add first community builder user
This commit is contained in:
parent
946f59711e
commit
91863124e8
5 changed files with 63 additions and 0 deletions
|
@ -18,6 +18,7 @@
|
||||||
../roles/common.nix
|
../roles/common.nix
|
||||||
../roles/hetzner-network.nix
|
../roles/hetzner-network.nix
|
||||||
../roles/raid.nix
|
../roles/raid.nix
|
||||||
|
../roles/users.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
# /boot is a mirror raid
|
# /boot is a mirror raid
|
||||||
|
|
3
roles/builder/default.nix
Normal file
3
roles/builder/default.nix
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
{ ... }: {
|
||||||
|
imports = [ ./users.nix ];
|
||||||
|
}
|
1
roles/builder/keys/0x4A6F
Normal file
1
roles/builder/keys/0x4A6F
Normal file
|
@ -0,0 +1 @@
|
||||||
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFuUdiPdq7neZjTSRoc4PuRg8a6M/JBaJ8fjQxPH6uUT 0x4A6F@aarch64-build-box
|
1
roles/builder/keys/jtojnar
Normal file
1
roles/builder/keys/jtojnar
Normal file
|
@ -0,0 +1 @@
|
||||||
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBNvEK+/zeAOuFQiSMSCaY3uSMBy0Fu9IIE16bFgww/o jtojnar+aarch64box@kaiser
|
57
roles/builder/users.nix
Normal file
57
roles/builder/users.nix
Normal file
|
@ -0,0 +1,57 @@
|
||||||
|
let
|
||||||
|
pkgs = import <nixpkgs> {};
|
||||||
|
inherit (pkgs) lib;
|
||||||
|
|
||||||
|
users = {
|
||||||
|
# 1. Generate an SSH key for your root account and add the public
|
||||||
|
# key to a file matching your name in ./keys/
|
||||||
|
#
|
||||||
|
# 2. Copy / paste this in order, alphabetically:
|
||||||
|
#
|
||||||
|
# youruser = {
|
||||||
|
# trusted = true;
|
||||||
|
# keys = ./keys/youruser;
|
||||||
|
# };
|
||||||
|
|
||||||
|
"0x4A6F" = {
|
||||||
|
trusted = true;
|
||||||
|
keys = ./keys/0x4A6F;
|
||||||
|
};
|
||||||
|
|
||||||
|
jtojnar = {
|
||||||
|
trusted = true;
|
||||||
|
keys = ./keys/jtojnar;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
ifAttr = key: default: result: opts:
|
||||||
|
if (opts ? "${key}") && opts."${key}"
|
||||||
|
then result
|
||||||
|
else default;
|
||||||
|
|
||||||
|
maybeTrusted = ifAttr "trusted" [] [ "trusted" ];
|
||||||
|
maybeWheel = ifAttr "sudo" [] [ "wheel" ];
|
||||||
|
|
||||||
|
userGroups = opts:
|
||||||
|
(maybeTrusted opts) ++
|
||||||
|
(maybeWheel opts);
|
||||||
|
|
||||||
|
descToUser = name: opts:
|
||||||
|
{
|
||||||
|
isNormalUser = true;
|
||||||
|
extraGroups = userGroups opts;
|
||||||
|
createHome = true;
|
||||||
|
home = "/home/${name}";
|
||||||
|
hashedPassword = opts.password or null;
|
||||||
|
openssh.authorizedKeys.keyFiles = [
|
||||||
|
opts.keys
|
||||||
|
];
|
||||||
|
};
|
||||||
|
in {
|
||||||
|
users = {
|
||||||
|
groups.trusted = {};
|
||||||
|
|
||||||
|
mutableUsers = false;
|
||||||
|
users = lib.mapAttrs descToUser users;
|
||||||
|
};
|
||||||
|
}
|
Loading…
Add table
Add a link
Reference in a new issue