'
     (attrs: user: {
-      options = lib.recursiveUpdate attrs.options (mkUser user.name attrs.uid (user.options or { }));
+      options = lib.recursiveUpdate attrs.options (
+        mkUser user.name attrs.uid (user.value.admin or false)
+      );
       uid = attrs.uid + 1;
     })
     {
       options = { };
       uid = 1000;
     }
-    users
+    (lib.attrsToList users)
   ).options
   {
     users.users.root = {
       initialPassword = "tuxcord";
-
-      openssh.authorizedKeys.keys = lib.lists.concatLists (
-        map (user: getSSHKeys user.name) (builtins.filter (user: user.options.admin or false) users)
-      );
+      openssh.authorizedKeys.keys = self.lib.adminSSHKeys;
     };
   }