From cef3b04ebd507955212700dc06b4089ee8ec0235 Mon Sep 17 00:00:00 2001 From: Ivan Malison Date: Mon, 10 Jun 2024 16:13:19 -0600 Subject: [PATCH] [NixOS] Add railbird user --- nixos/flake.lock | 170 ++++++++++++++++++++++++++++++++++++++++++++--- nixos/flake.nix | 8 ++- nixos/users.nix | 7 +- 3 files changed, 175 insertions(+), 10 deletions(-) diff --git a/nixos/flake.lock b/nixos/flake.lock index 560f63a5..3f7855b8 100644 --- a/nixos/flake.lock +++ b/nixos/flake.lock @@ -21,6 +21,30 @@ "type": "github" } }, + "agenix_2": { + "inputs": { + "darwin": "darwin_2", + "home-manager": "home-manager_3", + "nixpkgs": [ + "railbird-secrets", + "nixpkgs" + ], + "systems": "systems_4" + }, + "locked": { + "lastModified": 1707830867, + "narHash": "sha256-PAdwm5QqdlwIqGrfzzvzZubM+FXtilekQ/FA0cI49/o=", + "owner": "ryantm", + "repo": "agenix", + "rev": "8cb01a0e717311680e0cbca06a76cbceba6f3ed6", + "type": "github" + }, + "original": { + "owner": "ryantm", + "repo": "agenix", + "type": "github" + } + }, "darwin": { "inputs": { "nixpkgs": [ @@ -43,6 +67,29 @@ "type": "github" } }, + "darwin_2": { + "inputs": { + "nixpkgs": [ + "railbird-secrets", + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1700795494, + "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=", + "owner": "lnl7", + "repo": "nix-darwin", + "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d", + "type": "github" + }, + "original": { + "owner": "lnl7", + "ref": "master", + "repo": "nix-darwin", + "type": "github" + } + }, "flake-compat": { "flake": false, "locked": { @@ -245,6 +292,24 @@ "inputs": { "systems": "systems_5" }, + "locked": { + "lastModified": 1709126324, + "narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "d465f4819400de7c8d874d50b982301f28a84605", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_6": { + "inputs": { + "systems": "systems_7" + }, "locked": { "lastModified": 1685518550, "narHash": "sha256-o2d0KcvaXzTrPRIo0kOLV0/QXHhDQ5DTi+OxcjO8xqY=", @@ -259,9 +324,9 @@ "type": "github" } }, - "flake-utils_6": { + "flake-utils_7": { "inputs": { - "systems": "systems_6" + "systems": "systems_8" }, "locked": { "lastModified": 1681202837, @@ -536,7 +601,7 @@ "haskell-language-server_2": { "inputs": { "flake-compat": "flake-compat_4", - "flake-utils": "flake-utils_5", + "flake-utils": "flake-utils_6", "fourmolu-011": "fourmolu-011_2", "fourmolu-012": "fourmolu-012_2", "gitignore": "gitignore_2", @@ -548,7 +613,7 @@ "lsp": "lsp_2", "lsp-test": "lsp-test_2", "lsp-types": "lsp-types_2", - "nixpkgs": "nixpkgs_7", + "nixpkgs": "nixpkgs_8", "ormolu-052": "ormolu-052_2", "ormolu-07": "ormolu-07_2", "stylish-haskell-0145": "stylish-haskell-0145_2" @@ -713,6 +778,28 @@ "type": "github" } }, + "home-manager_3": { + "inputs": { + "nixpkgs": [ + "railbird-secrets", + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1703113217, + "narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, "imalison-taffybar": { "inputs": { "flake-utils": [ @@ -1051,6 +1138,22 @@ } }, "nixpkgs_7": { + "locked": { + "lastModified": 1709703039, + "narHash": "sha256-6hqgQ8OK6gsMu1VtcGKBxKQInRLHtzulDo9Z5jxHEFY=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "9df3e30ce24fd28c7b3e2de0d986769db5d6225d", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_8": { "locked": { "lastModified": 1686874404, "narHash": "sha256-u2Ss8z+sGaVlKtq7sCovQ8WvXY+OoXJmY1zmyxITiaY=", @@ -1066,7 +1169,7 @@ "type": "github" } }, - "nixpkgs_8": { + "nixpkgs_9": { "locked": { "lastModified": 1682134069, "narHash": "sha256-TnI/ZXSmRxQDt2sjRYK/8j8iha4B4zP2cnQCZZ3vp7k=", @@ -1187,6 +1290,26 @@ "type": "github" } }, + "railbird-secrets": { + "inputs": { + "agenix": "agenix_2", + "flake-utils": "flake-utils_5", + "nixpkgs": "nixpkgs_7" + }, + "locked": { + "lastModified": 1718057406, + "narHash": "sha256-PUqnLMxAOlWVkNIpltxP8lNlz5OyxpYN6K9hl45WrAk=", + "ref": "refs/heads/master", + "rev": "971e616e67e07c1ef5a8933fbb0a504178353be2", + "revCount": 49, + "type": "git", + "url": "ssh://gitea@dev.railbird.ai:1123/railbird/secrets-flake.git" + }, + "original": { + "type": "git", + "url": "ssh://gitea@dev.railbird.ai:1123/railbird/secrets-flake.git" + } + }, "root": { "inputs": { "agenix": "agenix", @@ -1203,8 +1326,9 @@ "nixpkgs": "nixpkgs_5", "nixpkgs-regression": "nixpkgs-regression_2", "notifications-tray-icon": "notifications-tray-icon", + "railbird-secrets": "railbird-secrets", "status-notifier-item": "status-notifier-item", - "systems": "systems_4", + "systems": "systems_6", "taffybar": "taffybar", "vscode-server": "vscode-server", "xmonad": "xmonad", @@ -1380,6 +1504,36 @@ "type": "github" } }, + "systems_7": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_8": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "taffybar": { "inputs": { "flake-utils": [ @@ -1452,8 +1606,8 @@ }, "vscode-server": { "inputs": { - "flake-utils": "flake-utils_6", - "nixpkgs": "nixpkgs_8" + "flake-utils": "flake-utils_7", + "nixpkgs": "nixpkgs_9" }, "locked": { "lastModified": 1713958148, diff --git a/nixos/flake.nix b/nixos/flake.nix index 0dc4170b..714dd92d 100644 --- a/nixos/flake.nix +++ b/nixos/flake.nix @@ -1,5 +1,8 @@ { inputs = { + railbird-secrets = { + url = "git+ssh://gitea@dev.railbird.ai:1123/railbird/secrets-flake.git"; + }; nixos-hardware = { url = "github:colonelpanic8/nixos-hardware"; }; nixpkgs = { @@ -152,7 +155,10 @@ inherit inputs machineNames; makeEnable = (import ./make-enable.nix) nixpkgs.lib; keys = (import ./keys.nix); - usersInfo = (import ./users.nix) { pkgs = { zsh = "zsh"; }; keys = keys; }; + usersInfo = (import ./users.nix) { + pkgs = { zsh = "zsh"; }; + inherit keys inputs system; + }; realUsers = (builtins.attrNames (nixpkgs.lib.filterAttrs (_: value: (builtins.elem "isNormalUser" (builtins.attrNames value)) && value.isNormalUser) usersInfo.users.users) diff --git a/nixos/users.nix b/nixos/users.nix index 76a2134a..671703d2 100644 --- a/nixos/users.nix +++ b/nixos/users.nix @@ -1,4 +1,4 @@ -{ pkgs, keys, ... }: +{ pkgs, keys, inputs, system, ... }: let extraGroups = [ "audio" @@ -89,6 +89,11 @@ in name = "ben"; openssh.authorizedKeys.keys = benKeys ++ kanivanKeys; }; + railbird = userDefaults // { + inherit extraGroups; + name = "railbird"; + openssh.authorizedKeys.keys = inputs.railbird-secrets.keys.railbirdAdminKeys; + }; }; nix.sshServe = {