auth: add user for each administrator #261

Open
b12f wants to merge 4 commits from per-admin-user into main
2 changed files with 41 additions and 38 deletions
Showing only changes of commit 2b72d9a5a8 - Show all commits

View file

@ -7,11 +7,10 @@ in
flake = { flake = {
logins = { logins = {
admins = admins; admins = admins;
wireguardDevices = wireguardDevices = lib.lists.foldl (
lib.lists.foldl wireguardDevices: adminConfig:
(wireguardDevices: adminConfig: wireguardDevices ++ (if adminConfig ? "wireguardDevices" then adminConfig.wireguardDevices else [ ])) wireguardDevices ++ (if adminConfig ? "wireguardDevices" then adminConfig.wireguardDevices else [ ])
[ ] ) [ ] (lib.attrsets.attrValues admins);
(lib.attrsets.attrValues admins);
robots.sshPubKeys = lib.attrsets.attrValues robots; robots.sshPubKeys = lib.attrsets.attrValues robots;
}; };
}; };

View file

@ -31,42 +31,46 @@
}; };
config = { config = {
users.users = (lib.attrsets.foldlAttrs users.users =
(acc: name: value: acc // { ${name} = { (lib.attrsets.foldlAttrs (
name = name; acc: name: value:
group = name; acc
extraGroups = [ // {
"wheel" ${name} = {
"docker" name = name;
]; group = name;
isNormalUser = true; extraGroups = [
openssh.authorizedKeys.keys = lib.attrsets.attrValues value.sshPubKeys; "wheel"
"docker"
];
isNormalUser = true;
openssh.authorizedKeys.keys = lib.attrsets.attrValues value.sshPubKeys;
};
}
) { } flake.self.logins.admins)
// {
# TODO: Remove when we stop locking ourselves out.
root.openssh.authorizedKeys.keys = config.pub-solar-os.authentication.sshPubKeys;
root.initialHashedPassword = config.pub-solar-os.authentication.root.initialHashedPassword;
${config.pub-solar-os.authentication.robot.username} = {
description = "CI and automation user";
home = "/home/${config.pub-solar-os.authentication.robot.username}";
createHome = true;
useDefaultShell = true;
uid = 998;
group = "${config.pub-solar-os.authentication.robot.username}";
isSystemUser = true;
openssh.authorizedKeys.keys = config.pub-solar-os.authentication.robot.sshPubKeys;
}; };
})
{ }
flake.self.logins.admins)
// {
# TODO: Remove when we stop locking ourselves out.
root.openssh.authorizedKeys.keys = config.pub-solar-os.authentication.sshPubKeys;
root.initialHashedPassword = config.pub-solar-os.authentication.root.initialHashedPassword;
${config.pub-solar-os.authentication.robot.username} = {
description = "CI and automation user";
home = "/home/${config.pub-solar-os.authentication.robot.username}";
createHome = true;
useDefaultShell = true;
uid = 998;
group = "${config.pub-solar-os.authentication.robot.username}";
isSystemUser = true;
openssh.authorizedKeys.keys = config.pub-solar-os.authentication.robot.sshPubKeys;
}; };
};
users.groups = (lib.attrsets.foldlAttrs users.groups =
(acc: name: value: acc // { "${name}" = { }; }) (lib.attrsets.foldlAttrs (
{ } acc: name: value:
flake.self.logins.admins) acc // { "${name}" = { }; }
// { ) { } flake.self.logins.admins)
// {
${config.pub-solar-os.authentication.robot.username} = { }; ${config.pub-solar-os.authentication.robot.username} = { };
}; };