sercanto/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

modules/nixos/community-builder: refactor users

Browse source 
- align with darwin/community-builder

- remove unused hashedPassword, maybeWheel options
This commit is contained in:
zowoq 2024-10-29 15:15:32 +10:00
parent a3109acfde
commit f7146814ec
1 changed files with 117 additions and 125 deletions

242
modules/nixos/community-builder/users.nix
View file

@ -1,8 +1,6 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
let let
inherit (pkgs) lib; users = [
users = {
# 1. Generate an SSH key for your root account and add the public # 1. Generate an SSH key for your root account and add the public
# key to a file matching your name in ./keys/ # key to a file matching your name in ./keys/
# #
@ -10,206 +8,200 @@ let
# #
# youruser.keys = ./keys/youruser; # youruser.keys = ./keys/youruser;
# #
"0x4A6F" = { {
name = "0x4A6F";
trusted = true; trusted = true;
keys = ./keys/0x4A6F; keys = ./keys/0x4A6F;
}; }
{
afh = { name = "afh";
trusted = true; trusted = true;
keys = ./keys/afh; keys = ./keys/afh;
}; }
{
a-kenji = { name = "a-kenji";
trusted = true; trusted = true;
keys = ./keys/a-kenji; keys = ./keys/a-kenji;
}; }
{
binarycat = { name = "binarycat";
trusted = true; trusted = true;
keys = ./keys/binarycat; keys = ./keys/binarycat;
}; }
{
binarycat-untrusted = { name = "binarycat-untrusted";
trusted = false; trusted = false;
keys = ./keys/binarycat; keys = ./keys/binarycat;
}; }
{
bobby285271 = { name = "bobby285271";
trusted = true; trusted = true;
keys = ./keys/bobby285271; keys = ./keys/bobby285271;
}; }
{
ckie = { name = "ckie";
trusted = true; trusted = true;
keys = ./keys/ckie; keys = ./keys/ckie;
}; }
{
fgaz = { name = "fgaz";
trusted = true; trusted = true;
keys = ./keys/fgaz; keys = ./keys/fgaz;
}; }
{
flokli = { name = "flokli";
trusted = true; trusted = true;
keys = ./keys/flokli; keys = ./keys/flokli;
}; }
{
fmzakari = { name = "fmzakari";
# github: @fzakaria # github: @fzakaria
trusted = true; trusted = true;
keys = ./keys/fmzakari; keys = ./keys/fmzakari;
}; }
{
glepage = { name = "glepage";
trusted = true; trusted = true;
shell = pkgs.fish; shell = pkgs.fish;
keys = ./keys/glepage; keys = ./keys/glepage;
}; }
{
hexchen = { name = "hexchen";
trusted = true; trusted = true;
keys = ./keys/hexchen; keys = ./keys/hexchen;
}; }
{
janik = { name = "janik";
trusted = true; trusted = true;
keys = ./keys/janik; keys = ./keys/janik;
}; }
{
jtojnar = { name = "jtojnar";
trusted = true; trusted = true;
keys = ./keys/jtojnar; keys = ./keys/jtojnar;
}; }
{
lewo = { name = "lewo";
trusted = true; trusted = true;
keys = ./keys/lewo; keys = ./keys/lewo;
}; }
{
lily = { name = "lily";
trusted = true; trusted = true;
keys = ./keys/lily; keys = ./keys/lily;
}; }
{
linj = { name = "linj";
# lib.maintainers.linj, https://github.com/jian-lin # lib.maintainers.linj, https://github.com/jian-lin
trusted = true; trusted = true;
shell = pkgs.fish; shell = pkgs.fish;
keys = ./keys/linj; keys = ./keys/linj;
}; }
{
mrcjkb = { name = "mrcjkb";
# lib.maintainers.mrcjkb https://github.com/mrcjkb # lib.maintainers.mrcjkb https://github.com/mrcjkb
trusted = true; trusted = true;
shell = pkgs.nushell; shell = pkgs.nushell;
keys = ./keys/mrcjkb; keys = ./keys/mrcjkb;
}; }
{
nicoo = { name = "nicoo";
# lib.maintainers.nicoo, @nbraud on github.com # lib.maintainers.nicoo, @nbraud on github.com
trusted = true; trusted = true;
keys = ./keys/nicoo; keys = ./keys/nicoo;
}; }
{
raitobezarius = { name = "raitobezarius";
trusted = true; trusted = true;
keys = ./keys/raitobezarius; keys = ./keys/raitobezarius;
}; }
{
networkexception = { name = "networkexception";
trusted = true; trusted = true;
keys = ./keys/networkexception; keys = ./keys/networkexception;
}; }
{
pinpox = { name = "pinpox";
trusted = true; trusted = true;
keys = ./keys/pinpox; keys = ./keys/pinpox;
}; }
{
raboof = { name = "raboof";
# lib.maintainers.raboof, https://github.com/raboof # lib.maintainers.raboof, https://github.com/raboof
trusted = true; trusted = true;
keys = ./keys/raboof; keys = ./keys/raboof;
}; }
{
schmittlauch = { name = "schmittlauch";
trusted = true; trusted = true;
keys = ./keys/schmittlauch; keys = ./keys/schmittlauch;
}; }
{
matthiasbeyer = { name = "matthiasbeyer";
trusted = true; trusted = true;
keys = ./keys/matthiasbeyer; keys = ./keys/matthiasbeyer;
}; }
{
stephank = { name = "stephank";
trusted = true; trusted = true;
keys = ./keys/stephank; keys = ./keys/stephank;
}; }
{
supinie = { name = "supinie";
trusted = true; trusted = true;
keys = ./keys/supinie; keys = ./keys/supinie;
}; }
{
teto = { name = "teto";
trusted = true; trusted = true;
keys = ./keys/teto; keys = ./keys/teto;
}; }
{
thecomputerguy = { name = "thecomputerguy";
trusted = true; trusted = true;
keys = ./keys/thecomputerguy; keys = ./keys/thecomputerguy;
}; }
{
tomberek = { name = "tomberek";
trusted = true; trusted = true;
keys = ./keys/tomberek; keys = ./keys/tomberek;
}; }
{
winter = { name = "winter";
trusted = true; trusted = true;
keys = ./keys/winter; keys = ./keys/winter;
}; }
{
matthewcroughan = { name = "matthewcroughan";
trusted = true; trusted = true;
keys = ./keys/matthewcroughan; keys = ./keys/matthewcroughan;
}; }
{
emily = { name = "emily";
# lib.maintainers.emily, https://github.com/emilazy # lib.maintainers.emily, https://github.com/emilazy
trusted = true; trusted = true;
keys = ./keys/emily; keys = ./keys/emily;
}; }
{
doronbehar = { name = "doronbehar";
# lib.maintainers.doronbehar, https://github.com/doronbehar # lib.maintainers.doronbehar, https://github.com/doronbehar
trusted = true; trusted = true;
keys = ./keys/doronbehar; keys = ./keys/doronbehar;
}; }
}; ];
ifAttr =
key: default: result: opts:
if (opts ? "${key}") && opts."${key}" then result else default;
maybeTrusted = ifAttr "trusted" [ ] [ "trusted" ];
maybeWheel = ifAttr "sudo" [ ] [ "wheel" ];
userGroups = opts: (maybeTrusted opts) ++ (maybeWheel opts);
descToUser = name: opts: {
isNormalUser = true;
extraGroups = userGroups opts;
createHome = true;
home = "/home/${name}";
shell = opts.shell or config.users.defaultUserShell;
hashedPassword = opts.password or null;
openssh.authorizedKeys.keyFiles = [ opts.keys ];
};
in in
{ {
users.users = lib.mapAttrs descToUser users; users.users = builtins.listToAttrs (
builtins.map (u: {
inherit (u) name;
value = {
isNormalUser = true;
extraGroups = if (u ? trusted && u.trusted) then [ "trusted" ] else [ ];
home = "/home/${u.name}";
createHome = true;
shell = u.shell or config.users.defaultUserShell;
openssh.authorizedKeys.keyFiles = [ u.keys ];
};
}) users
);
} }