tuxcord/tuxcord.nix
8
2
Fork 1
Code Issues 13 Pull Requests Actions Packages Projects 1 Releases Wiki Activity
Files
46b8c1eeae7b5983105b3e2449727f06ec3f589a
tuxcord.nix/nixos/users.nix
T
ErrorNoInternet d410685af6
Check / Nix flake (push) Has been cancelled
Details
Lint / Nix expressions (push) Has been cancelled
Details
treewide: separate ssh keys
2026-05-02 17:51:22 -04:00

72 lines
1.4 KiB
Nix
Raw Blame History

{ lib, self, ... }:
let
users = [
{
name = "error";
options.admin = true;
}
{
name = "javalsai";
options.admin = true;
}
{
name = "max";
options.admin = true;
}
{
name = "vectorum";
}
];
adminGroups = [
"adm"
"named"
"networkmanager"
"nginx"
"tuxcord"
"wheel"
];
mkUser = name: uid: options: {
users.users.${name} = {
isNormalUser = true;
extraGroups = lib.optionals (options.admin or false) adminGroups;
inherit uid;
openssh.authorizedKeys.keys =
let
keys = import "${self}/lib/ssh/keys.nix";
in
if (builtins.hasAttr name keys) then
[ keys.${name} ]
else
lib.warn "user ${name} declared without ssh key" [ ];
};
systemd.slices."user-${builtins.toString uid}".sliceConfig = {
CPUQuota = "50%";
CPUWeight = "10";
IOAccounting = true;
IOWeight = "10";
MemoryMax = "2G";
MemorySwapMax = "1G";
TasksMax = "100";
};
};
in
lib.recursiveUpdate
(builtins.foldl'
(attrs: user: {
options = lib.recursiveUpdate attrs.options (mkUser user.name attrs.uid (user.options or { }));
uid = attrs.uid + 1;
})
{
options = { };
uid = 1000;
}
users
).options
{
users.users.root.initialPassword = "tuxcord";
}
Reference in New Issue View Git Blame Copy Permalink