move users configuration to seperate profile

2021-03-04 06:24:57 +01:00 · 2021-03-04 06:24:57 +01:00 · 72da0df51d
commit 72da0df51d
parent 0a638d42ff
4 changed files with 40 additions and 50 deletions
--- a/build01/configuration.nix
+++ b/build01/configuration.nix
@ -1,17 +1,4 @@
 { config, pkgs, lib, ... }:
-let
-  userImports =
-    let
-      toUserPath = f: ../users/. + "/${f}";
-      onlyUserFiles = x:
-        lib.hasSuffix ".nix" x &&
-        x != "lib.nix"
-      ;
-      userDirEntries = builtins.readDir ../users;
-      userFiles = builtins.filter onlyUserFiles (lib.attrNames userDirEntries);
-    in
-    builtins.map toUserPath userFiles;
-in
 {
  imports = [
    ./hardware-configuration.nix
@ -27,7 +14,7 @@ in
    ../profiles/common.nix
    ../services/docker.nix
    ../services/hound
-  ] ++ userImports;
+  ];

  # /boot is a mirror raid
  boot.loader.grub.devices = [ "/dev/sda" "/dev/sdb" ];
@ -81,5 +68,4 @@ in
  nix.gc.options = "--delete-older-than 30d";

  system.stateVersion = "20.03";
-
 }
--- a/build02/configuration.nix
+++ b/build02/configuration.nix
@ -1,17 +1,5 @@
 { config, pkgs, lib, ... }:
-let
-  userImports =
-    let
-      toUserPath = f: ../users/. + "/${f}";
-      onlyUserFiles = x:
-        lib.hasSuffix ".nix" x &&
-        x != "lib.nix"
-      ;
-      userDirEntries = builtins.readDir ../users;
-      userFiles = builtins.filter onlyUserFiles (lib.attrNames userDirEntries);
-    in
-    builtins.map toUserPath userFiles;
-in
+
 {
  imports = [
    ./hardware-configuration.nix
@ -20,7 +8,7 @@ in
    ./nixpkgs-update.nix

    ../profiles/common.nix
-  ] ++ userImports;
+  ];

  # /boot is a mirror raid
  boot.loader.grub.devices = [ "/dev/nvme0n1" "/dev/nvme1n1" ];
@ -37,7 +25,7 @@ in
  };
  networking.nameservers = [ "1.1.1.1" "1.0.0.1" ];
  networking.interfaces."enp35s0" = {
-    ipv4.addresses = [ { address = "95.217.109.189"; prefixLength = 26; } ];
+    ipv4.addresses = [{ address = "95.217.109.189"; prefixLength = 26; }];
    ipv6.addresses = [
      { address = "fe80::aaa1:59ff:fe0e:aa61"; prefixLength = 64; }
      { address = "2a01:4f9:4a:2b02::1"; prefixLength = 64; }
@ -61,5 +49,4 @@ in
  nix.gc.options = "--delete-older-than 30d";

  system.stateVersion = "20.09";
-
 }
--- a/profiles/common.nix
+++ b/profiles/common.nix
@ -6,6 +6,7 @@
    ./security.nix
    ../services/telegraf
    ./zfs.nix
+    ./users.nix
  ];

  environment.systemPackages = [
@ -71,23 +72,4 @@

  # The nix-community is global :)
  time.timeZone = "UTC";
-
-  # No mutable users
-  users.mutableUsers = false;
-
-  # Assign keys from all users in wheel group
-  # This is only done because nixops cant be deployed from any other account
-  users.extraUsers.root.openssh.authorizedKeys.keys = lib.unique (
-    lib.flatten (
-      builtins.map (u: u.openssh.authorizedKeys.keys)
-        (
-          lib.attrValues (
-            lib.filterAttrs (_: u: lib.elem "wheel" u.extraGroups)
-              config.users.extraUsers
-          )
-        )
-    )
-  );
-
-
 }
--- a/profiles/users.nix
+++ b/profiles/users.nix
@ -0,0 +1,35 @@
+{ config, lib, pkgs, ... }:
+
+let
+  userImports =
+    let
+      toUserPath = f: ../users/. + "/${f}";
+      onlyUserFiles = x:
+        lib.hasSuffix ".nix" x &&
+        x != "lib.nix"
+      ;
+      userDirEntries = builtins.readDir ../users;
+      userFiles = builtins.filter onlyUserFiles (lib.attrNames userDirEntries);
+    in
+    builtins.map toUserPath userFiles;
+in
+{
+  imports = userImports;
+
+  # No mutable users
+  users.mutableUsers = false;
+
+  # Assign keys from all users in wheel group
+  # This is only done because nixops cant be deployed from any other account
+  users.extraUsers.root.openssh.authorizedKeys.keys = lib.unique (
+    lib.flatten (
+      builtins.map (u: u.openssh.authorizedKeys.keys)
+        (
+          lib.attrValues (
+            lib.filterAttrs (_: u: lib.elem "wheel" u.extraGroups)
+              config.users.extraUsers
+          )
+        )
+    )
+  );
+}