From 70d25f95ccffb6d6b829b29f69e4fb6e8fb00ae3 Mon Sep 17 00:00:00 2001 From: Ivan Malison Date: Tue, 3 Oct 2023 14:50:43 -0600 Subject: [PATCH] [NixOS] Add mike and loewy --- nixos/flake.nix | 3 ++- nixos/keys.nix | 8 ++++++- nixos/users.nix | 59 ++++++++++++++++++++++++++++++------------------- 3 files changed, 45 insertions(+), 25 deletions(-) diff --git a/nixos/flake.nix b/nixos/flake.nix index 5fc83153..304c8537 100644 --- a/nixos/flake.nix +++ b/nixos/flake.nix @@ -156,7 +156,8 @@ mapValueToKeys = keys: value: builtins.listToAttrs (map (name: { inherit name value; }) keys); realUsers = [ "root" "imalison" "kat" "dean" "alex" ]; forEachUser = mapValueToKeys realUsers; - } // specialArgs // (import ./keys.nix); + keys = (import ./keys.nix); + } // specialArgs; }); in { diff --git a/nixos/keys.nix b/nixos/keys.nix index 6b5fca96..e9d7d912 100644 --- a/nixos/keys.nix +++ b/nixos/keys.nix @@ -28,6 +28,12 @@ rec { alexKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP2SQkJenAX67Ze99SKOVpKDD1XvAZnxQ8RLP0dL/Ej2 alexm@MALISONSERVER" ]; + mikeKeys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPnXd6c9xwr1yxBmxauj/FF3gnY8G11ospoM8i11mD2n countablecloud.com" + ]; + loewyKeys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDROb8zcXAgqR3xNpStjt8kSL2Tnic+aWVlQRkmmLveay0RDPatHVKiWtscBoFYvL19xwpi692nZjyPAGQBLMquVx8rexHUFVbs6UVM41Y/QV0UZLSlVM7xNl3nL/dQoxT8OC2a9WJThNm41EjFzzKAuUaWqjm4+uEsC9felBIzndlA5/bIn6EUkMb2X8qmOOIOod1UeVZeK0fWMoDdKsHtQjiQrrP4nLjOmrTQ+BF2yUHwFbW6SCQiXT1Jzq4zymnI717ZraTK0nXzl8amLrGGrh36TrR7pv9hWLeNIMCARvOtABMdQmrT1dI4FxLK1uKM696uzfoaZDUn58G2VGrd loewy gitlab" + ]; agenixKeys = hostKeys ++ kanivanKeys; - allKeys = kanivanKeys ++ deanKeys ++ alexKeys ++ hostKeys; + allKeys = loewyKeys ++ mikeKeys ++ kanivanKeys ++ deanKeys ++ alexKeys ++ hostKeys; } diff --git a/nixos/users.nix b/nixos/users.nix index 662954fe..6fce106a 100644 --- a/nixos/users.nix +++ b/nixos/users.nix @@ -1,60 +1,73 @@ -{ pkgs, realUsers, forEachUser, kanivanKeys, deanKeys, alexKeys, allKeys, ... }: +{ pkgs, realUsers, forEachUser, keys, ... }: let - extraGroups = [ - "audio" - "adbusers" - "disk" - "docker" - "networkmanager" - "openrazer" - "plugdev" - "syncthing" - "systemd-journal" - "video" - "wheel" - ]; - userDefaults = { - inherit extraGroups; - group = "users"; - isNormalUser = true; - createHome = true; - shell = pkgs.zsh; - }; + extraGroups = [ + "audio" + "adbusers" + "disk" + "docker" + "networkmanager" + "openrazer" + "plugdev" + "syncthing" + "systemd-journal" + "video" + ]; + extraGroupsWithWheel = extraGroups ++ ["wheel"]; + userDefaults = { + group = "users"; + isNormalUser = true; + createHome = true; + shell = pkgs.zsh; + }; in { security.sudo.wheelNeedsPassword = false; - users.users = { + users.users = with keys; { syncthing = { extraGroups = [ "syncthing" "wheel" ]; home = "/var/lib/syncthing"; createHome = true; }; imalison = userDefaults // { + extraGroups = extraGroupsWithWheel; name = "imalison"; shell = pkgs.zsh; openssh.authorizedKeys.keys = kanivanKeys; }; kat = userDefaults // { + extraGroups = extraGroupsWithWheel; name = "kat"; shell = pkgs.zsh; openssh.authorizedKeys.keys = kanivanKeys; }; dean = userDefaults // { + extraGroups = extraGroupsWithWheel; name = "dean"; shell = pkgs.zsh; openssh.authorizedKeys.keys = kanivanKeys ++ deanKeys; }; alex = userDefaults // { + extraGroups = extraGroupsWithWheel; name = "alex"; shell = pkgs.zsh; openssh.authorizedKeys.keys = kanivanKeys ++ alexKeys; }; + loewy = userDefaults // { + inherit extraGroups; + name = "loewy"; + openssh.authorizedKeys.keys = kanivanKeys ++ loewyKeys; + }; + mike = userDefaults // { + inherit extraGroups; + name = "mike"; + openssh.authorizedKeys.keys = kanivanKeys ++ mikeKeys; + }; }; nix.settings.trusted-users = realUsers; nix.sshServe = { enable = true; - keys = allKeys; + keys = keys.allKeys; }; home-manager.users = forEachUser (import ./home-manager.nix);