treewide: create global user list
This commit is contained in:
@@ -53,6 +53,7 @@
|
|||||||
};
|
};
|
||||||
|
|
||||||
flake = {
|
flake = {
|
||||||
|
lib = import ./lib;
|
||||||
pins = import ./npins;
|
pins = import ./npins;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|||||||
@@ -0,0 +1,24 @@
|
|||||||
|
rec {
|
||||||
|
toList = x: if builtins.isList x then x else [ x ];
|
||||||
|
|
||||||
|
nameValuePair = name: value: { inherit name value; };
|
||||||
|
|
||||||
|
mapAttrsToList = f: attrs: builtins.attrValues (builtins.mapAttrs f attrs);
|
||||||
|
|
||||||
|
attrsToList = mapAttrsToList nameValuePair;
|
||||||
|
|
||||||
|
getSSHKeys =
|
||||||
|
username:
|
||||||
|
if (builtins.hasAttr "ssh" users.${username}) then
|
||||||
|
toList users.${username}.ssh
|
||||||
|
else
|
||||||
|
builtins.warn "user ${username} declared without ssh keys" [ ];
|
||||||
|
|
||||||
|
users = import ./users.nix;
|
||||||
|
|
||||||
|
adminSSHKeys = builtins.concatLists (
|
||||||
|
map (user: getSSHKeys user.name) (
|
||||||
|
builtins.filter (user: user.value.admin or false) (attrsToList users)
|
||||||
|
)
|
||||||
|
);
|
||||||
|
}
|
||||||
@@ -1,8 +0,0 @@
|
|||||||
{
|
|
||||||
error = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDzdpxex2GlFVf5G2qsh3Ixa/XCMjnbq4JSTmAev7WYJ error.nointernet@gmail.com";
|
|
||||||
javalsai = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDFjavnLqxIzFLIUpUWDOwhlYeoII4Qk1/9e0yWWxD/P";
|
|
||||||
max = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDxVfJhzPDZ108UjB3Vj/akzlzYn27kyAw29AuYAr7gvG5vrqhLUYYmK8t+ZVWVpc1g6cK7OF1oUn2E5Qfmy6wqyZQXftAZ4OcRS0MB71W1bAcRq3rGe6KQDm8RSEeygX+zO+2Z6zQmVWgPr/I+JFQZ8wiWdP8X8djqTRdhqUD+SR3ZgTcnY3aLmeB/I56rcZQ3lKIeg/pEsyQ8weptlV0rTWamna6Z7Nw48VwWNSI+6EqfW2/4/edm0Ue8jMNqNZ0yx+kHJbudPgZgSR1SiR2rqlEEUaiQJQQV3VdY4DhGm7143ZSKUxyKlfTuQ7qR1zSIg6f5V71A37ik9YiSbBlOZO86swR4qHESoMNf608IuqRt2NdALHwozFPUCu16qnhu5JTk8twSAzrAhOk5zWQj1LYMoQEBhcFSmwir/1gE71NSjYtqXGVAdfkVmZ4uqG5+a1D7H3VXWOqu/j839M045O1ZBY6X3lKDsEJ1Z1+LCl/NojWnvPtJUHYI6+SdQ6k=";
|
|
||||||
|
|
||||||
vectorum = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCwfPaylCSN7ZqB6Trz8CmQlyzf0NUIy06uschdIOkdzjUNe/dPGbyEFZy/4SDBhg585x8hwfhfYjLGrneYq+O42DBDTDKxduWnIdl5zgPRqt7jB59jkukf9WUdpUdZsKCM5K97HCnizNEKGRnYllVPVQSapPhOm5dZlUD9YVv1UqbDuxtWOLvArkL52e9T+yL6FagRg6NPqA70MXPMk+S2H7lotFVxP2Eg//BCaQ0/H1vhNy6P4N6LLq3sVK1DSJyd2v8zHkdb2Zo0/Ygukol10KizSsEcihm8+bXp699uSgWIsaIQgDZlE1yx2iabmzQST1kL9+USnZZBZ+KxwtLCCI8mpCv6sxlhq2Zzim5HvsyMYM+zdHWIn1s2c6mEl4ntBAB4s5wAggS5Gjh/BfJLSvGsTFMC/XYX4gWFXynY5NlcopeENL2Afg4gbQvKkxYkWB/TMZWuqj5c5kCy+7F0881DpYxapq6kQ6IE4gkGiEQdhVFGWEFoV/k9iHrl6aanqvFtvuBHHgkXAGPpHAZDVZdp9lU0tqNQIM/eGINq4Or6wd9XDYyj5ezDEBxx1pPgweUDZrNe9+vKR+3AwbzB/XQPxTCcjd4d7Yx58jPLflFP1dDYT+3bvp+vA7UpHcJnISbVNu0SiSaIqLYhwDj1od5l6JDfRCqnMF1T59nRCQ==";
|
|
||||||
pickzelle = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPUYQUWoL8iGc+PSrRrHyNwcOcmgGwPvJAM9HRJkPqcW pixel@DOOM-Machine";
|
|
||||||
}
|
|
||||||
@@ -0,0 +1,26 @@
|
|||||||
|
{
|
||||||
|
error = {
|
||||||
|
ssh = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDzdpxex2GlFVf5G2qsh3Ixa/XCMjnbq4JSTmAev7WYJ error.nointernet@gmail.com";
|
||||||
|
admin = true;
|
||||||
|
ddns = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
javalsai = {
|
||||||
|
ssh = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDFjavnLqxIzFLIUpUWDOwhlYeoII4Qk1/9e0yWWxD/P";
|
||||||
|
admin = true;
|
||||||
|
ddns = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
max = {
|
||||||
|
ssh = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDxVfJhzPDZ108UjB3Vj/akzlzYn27kyAw29AuYAr7gvG5vrqhLUYYmK8t+ZVWVpc1g6cK7OF1oUn2E5Qfmy6wqyZQXftAZ4OcRS0MB71W1bAcRq3rGe6KQDm8RSEeygX+zO+2Z6zQmVWgPr/I+JFQZ8wiWdP8X8djqTRdhqUD+SR3ZgTcnY3aLmeB/I56rcZQ3lKIeg/pEsyQ8weptlV0rTWamna6Z7Nw48VwWNSI+6EqfW2/4/edm0Ue8jMNqNZ0yx+kHJbudPgZgSR1SiR2rqlEEUaiQJQQV3VdY4DhGm7143ZSKUxyKlfTuQ7qR1zSIg6f5V71A37ik9YiSbBlOZO86swR4qHESoMNf608IuqRt2NdALHwozFPUCu16qnhu5JTk8twSAzrAhOk5zWQj1LYMoQEBhcFSmwir/1gE71NSjYtqXGVAdfkVmZ4uqG5+a1D7H3VXWOqu/j839M045O1ZBY6X3lKDsEJ1Z1+LCl/NojWnvPtJUHYI6+SdQ6k=";
|
||||||
|
admin = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
vectorum = {
|
||||||
|
ssh = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCwfPaylCSN7ZqB6Trz8CmQlyzf0NUIy06uschdIOkdzjUNe/dPGbyEFZy/4SDBhg585x8hwfhfYjLGrneYq+O42DBDTDKxduWnIdl5zgPRqt7jB59jkukf9WUdpUdZsKCM5K97HCnizNEKGRnYllVPVQSapPhOm5dZlUD9YVv1UqbDuxtWOLvArkL52e9T+yL6FagRg6NPqA70MXPMk+S2H7lotFVxP2Eg//BCaQ0/H1vhNy6P4N6LLq3sVK1DSJyd2v8zHkdb2Zo0/Ygukol10KizSsEcihm8+bXp699uSgWIsaIQgDZlE1yx2iabmzQST1kL9+USnZZBZ+KxwtLCCI8mpCv6sxlhq2Zzim5HvsyMYM+zdHWIn1s2c6mEl4ntBAB4s5wAggS5Gjh/BfJLSvGsTFMC/XYX4gWFXynY5NlcopeENL2Afg4gbQvKkxYkWB/TMZWuqj5c5kCy+7F0881DpYxapq6kQ6IE4gkGiEQdhVFGWEFoV/k9iHrl6aanqvFtvuBHHgkXAGPpHAZDVZdp9lU0tqNQIM/eGINq4Or6wd9XDYyj5ezDEBxx1pPgweUDZrNe9+vKR+3AwbzB/XQPxTCcjd4d7Yx58jPLflFP1dDYT+3bvp+vA7UpHcJnISbVNu0SiSaIqLYhwDj1od5l6JDfRCqnMF1T59nRCQ==";
|
||||||
|
};
|
||||||
|
|
||||||
|
pickzelle = {
|
||||||
|
ssh = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPUYQUWoL8iGc+PSrRrHyNwcOcmgGwPvJAM9HRJkPqcW pixel@DOOM-Machine";
|
||||||
|
};
|
||||||
|
}
|
||||||
+13
-50
@@ -1,25 +1,6 @@
|
|||||||
{ lib, self, ... }:
|
{ lib, self, ... }:
|
||||||
let
|
let
|
||||||
users = [
|
inherit (self.lib) users;
|
||||||
{
|
|
||||||
name = "error";
|
|
||||||
options.admin = true;
|
|
||||||
}
|
|
||||||
{
|
|
||||||
name = "javalsai";
|
|
||||||
options.admin = true;
|
|
||||||
}
|
|
||||||
{
|
|
||||||
name = "max";
|
|
||||||
options.admin = true;
|
|
||||||
}
|
|
||||||
{
|
|
||||||
name = "vectorum";
|
|
||||||
}
|
|
||||||
{
|
|
||||||
name = "pickzelle";
|
|
||||||
}
|
|
||||||
];
|
|
||||||
|
|
||||||
adminGroups = [
|
adminGroups = [
|
||||||
"adm"
|
"adm"
|
||||||
@@ -30,30 +11,13 @@ let
|
|||||||
"wheel"
|
"wheel"
|
||||||
];
|
];
|
||||||
|
|
||||||
getSSHKeys =
|
mkUser = name: uid: admin: {
|
||||||
username:
|
users.users.${name} = {
|
||||||
let
|
inherit uid;
|
||||||
sshKeys = import "${self}/lib/ssh/keys.nix";
|
isNormalUser = true;
|
||||||
in
|
extraGroups = lib.optionals admin adminGroups;
|
||||||
if (builtins.hasAttr username sshKeys) then
|
openssh.authorizedKeys.keys = self.lib.getSSHKeys name;
|
||||||
lib.lists.toList sshKeys.${username}
|
};
|
||||||
else
|
|
||||||
lib.warn "user ${username} declared without ssh key" [ ];
|
|
||||||
|
|
||||||
mkUser =
|
|
||||||
name: uid: options:
|
|
||||||
let
|
|
||||||
admin = options.admin or false;
|
|
||||||
|
|
||||||
in
|
|
||||||
{
|
|
||||||
users.users.${name} = {
|
|
||||||
isNormalUser = true;
|
|
||||||
extraGroups = lib.optionals admin adminGroups;
|
|
||||||
inherit uid;
|
|
||||||
|
|
||||||
openssh.authorizedKeys.keys = getSSHKeys name;
|
|
||||||
};
|
|
||||||
|
|
||||||
systemd.slices."user-${builtins.toString uid}".sliceConfig = {
|
systemd.slices."user-${builtins.toString uid}".sliceConfig = {
|
||||||
CPUQuota = "50%";
|
CPUQuota = "50%";
|
||||||
@@ -69,21 +33,20 @@ in
|
|||||||
lib.recursiveUpdate
|
lib.recursiveUpdate
|
||||||
(builtins.foldl'
|
(builtins.foldl'
|
||||||
(attrs: user: {
|
(attrs: user: {
|
||||||
options = lib.recursiveUpdate attrs.options (mkUser user.name attrs.uid (user.options or { }));
|
options = lib.recursiveUpdate attrs.options (
|
||||||
|
mkUser user.name attrs.uid (user.value.admin or false)
|
||||||
|
);
|
||||||
uid = attrs.uid + 1;
|
uid = attrs.uid + 1;
|
||||||
})
|
})
|
||||||
{
|
{
|
||||||
options = { };
|
options = { };
|
||||||
uid = 1000;
|
uid = 1000;
|
||||||
}
|
}
|
||||||
users
|
(lib.attrsToList users)
|
||||||
).options
|
).options
|
||||||
{
|
{
|
||||||
users.users.root = {
|
users.users.root = {
|
||||||
initialPassword = "tuxcord";
|
initialPassword = "tuxcord";
|
||||||
|
openssh.authorizedKeys.keys = self.lib.adminSSHKeys;
|
||||||
openssh.authorizedKeys.keys = lib.lists.concatLists (
|
|
||||||
map (user: getSSHKeys user.name) (builtins.filter (user: user.options.admin or false) users)
|
|
||||||
);
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user