modules: builder -> community-builder

slightly better name for this module

modules/nixos/community-builder/default.nix

@@ -0,0 +1,12 @@
+{ pkgs, ... }: {
+  imports = [
+    ./packages.nix
+    ./users.nix
+  ];
+
+  programs.fish.enable = true;
+  # disable generated completion
+  environment.etc."fish/generated_completions".text = pkgs.lib.mkForce "";
+
+  programs.zsh.enable = true;
+}

modules/nixos/community-builder/keys/0x4A6F

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFuUdiPdq7neZjTSRoc4PuRg8a6M/JBaJ8fjQxPH6uUT 0x4A6F@aarch64-build-box

modules/nixos/community-builder/keys/a-kenji

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINKIQ0ErAeL4XOLMl8sBluZMI5KDvBbA4NeY3OOX4Qr9

modules/nixos/community-builder/keys/ckie

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH3uTwzSSMAPg84fwbNp2cq9+BdLFeA1VzDGth4zCAbz https://ckie.dev

modules/nixos/community-builder/keys/fgaz

@@ -0,0 +1,2 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDzgzKJT0vmmb8j2V94LpCbI7LScMwn3l+dDIhHrF/+QZQr6alufx8v4k1Z+8idY24TlqgPhd+lDGzcLAka9fkHN8T8WVnenztlAXcbRKbByl4ZTyqP/nNXm/65PHOoy+HEdCBZ2tUtXVfQUPVBVDWGXkd39lrEw/HU7iF6kSp4vpBnGTdS4m1jXGi7TbB4/s1LcbKhcxuO2lOaluDwyYnYBqdCwZyVuk1CCvEcuR2BIIjlLdmmOUZyyO3hhwwJN3YNV482Aj8M9evBUgNB8wuursjdeHGpl5Xdr5RwpWGDpblbBFj5AjUl5bV28vcWEIAYRopB6x/YaBHcfgqcI4b5 fgaz@phi
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCdbor45IIvr65qlN6Ge0wb8eDQxGVYTqiyeEm7tWLEnFQa67cjOo/wfd02wqkT/CBRo544YgxhviGmg+EKXlTBR9vQaOZeHxNAn8ZM1F9dR2lt9aGWS17TTiYZdrQz06tD4wDoiCyMR1rhX8Nu+u0h9GRzeR6g7a7KwbgxVsk72Y6/feIDlMu0I5Xz+yNsB34+VkbDkMFke6jvl0TUS66DbKmLtVpi0RzQQCaQliqG9oe/OQIRHWgJF6LnWPKl/RFY/PH96+Cwr7ZYXVZPK81pTZ3mFQVWIZTEK6pAUA46pVrx5vagKYyechaSsWRNaVqz11aNUv5UFDnEJS7LCJ4x fgaz@lambda

modules/nixos/community-builder/keys/flokli

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPTVTXOutUZZjXLB0lUSgeKcSY/8mxKkC0ingGK1whD2 flokli

modules/nixos/community-builder/keys/jtojnar

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBNvEK+/zeAOuFQiSMSCaY3uSMBy0Fu9IIE16bFgww/o jtojnar+aarch64box@kaiser

modules/nixos/community-builder/keys/lewo

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1e1EG5LUckzjoUiwJZ3ubpKkVN4LmWX5L4rrFimopTdERRM+CU/R7lGpr/msSUNEwMl+5pS/61NS/O7jMOWstVIIdt/ylaY0k71UvrHtdb0YsGPiNx+4+uhavrAmrKaC0wz1rLppqFyzoLxhb6neGrC7zPPHlOvubAVAy73zCL3eDNWuawGoD2mMygSwL1JsaHAxI5fjNA7tyvQIqEfkVki+kWtgZ/0ic19DbtuvFQdECubK3z/IlG1xhKN8Lb2/d9YNI71CMjT0bGYM3qLchmU4WwciLfTBQTqSplNfeIwXMpGvoEl5wbgs1XOXd7wRVlbAE1vb3m6a+e/6gHQ9t

modules/nixos/community-builder/keys/raitobezarius

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA3hCOyFwuoCLt5W9e9yQSwj9I+VspB0kNNHsoFngbgZ Nix remote builder key

modules/nixos/community-builder/keys/schmittlauch

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOGVBk51usxrFgY5XoWvU23QqRJPXoLLQBn5xGleq5Zp root@thinknix

modules/nixos/community-builder/keys/stephank

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJSzyTDlIybCZkhyKXP6OkKqRw2vaEsyPiR7ZeNtDVL0

modules/nixos/community-builder/keys/winter

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB48pH8R4ofvGo5dph4I3lZ5CM6He95TRu1h1oURydhf

modules/nixos/community-builder/packages.nix

@@ -0,0 +1,22 @@
+{ pkgs, ... }:
+{
+  # useful for people that want to test stuff
+  environment.systemPackages = [
+    pkgs.fd
+    pkgs.git
+    pkgs.nano
+    pkgs.nix-output-monitor
+    pkgs.nix-tree
+    pkgs.nixpkgs-review
+    pkgs.ripgrep
+    pkgs.tig
+    pkgs.tmux
+    pkgs.vim
+
+    # terminfo packages
+    pkgs.foot.terminfo
+    pkgs.kitty.terminfo
+    pkgs.termite.terminfo
+    pkgs.wezterm.terminfo
+  ];
+}

modules/nixos/community-builder/users.nix

@@ -0,0 +1,89 @@
+{ pkgs, ... }:
+let
+  inherit (pkgs) lib;
+
+  users = {
+    # 1. Generate an SSH key for your root account and add the public
+    #    key to a file matching your name in ./keys/
+    #
+    # 2. Copy / paste this in order, alphabetically:
+    #
+    #    youruser.keys = ./keys/youruser;
+    #
+    "0x4A6F" = {
+      trusted = true;
+      keys = ./keys/0x4A6F;
+    };
+
+    a-kenji = {
+      trusted = true;
+      keys = ./keys/a-kenji;
+    };
+
+    ckie.keys = ./keys/ckie;
+
+    fgaz = {
+      trusted = true;
+      keys = ./keys/fgaz;
+    };
+
+    flokli = {
+      trusted = true;
+      keys = ./keys/flokli;
+    };
+
+    jtojnar = {
+      trusted = true;
+      keys = ./keys/jtojnar;
+    };
+
+    lewo = {
+      trusted = true;
+      keys = ./keys/lewo;
+    };
+
+    raitobezarius = {
+      trusted = true;
+      keys = ./keys/raitobezarius;
+    };
+
+    schmittlauch = {
+      trusted = true;
+      keys = ./keys/schmittlauch;
+    };
+
+    stephank.keys = ./keys/stephank;
+
+    winter.keys = ./keys/winter;
+  };
+
+  ifAttr = key: default: result: opts:
+    if (opts ? "${key}") && opts."${key}"
+    then result
+    else default;
+
+  maybeTrusted = ifAttr "trusted" [ ] [ "trusted" ];
+  maybeWheel = ifAttr "sudo" [ ] [ "wheel" ];
+
+  userGroups = opts:
+    (maybeTrusted opts) ++
+    (maybeWheel opts);
+
+  descToUser = name: opts:
+    {
+      isNormalUser = true;
+      extraGroups = userGroups opts;
+      createHome = true;
+      home = "/home/${name}";
+      hashedPassword = opts.password or null;
+      openssh.authorizedKeys.keyFiles = [
+        opts.keys
+      ];
+    };
+in
+{
+  users = {
+    mutableUsers = false;
+    users = lib.mapAttrs descToUser users;
+  };
+}