auth: add user for each administrator #261

Open
b12f wants to merge 4 commits from per-admin-user into main
2 changed files with 41 additions and 38 deletions
Showing only changes of commit 2b72d9a5a8 - Show all commits

View file

@ -7,11 +7,10 @@ in
flake = {
logins = {
admins = admins;
wireguardDevices =
lib.lists.foldl
(wireguardDevices: adminConfig: wireguardDevices ++ (if adminConfig ? "wireguardDevices" then adminConfig.wireguardDevices else [ ]))
[ ]
(lib.attrsets.attrValues admins);
wireguardDevices = lib.lists.foldl (
wireguardDevices: adminConfig:
wireguardDevices ++ (if adminConfig ? "wireguardDevices" then adminConfig.wireguardDevices else [ ])
) [ ] (lib.attrsets.attrValues admins);
robots.sshPubKeys = lib.attrsets.attrValues robots;
};
};

View file

@ -31,8 +31,12 @@
};
config = {
users.users = (lib.attrsets.foldlAttrs
(acc: name: value: acc // { ${name} = {
users.users =
(lib.attrsets.foldlAttrs (
acc: name: value:
acc
// {
${name} = {
name = name;
group = name;
extraGroups = [
@ -42,9 +46,8 @@
isNormalUser = true;
openssh.authorizedKeys.keys = lib.attrsets.attrValues value.sshPubKeys;
};
})
{ }
flake.self.logins.admins)
}
) { } flake.self.logins.admins)
// {
# TODO: Remove when we stop locking ourselves out.
root.openssh.authorizedKeys.keys = config.pub-solar-os.authentication.sshPubKeys;
@ -62,10 +65,11 @@
};
};
users.groups = (lib.attrsets.foldlAttrs
(acc: name: value: acc // { "${name}" = { }; })
{ }
flake.self.logins.admins)
users.groups =
(lib.attrsets.foldlAttrs (
acc: name: value:
acc // { "${name}" = { }; }
) { } flake.self.logins.admins)
// {
${config.pub-solar-os.authentication.robot.username} = { };
};