118 lines
3.2 KiB
Nix
118 lines
3.2 KiB
Nix
{
|
|
flake,
|
|
pkgs,
|
|
lib,
|
|
config,
|
|
...
|
|
}:
|
|
{
|
|
options.momo-cloud.authentication =
|
|
let
|
|
inherit (lib) mkOption types;
|
|
in
|
|
{
|
|
users = mkOption {
|
|
description = "Administrative users to add";
|
|
|
|
type = types.attrsOf (
|
|
types.submodule {
|
|
options = {
|
|
sshPubKeys = mkOption {
|
|
type = types.attrsOf types.str;
|
|
default = { };
|
|
};
|
|
secretEncryptionKeys = mkOption {
|
|
type = types.attrsOf types.str;
|
|
default = { };
|
|
};
|
|
wireguardDevices = mkOption {
|
|
type = types.listOf (
|
|
types.submodule {
|
|
options = {
|
|
publicKey = mkOption { type = types.str; };
|
|
allowedIPs = mkOption { type = types.listOf types.str; };
|
|
};
|
|
}
|
|
);
|
|
default = { };
|
|
};
|
|
};
|
|
}
|
|
);
|
|
|
|
default = flake.self.logins.admins;
|
|
};
|
|
|
|
root.initialHashedPassword = mkOption {
|
|
description = "Hashed password of the root account";
|
|
type = types.str;
|
|
default = "$y$j9T$bIN6GjQkmPMllOcQsq52K0$q0Z5B5.KW/uxXK9fItB8H6HO79RYAcI/ZZdB0Djke32";
|
|
};
|
|
|
|
robot.username = mkOption {
|
|
description = "username for the robot user";
|
|
type = types.str;
|
|
default = "hora";
|
|
};
|
|
|
|
robot.sshPubKeys = mkOption {
|
|
description = "SSH Keys to use for the robot user";
|
|
type = types.listOf types.str;
|
|
default = flake.self.logins.robots.sshPubKeys;
|
|
};
|
|
};
|
|
|
|
config = {
|
|
users.users =
|
|
(lib.attrsets.foldlAttrs (
|
|
acc: name: value:
|
|
acc
|
|
// {
|
|
${name} = {
|
|
name = name;
|
|
group = name;
|
|
extraGroups = [
|
|
"wheel"
|
|
"docker"
|
|
];
|
|
isNormalUser = true;
|
|
openssh.authorizedKeys.keys = lib.attrsets.attrValues value.sshPubKeys;
|
|
};
|
|
}
|
|
) { } config.momo-cloud.authentication.users)
|
|
// {
|
|
root.initialHashedPassword = config.momo-cloud.authentication.root.initialHashedPassword;
|
|
|
|
${config.momo-cloud.authentication.robot.username} = {
|
|
description = "CI and automation user";
|
|
home = "/home/${config.momo-cloud.authentication.robot.username}";
|
|
createHome = true;
|
|
useDefaultShell = true;
|
|
uid = 1100;
|
|
group = "${config.momo-cloud.authentication.robot.username}";
|
|
isSystemUser = true;
|
|
openssh.authorizedKeys.keys = config.momo-cloud.authentication.robot.sshPubKeys;
|
|
};
|
|
};
|
|
|
|
home-manager.users = (
|
|
lib.attrsets.foldlAttrs (
|
|
acc: name: value:
|
|
acc // { ${name}.home.stateVersion = "24.11"; }
|
|
) { } config.momo-cloud.authentication.users
|
|
);
|
|
|
|
users.groups =
|
|
(lib.attrsets.foldlAttrs (
|
|
acc: name: value:
|
|
acc // { "${name}" = { }; }
|
|
) { } config.momo-cloud.authentication.users)
|
|
// {
|
|
${config.momo-cloud.authentication.robot.username} = {
|
|
gid = 1100;
|
|
};
|
|
};
|
|
|
|
security.sudo.wheelNeedsPassword = false;
|
|
};
|
|
}
|