home

Unnamed repository; edit this file 'description' to name the repository.
Log | Files | Refs | README | LICENSE

commit 40311918f548040f47d2fc064ffa03f7ce1fcae6
parent aae97d1fb2e39c49a8e1e3ab2d4aa40cc6107526
Author: Vincent Demeester <vincent@sbr.pm>
Date:   Sat,  6 Jun 2020 18:36:58 +0200

systems/modules: remove users

Signed-off-by: Vincent Demeester <vincent@sbr.pm>

Diffstat:
Msystems/hokkaido.nix | 2--
Msystems/kerkouane.nix | 4----
Msystems/modules/profiles/default.nix | 1-
Dsystems/modules/profiles/users.nix | 79-------------------------------------------------------------------------------
Msystems/okinawa.nix | 2--
Msystems/sakhalin.nix | 2--
Msystems/wakasu.nix | 2--
7 files changed, 0 insertions(+), 92 deletions(-)

diff --git a/systems/hokkaido.nix b/systems/hokkaido.nix @@ -42,8 +42,6 @@ in ssh.enable = true; dev.enable = true; yubikey.enable = true; - # FIXME remove the need for it - users.enable = false; }; services = { diff --git a/systems/kerkouane.nix b/systems/kerkouane.nix @@ -39,10 +39,6 @@ in git.enable = true; ssh.enable = true; syncthing.enable = true; - - # FIXME remove the need for it - users.enable = false; - wireguard.server.enable = true; }; diff --git a/systems/modules/profiles/default.nix b/systems/modules/profiles/default.nix @@ -22,7 +22,6 @@ ./scanning.nix ./ssh.nix ./syncthing.nix - ./users.nix ./virtualization.nix ./wireguard.server.nix ./yubikey.nix diff --git a/systems/modules/profiles/users.nix b/systems/modules/profiles/users.nix @@ -1,79 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; -let - cfg = config.profiles.users; - secretPath = ../../../secrets/machines.nix; - secretCondition = (builtins.pathExists secretPath); - - isAuthorized = p: builtins.isAttrs p && p.authorized or false; - authorizedKeys = lists.optionals secretCondition ( - attrsets.mapAttrsToList - (name: value: value.key) - (attrsets.filterAttrs (name: value: isAuthorized value) (import secretPath).ssh) - ); -in -{ - options = { - profiles.users = { - enable = mkOption { - default = true; - description = "Enable users profile"; - type = types.bool; - }; - user = mkOption { - default = "vincent"; - description = "Username to use when creating user"; - type = types.str; - }; - }; - }; - config = mkIf cfg.enable (mkMerge [ - { - users = { - extraUsers = { - ${cfg.user} = { - isNormalUser = true; - uid = 1000; - createHome = true; - extraGroups = [ "wheel" "input" ] ++ optionals config.profiles.desktop.enable [ "audio" "video" "lp" "scanner" "networkmanager" ] - ++ optionals config.profiles.docker.enable [ "docker" ] - ++ optionals config.profiles.buildkit.enable [ "buildkit" ] - ++ optionals config.profiles.virtualization.enable [ "libvirtd" "vboxusers" ]; - shell = if config.programs.fish.enable then pkgs.fish else pkgs.zsh; - initialPassword = "changeMe"; - subUidRanges = [{ startUid = 100000; count = 65536; }]; - subGidRanges = [{ startGid = 100000; count = 65536; }]; - openssh.authorizedKeys.keys = authorizedKeys; - }; - }; - }; - } - ( - mkIf secretCondition { - programs.ssh.extraConfig = with import ../../../secrets/machines.nix; '' - Host kerkouane kerkouane.sbr.pm - Hostname kerkouane.sbr.pm - Port ${toString ssh.kerkouane.port} - Host kerkouane.vpn ${wireguard.ips.kerkouane} - Hostname ${wireguard.ips.kerkouane} - Port ${toString ssh.kerkouane.port} - Host carthage carthage.sbr.pm - Hostname carthage.sbr.pm - Port ${toString ssh.carthage.port} - Host carthage.vpn ${wireguard.ips.carthage} - Hostname ${wireguard.ips.carthage} - Port ${toString ssh.carthage.port} - Host hokkaido.vpn ${wireguard.ips.hokkaido} - Hostname ${wireguard.ips.hokkaido} - Host honshu.vpn ${wireguard.ips.honshu} - Hostname ${wireguard.ips.honshu} - Host okinawa.vpn ${wireguard.ips.okinawa} - Hostname ${wireguard.ips.okinawa} - Host wakasu.vpn ${wireguard.ips.wakasu} - Hostname ${wireguard.ips.wakasu} - ''; - } - ) - ]); -} diff --git a/systems/okinawa.nix b/systems/okinawa.nix @@ -57,8 +57,6 @@ in ssh.enable = true; syncthing.enable = true; virtualization = { enable = true; nested = true; listenTCP = true; }; - # FIXME remove the need for it - users.enable = false; }; services = { diff --git a/systems/sakhalin.nix b/systems/sakhalin.nix @@ -63,8 +63,6 @@ in ssh.enable = true; syncthing.enable = true; virtualization = { enable = true; nested = true; listenTCP = true; }; - # FIXME remove the need for it - users.enable = false; }; fileSystems."/export/gaia" = { device = "/mnt/gaia"; options = [ "bind" ]; }; diff --git a/systems/wakasu.nix b/systems/wakasu.nix @@ -56,8 +56,6 @@ in ssh = { enable = true; forwardX11 = true; }; virtualization = { enable = true; nested = true; listenTCP = true; }; yubikey.enable = true; - # FIXME remove the need for it - users.enable = false; }; programs = { podman.enable = true;