58 lines
1.2 KiB
Nix
58 lines
1.2 KiB
Nix
{ lib, self, ... }:
|
|
let
|
|
inherit (self.lib) users;
|
|
|
|
adminGroups = [
|
|
"adm"
|
|
"named"
|
|
"networkmanager"
|
|
"nginx"
|
|
"tuxcord"
|
|
"wheel"
|
|
];
|
|
|
|
mkUser =
|
|
name: uid: options:
|
|
let
|
|
admin = options.admin or false;
|
|
in
|
|
{
|
|
users.users.${name} = {
|
|
inherit uid;
|
|
isNormalUser = true;
|
|
extraGroups = lib.optionals admin adminGroups;
|
|
openssh.authorizedKeys.keys = self.lib.getSSHKeys name;
|
|
};
|
|
|
|
systemd.slices."user-${builtins.toString uid}".sliceConfig = {
|
|
CPUQuota = "50%";
|
|
CPUWeight = "10";
|
|
IOAccounting = true;
|
|
IOWeight = "10";
|
|
MemoryMax = "2G";
|
|
MemorySwapMax = "1G";
|
|
TasksMax = "100";
|
|
};
|
|
};
|
|
in
|
|
lib.recursiveUpdate
|
|
(builtins.foldl'
|
|
(attrs: user: {
|
|
options = lib.recursiveUpdate attrs.options (
|
|
mkUser user.name attrs.uid (user.value.options or { })
|
|
);
|
|
uid = attrs.uid + 1;
|
|
})
|
|
{
|
|
options = { };
|
|
uid = 1000;
|
|
}
|
|
(lib.attrsToList users)
|
|
).options
|
|
{
|
|
users.users.root = {
|
|
initialPassword = "tuxcord";
|
|
openssh.authorizedKeys.keys = self.lib.adminSSHKeys;
|
|
};
|
|
}
|