90 lines
1.7 KiB
Nix
90 lines
1.7 KiB
Nix
{ lib, self, ... }:
|
|
let
|
|
users = [
|
|
{
|
|
name = "error";
|
|
options.admin = true;
|
|
}
|
|
{
|
|
name = "javalsai";
|
|
options.admin = true;
|
|
}
|
|
{
|
|
name = "max";
|
|
options.admin = true;
|
|
}
|
|
{
|
|
name = "vectorum";
|
|
}
|
|
{
|
|
name = "pickzelle";
|
|
}
|
|
];
|
|
|
|
adminGroups = [
|
|
"adm"
|
|
"named"
|
|
"networkmanager"
|
|
"nginx"
|
|
"tuxcord"
|
|
"wheel"
|
|
];
|
|
|
|
getSSHKeys =
|
|
username:
|
|
let
|
|
sshKeys = import "${self}/lib/ssh/keys.nix";
|
|
in
|
|
if (builtins.hasAttr username sshKeys) then
|
|
lib.lists.toList sshKeys.${username}
|
|
else
|
|
lib.warn "user ${username} declared without ssh key" [ ];
|
|
|
|
mkUser =
|
|
name: uid: options:
|
|
let
|
|
admin = options.admin or false;
|
|
|
|
in
|
|
{
|
|
users.users.${name} = {
|
|
isNormalUser = true;
|
|
extraGroups = lib.optionals admin adminGroups;
|
|
inherit uid;
|
|
|
|
openssh.authorizedKeys.keys = getSSHKeys name;
|
|
};
|
|
|
|
systemd.slices."user-${builtins.toString uid}".sliceConfig = {
|
|
CPUQuota = "50%";
|
|
CPUWeight = "10";
|
|
IOAccounting = true;
|
|
IOWeight = "10";
|
|
MemoryMax = "2G";
|
|
MemorySwapMax = "1G";
|
|
TasksMax = "100";
|
|
};
|
|
};
|
|
in
|
|
lib.recursiveUpdate
|
|
(builtins.foldl'
|
|
(attrs: user: {
|
|
options = lib.recursiveUpdate attrs.options (mkUser user.name attrs.uid (user.options or { }));
|
|
uid = attrs.uid + 1;
|
|
})
|
|
{
|
|
options = { };
|
|
uid = 1000;
|
|
}
|
|
users
|
|
).options
|
|
{
|
|
users.users.root = {
|
|
initialPassword = "tuxcord";
|
|
|
|
openssh.authorizedKeys.keys = lib.lists.concatLists (
|
|
map (user: getSSHKeys user.name) (builtins.filter (user: user.options.admin or false) users)
|
|
);
|
|
};
|
|
}
|