forked from pub-solar/infra
auth: use all sshPubKeys for disk unlock, fix tests, fix hm config
This commit is contained in:
parent
acc537decd
commit
eb63779bb6
|
@ -11,6 +11,11 @@ in
|
||||||
wireguardDevices: adminConfig:
|
wireguardDevices: adminConfig:
|
||||||
wireguardDevices ++ (if adminConfig ? "wireguardDevices" then adminConfig.wireguardDevices else [ ])
|
wireguardDevices ++ (if adminConfig ? "wireguardDevices" then adminConfig.wireguardDevices else [ ])
|
||||||
) [ ] (lib.attrsets.attrValues admins);
|
) [ ] (lib.attrsets.attrValues admins);
|
||||||
|
sshPubKeys = lib.lists.foldl (
|
||||||
|
sshPubKeys: adminConfig:
|
||||||
|
sshPubKeys
|
||||||
|
++ (if adminConfig ? "sshPubKeys" then lib.attrsets.attrValues adminConfig.sshPubKeys else [ ])
|
||||||
|
) [ ] (lib.attrsets.attrValues admins);
|
||||||
robots.sshPubKeys = lib.attrsets.attrValues robots;
|
robots.sshPubKeys = lib.attrsets.attrValues robots;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -54,9 +54,5 @@
|
||||||
};
|
};
|
||||||
|
|
||||||
time.timeZone = "Etc/UTC";
|
time.timeZone = "Etc/UTC";
|
||||||
|
|
||||||
home-manager.users.${config.pub-solar-os.authentication.username} = {
|
|
||||||
home.stateVersion = "23.05";
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,19 +1,27 @@
|
||||||
{ flake, config, ... }:
|
{ flake, lib, ... }:
|
||||||
{
|
{
|
||||||
home-manager.users.${config.pub-solar-os.authentication.username} = {
|
home-manager.users = (
|
||||||
programs.git.enable = true;
|
lib.attrsets.foldlAttrs (
|
||||||
programs.starship.enable = true;
|
acc: name: value:
|
||||||
programs.bash.enable = true;
|
acc
|
||||||
programs.neovim = {
|
// {
|
||||||
enable = true;
|
${name} = {
|
||||||
vimAlias = true;
|
programs.git.enable = true;
|
||||||
viAlias = true;
|
programs.starship.enable = true;
|
||||||
defaultEditor = true;
|
programs.bash.enable = true;
|
||||||
# configure = {
|
programs.neovim = {
|
||||||
# packages.myVimPackages = with pkgs.vimPlugins; {
|
enable = true;
|
||||||
# start = [vim-nix vim-surrund rainbow];
|
vimAlias = true;
|
||||||
# };
|
viAlias = true;
|
||||||
# };
|
defaultEditor = true;
|
||||||
};
|
# configure = {
|
||||||
};
|
# packages.myVimPackages = with pkgs.vimPlugins; {
|
||||||
|
# start = [vim-nix vim-surrund rainbow];
|
||||||
|
# };
|
||||||
|
# };
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
|
) { } flake.self.logins.admins
|
||||||
|
);
|
||||||
}
|
}
|
||||||
|
|
|
@ -50,7 +50,7 @@
|
||||||
) { } flake.self.logins.admins)
|
) { } flake.self.logins.admins)
|
||||||
// {
|
// {
|
||||||
# TODO: Remove when we stop locking ourselves out.
|
# TODO: Remove when we stop locking ourselves out.
|
||||||
root.openssh.authorizedKeys.keys = config.pub-solar-os.authentication.sshPubKeys;
|
root.openssh.authorizedKeys.keys = flake.self.logins.sshPubKeys;
|
||||||
root.initialHashedPassword = config.pub-solar-os.authentication.root.initialHashedPassword;
|
root.initialHashedPassword = config.pub-solar-os.authentication.root.initialHashedPassword;
|
||||||
|
|
||||||
${config.pub-solar-os.authentication.robot.username} = {
|
${config.pub-solar-os.authentication.robot.username} = {
|
||||||
|
@ -65,6 +65,18 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
home-manager.users = (
|
||||||
|
lib.attrsets.foldlAttrs (
|
||||||
|
acc: name: value:
|
||||||
|
acc
|
||||||
|
// {
|
||||||
|
${name} = {
|
||||||
|
home.stateVersion = "23.05";
|
||||||
|
};
|
||||||
|
}
|
||||||
|
) { } flake.self.logins.admins
|
||||||
|
);
|
||||||
|
|
||||||
users.groups =
|
users.groups =
|
||||||
(lib.attrsets.foldlAttrs (
|
(lib.attrsets.foldlAttrs (
|
||||||
acc: name: value:
|
acc: name: value:
|
||||||
|
|
|
@ -10,7 +10,7 @@
|
||||||
|
|
||||||
# Please create this manually the first time.
|
# Please create this manually the first time.
|
||||||
hostKeys = [ "/etc/secrets/initrd/ssh_host_ed25519_key" ];
|
hostKeys = [ "/etc/secrets/initrd/ssh_host_ed25519_key" ];
|
||||||
authorizedKeys = config.pub-solar-os.authentication.sshPubKeys;
|
authorizedKeys = flake.self.logins.sshPubKeys;
|
||||||
};
|
};
|
||||||
postCommands = ''
|
postCommands = ''
|
||||||
# Automatically ask for the password on SSH login
|
# Automatically ask for the password on SSH login
|
||||||
|
|
|
@ -11,7 +11,7 @@
|
||||||
|
|
||||||
# Please create this manually the first time.
|
# Please create this manually the first time.
|
||||||
hostKeys = [ "/etc/secrets/initrd/ssh_host_ed25519_key" ];
|
hostKeys = [ "/etc/secrets/initrd/ssh_host_ed25519_key" ];
|
||||||
authorizedKeys = config.pub-solar-os.authentication.sshPubKeys;
|
authorizedKeys = flake.self.logins.sshPubKeys;
|
||||||
};
|
};
|
||||||
# this will automatically load the zfs password prompt on login
|
# this will automatically load the zfs password prompt on login
|
||||||
# and kill the other prompt so boot can continue
|
# and kill the other prompt so boot can continue
|
||||||
|
|
|
@ -66,7 +66,7 @@ in
|
||||||
testScript =
|
testScript =
|
||||||
{ nodes, ... }:
|
{ nodes, ... }:
|
||||||
let
|
let
|
||||||
user = nodes.client.users.users.${nodes.client.pub-solar-os.authentication.username};
|
user = nodes.client.users.users.b12f;
|
||||||
#uid = toString user.uid;
|
#uid = toString user.uid;
|
||||||
bus = "DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/$(id -u ${user.name})/bus";
|
bus = "DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/$(id -u ${user.name})/bus";
|
||||||
gdbus = "${bus} gdbus";
|
gdbus = "${bus} gdbus";
|
||||||
|
|
|
@ -11,7 +11,7 @@
|
||||||
services.xserver.displayManager.gdm.enable = true;
|
services.xserver.displayManager.gdm.enable = true;
|
||||||
services.xserver.desktopManager.gnome.enable = true;
|
services.xserver.desktopManager.gnome.enable = true;
|
||||||
services.xserver.displayManager.autoLogin.enable = true;
|
services.xserver.displayManager.autoLogin.enable = true;
|
||||||
services.xserver.displayManager.autoLogin.user = config.pub-solar-os.authentication.username;
|
services.xserver.displayManager.autoLogin.user = "b12f";
|
||||||
|
|
||||||
systemd.user.services = {
|
systemd.user.services = {
|
||||||
"org.gnome.Shell@wayland" = {
|
"org.gnome.Shell@wayland" = {
|
||||||
|
|
Loading…
Reference in a new issue