move users configuration to seperate profile
This commit is contained in:
parent
0a638d42ff
commit
72da0df51d
4 changed files with 40 additions and 50 deletions
|
@ -1,17 +1,4 @@
|
||||||
{ config, pkgs, lib, ... }:
|
{ config, pkgs, lib, ... }:
|
||||||
let
|
|
||||||
userImports =
|
|
||||||
let
|
|
||||||
toUserPath = f: ../users/. + "/${f}";
|
|
||||||
onlyUserFiles = x:
|
|
||||||
lib.hasSuffix ".nix" x &&
|
|
||||||
x != "lib.nix"
|
|
||||||
;
|
|
||||||
userDirEntries = builtins.readDir ../users;
|
|
||||||
userFiles = builtins.filter onlyUserFiles (lib.attrNames userDirEntries);
|
|
||||||
in
|
|
||||||
builtins.map toUserPath userFiles;
|
|
||||||
in
|
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
|
@ -27,7 +14,7 @@ in
|
||||||
../profiles/common.nix
|
../profiles/common.nix
|
||||||
../services/docker.nix
|
../services/docker.nix
|
||||||
../services/hound
|
../services/hound
|
||||||
] ++ userImports;
|
];
|
||||||
|
|
||||||
# /boot is a mirror raid
|
# /boot is a mirror raid
|
||||||
boot.loader.grub.devices = [ "/dev/sda" "/dev/sdb" ];
|
boot.loader.grub.devices = [ "/dev/sda" "/dev/sdb" ];
|
||||||
|
@ -81,5 +68,4 @@ in
|
||||||
nix.gc.options = "--delete-older-than 30d";
|
nix.gc.options = "--delete-older-than 30d";
|
||||||
|
|
||||||
system.stateVersion = "20.03";
|
system.stateVersion = "20.03";
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,17 +1,5 @@
|
||||||
{ config, pkgs, lib, ... }:
|
{ config, pkgs, lib, ... }:
|
||||||
let
|
|
||||||
userImports =
|
|
||||||
let
|
|
||||||
toUserPath = f: ../users/. + "/${f}";
|
|
||||||
onlyUserFiles = x:
|
|
||||||
lib.hasSuffix ".nix" x &&
|
|
||||||
x != "lib.nix"
|
|
||||||
;
|
|
||||||
userDirEntries = builtins.readDir ../users;
|
|
||||||
userFiles = builtins.filter onlyUserFiles (lib.attrNames userDirEntries);
|
|
||||||
in
|
|
||||||
builtins.map toUserPath userFiles;
|
|
||||||
in
|
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
|
@ -20,7 +8,7 @@ in
|
||||||
./nixpkgs-update.nix
|
./nixpkgs-update.nix
|
||||||
|
|
||||||
../profiles/common.nix
|
../profiles/common.nix
|
||||||
] ++ userImports;
|
];
|
||||||
|
|
||||||
# /boot is a mirror raid
|
# /boot is a mirror raid
|
||||||
boot.loader.grub.devices = [ "/dev/nvme0n1" "/dev/nvme1n1" ];
|
boot.loader.grub.devices = [ "/dev/nvme0n1" "/dev/nvme1n1" ];
|
||||||
|
@ -37,7 +25,7 @@ in
|
||||||
};
|
};
|
||||||
networking.nameservers = [ "1.1.1.1" "1.0.0.1" ];
|
networking.nameservers = [ "1.1.1.1" "1.0.0.1" ];
|
||||||
networking.interfaces."enp35s0" = {
|
networking.interfaces."enp35s0" = {
|
||||||
ipv4.addresses = [ { address = "95.217.109.189"; prefixLength = 26; } ];
|
ipv4.addresses = [{ address = "95.217.109.189"; prefixLength = 26; }];
|
||||||
ipv6.addresses = [
|
ipv6.addresses = [
|
||||||
{ address = "fe80::aaa1:59ff:fe0e:aa61"; prefixLength = 64; }
|
{ address = "fe80::aaa1:59ff:fe0e:aa61"; prefixLength = 64; }
|
||||||
{ address = "2a01:4f9:4a:2b02::1"; prefixLength = 64; }
|
{ address = "2a01:4f9:4a:2b02::1"; prefixLength = 64; }
|
||||||
|
@ -61,5 +49,4 @@ in
|
||||||
nix.gc.options = "--delete-older-than 30d";
|
nix.gc.options = "--delete-older-than 30d";
|
||||||
|
|
||||||
system.stateVersion = "20.09";
|
system.stateVersion = "20.09";
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -6,6 +6,7 @@
|
||||||
./security.nix
|
./security.nix
|
||||||
../services/telegraf
|
../services/telegraf
|
||||||
./zfs.nix
|
./zfs.nix
|
||||||
|
./users.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
environment.systemPackages = [
|
environment.systemPackages = [
|
||||||
|
@ -71,23 +72,4 @@
|
||||||
|
|
||||||
# The nix-community is global :)
|
# The nix-community is global :)
|
||||||
time.timeZone = "UTC";
|
time.timeZone = "UTC";
|
||||||
|
|
||||||
# No mutable users
|
|
||||||
users.mutableUsers = false;
|
|
||||||
|
|
||||||
# Assign keys from all users in wheel group
|
|
||||||
# This is only done because nixops cant be deployed from any other account
|
|
||||||
users.extraUsers.root.openssh.authorizedKeys.keys = lib.unique (
|
|
||||||
lib.flatten (
|
|
||||||
builtins.map (u: u.openssh.authorizedKeys.keys)
|
|
||||||
(
|
|
||||||
lib.attrValues (
|
|
||||||
lib.filterAttrs (_: u: lib.elem "wheel" u.extraGroups)
|
|
||||||
config.users.extraUsers
|
|
||||||
)
|
|
||||||
)
|
|
||||||
)
|
|
||||||
);
|
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
35
profiles/users.nix
Normal file
35
profiles/users.nix
Normal file
|
@ -0,0 +1,35 @@
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
let
|
||||||
|
userImports =
|
||||||
|
let
|
||||||
|
toUserPath = f: ../users/. + "/${f}";
|
||||||
|
onlyUserFiles = x:
|
||||||
|
lib.hasSuffix ".nix" x &&
|
||||||
|
x != "lib.nix"
|
||||||
|
;
|
||||||
|
userDirEntries = builtins.readDir ../users;
|
||||||
|
userFiles = builtins.filter onlyUserFiles (lib.attrNames userDirEntries);
|
||||||
|
in
|
||||||
|
builtins.map toUserPath userFiles;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
imports = userImports;
|
||||||
|
|
||||||
|
# No mutable users
|
||||||
|
users.mutableUsers = false;
|
||||||
|
|
||||||
|
# Assign keys from all users in wheel group
|
||||||
|
# This is only done because nixops cant be deployed from any other account
|
||||||
|
users.extraUsers.root.openssh.authorizedKeys.keys = lib.unique (
|
||||||
|
lib.flatten (
|
||||||
|
builtins.map (u: u.openssh.authorizedKeys.keys)
|
||||||
|
(
|
||||||
|
lib.attrValues (
|
||||||
|
lib.filterAttrs (_: u: lib.elem "wheel" u.extraGroups)
|
||||||
|
config.users.extraUsers
|
||||||
|
)
|
||||||
|
)
|
||||||
|
)
|
||||||
|
);
|
||||||
|
}
|
Loading…
Add table
Add a link
Reference in a new issue