2024-04-28 15:25:40 +00:00
|
|
|
{
|
|
|
|
flake,
|
|
|
|
pkgs,
|
|
|
|
lib,
|
|
|
|
config,
|
|
|
|
...
|
|
|
|
}:
|
|
|
|
{
|
2024-05-19 13:27:19 +00:00
|
|
|
options.pub-solar-os.authentication =
|
|
|
|
let
|
|
|
|
inherit (lib) mkOption types;
|
|
|
|
in
|
|
|
|
{
|
|
|
|
root.initialHashedPassword = mkOption {
|
|
|
|
description = "Hashed password of the root account";
|
|
|
|
type = types.str;
|
|
|
|
default = "$y$j9T$bIN6GjQkmPMllOcQsq52K0$q0Z5B5.KW/uxXK9fItB8H6HO79RYAcI/ZZdB0Djke32";
|
|
|
|
};
|
2024-04-28 15:25:40 +00:00
|
|
|
|
2024-05-19 13:27:19 +00:00
|
|
|
robot.username = mkOption {
|
|
|
|
description = "username for the robot user";
|
|
|
|
type = types.str;
|
|
|
|
default = "hakkonaut";
|
|
|
|
};
|
2024-04-28 15:25:40 +00:00
|
|
|
|
2024-05-19 13:27:19 +00:00
|
|
|
robot.sshPubKeys = mkOption {
|
|
|
|
description = "SSH Keys to use for the robot user";
|
|
|
|
type = types.listOf types.str;
|
|
|
|
default = flake.self.logins.robots.sshPubKeys;
|
|
|
|
};
|
2024-04-28 15:25:40 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
config = {
|
2024-11-12 19:22:25 +00:00
|
|
|
users.users = (lib.attrsets.foldlAttrs
|
|
|
|
(acc: name: value: acc // { ${name} = {
|
|
|
|
name = name;
|
|
|
|
group = name;
|
|
|
|
extraGroups = [
|
|
|
|
"wheel"
|
|
|
|
"docker"
|
|
|
|
];
|
|
|
|
isNormalUser = true;
|
|
|
|
openssh.authorizedKeys.keys = lib.attrsets.attrValues value.sshPubKeys;
|
|
|
|
};
|
|
|
|
})
|
|
|
|
{ }
|
|
|
|
flake.self.logins.admins)
|
|
|
|
// {
|
|
|
|
# TODO: Remove when we stop locking ourselves out.
|
|
|
|
root.openssh.authorizedKeys.keys = config.pub-solar-os.authentication.sshPubKeys;
|
|
|
|
root.initialHashedPassword = config.pub-solar-os.authentication.root.initialHashedPassword;
|
2024-04-28 15:25:40 +00:00
|
|
|
|
2024-11-12 19:22:25 +00:00
|
|
|
${config.pub-solar-os.authentication.robot.username} = {
|
|
|
|
description = "CI and automation user";
|
|
|
|
home = "/home/${config.pub-solar-os.authentication.robot.username}";
|
|
|
|
createHome = true;
|
|
|
|
useDefaultShell = true;
|
|
|
|
uid = 998;
|
|
|
|
group = "${config.pub-solar-os.authentication.robot.username}";
|
|
|
|
isSystemUser = true;
|
|
|
|
openssh.authorizedKeys.keys = config.pub-solar-os.authentication.robot.sshPubKeys;
|
|
|
|
};
|
2024-04-28 15:25:40 +00:00
|
|
|
};
|
|
|
|
|
2024-11-12 19:22:25 +00:00
|
|
|
users.groups = (lib.attrsets.foldlAttrs
|
|
|
|
(acc: name: value: acc // { "${name}" = { }; })
|
|
|
|
{ }
|
|
|
|
flake.self.logins.admins)
|
|
|
|
// {
|
|
|
|
${config.pub-solar-os.authentication.robot.username} = { };
|
|
|
|
};
|
2024-04-28 15:25:40 +00:00
|
|
|
|
|
|
|
security.sudo.wheelNeedsPassword = false;
|
|
|
|
};
|
|
|
|
}
|