[NixOS] Add mike and loewy

2023-10-03 14:50:43 -06:00 · 2023-10-03 14:50:43 -06:00 · 70d25f95cc
commit 70d25f95cc
parent 802cf428d3
3 changed files with 45 additions and 25 deletions
--- a/nixos/flake.nix
+++ b/nixos/flake.nix
@ -156,7 +156,8 @@
        mapValueToKeys = keys: value: builtins.listToAttrs (map (name: { inherit name value; }) keys);
        realUsers = [ "root" "imalison" "kat" "dean" "alex" ];
        forEachUser = mapValueToKeys realUsers;
-      } // specialArgs // (import ./keys.nix);
+        keys = (import ./keys.nix);
      } // specialArgs;
    });
  in
  {
--- a/nixos/keys.nix
+++ b/nixos/keys.nix
@ -28,6 +28,12 @@ rec {
  alexKeys = [
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP2SQkJenAX67Ze99SKOVpKDD1XvAZnxQ8RLP0dL/Ej2 alexm@MALISONSERVER"
  ];
  mikeKeys = [
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPnXd6c9xwr1yxBmxauj/FF3gnY8G11ospoM8i11mD2n countablecloud.com"
  ];
  loewyKeys = [
    "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDROb8zcXAgqR3xNpStjt8kSL2Tnic+aWVlQRkmmLveay0RDPatHVKiWtscBoFYvL19xwpi692nZjyPAGQBLMquVx8rexHUFVbs6UVM41Y/QV0UZLSlVM7xNl3nL/dQoxT8OC2a9WJThNm41EjFzzKAuUaWqjm4+uEsC9felBIzndlA5/bIn6EUkMb2X8qmOOIOod1UeVZeK0fWMoDdKsHtQjiQrrP4nLjOmrTQ+BF2yUHwFbW6SCQiXT1Jzq4zymnI717ZraTK0nXzl8amLrGGrh36TrR7pv9hWLeNIMCARvOtABMdQmrT1dI4FxLK1uKM696uzfoaZDUn58G2VGrd loewy gitlab"
  ];
  agenixKeys = hostKeys ++ kanivanKeys;
-  allKeys = kanivanKeys ++ deanKeys ++ alexKeys ++ hostKeys;
+  allKeys = loewyKeys ++ mikeKeys ++ kanivanKeys ++ deanKeys ++ alexKeys ++ hostKeys;
 }
--- a/nixos/users.nix
+++ b/nixos/users.nix
@ -1,60 +1,73 @@
-{ pkgs, realUsers, forEachUser, kanivanKeys, deanKeys, alexKeys, allKeys, ... }:
+{ pkgs, realUsers, forEachUser, keys, ... }:
 let
-    extraGroups = [
+  extraGroups = [
-      "audio"
+    "audio"
-      "adbusers"
+    "adbusers"
-      "disk"
+    "disk"
-      "docker"
+    "docker"
-      "networkmanager"
+    "networkmanager"
-      "openrazer"
+    "openrazer"
-      "plugdev"
+    "plugdev"
-      "syncthing"
+    "syncthing"
-      "systemd-journal"
+    "systemd-journal"
-      "video"
+    "video"
-      "wheel"
+  ];
-    ];
+  extraGroupsWithWheel = extraGroups ++ ["wheel"];
-    userDefaults = {
+  userDefaults = {
-      inherit extraGroups;
+    group = "users";
-      group = "users";
+    isNormalUser = true;
-      isNormalUser = true;
+    createHome = true;
-      createHome = true;
+    shell = pkgs.zsh;
-      shell = pkgs.zsh;
+  };
    };
 in
 {
  security.sudo.wheelNeedsPassword = false;
-  users.users = {
+  users.users = with keys; {
    syncthing = {
      extraGroups = [ "syncthing" "wheel" ];
      home = "/var/lib/syncthing";
      createHome = true;
    };
    imalison = userDefaults // {
      extraGroups = extraGroupsWithWheel;
      name = "imalison";
      shell = pkgs.zsh;
      openssh.authorizedKeys.keys = kanivanKeys;
    };
    kat = userDefaults // {
      extraGroups = extraGroupsWithWheel;
      name = "kat";
      shell = pkgs.zsh;
      openssh.authorizedKeys.keys = kanivanKeys;
    };
    dean = userDefaults // {
      extraGroups = extraGroupsWithWheel;
      name = "dean";
      shell = pkgs.zsh;
      openssh.authorizedKeys.keys = kanivanKeys ++ deanKeys;
    };
    alex = userDefaults // {
      extraGroups = extraGroupsWithWheel;
      name = "alex";
      shell = pkgs.zsh;
      openssh.authorizedKeys.keys = kanivanKeys ++ alexKeys;
    };
    loewy = userDefaults // {
      inherit extraGroups;
      name = "loewy";
      openssh.authorizedKeys.keys = kanivanKeys ++ loewyKeys;
    };
    mike = userDefaults // {
      inherit extraGroups;
      name = "mike";
      openssh.authorizedKeys.keys = kanivanKeys ++ mikeKeys;
    };
  };
  nix.settings.trusted-users = realUsers;
  nix.sshServe = {
    enable = true;
-    keys = allKeys;
+    keys = keys.allKeys;
  };
  home-manager.users = forEachUser (import ./home-manager.nix);