Commit 40311918f548
Changed files (7)
systems
modules
profiles
systems/modules/profiles/default.nix
@@ -22,7 +22,6 @@
./scanning.nix
./ssh.nix
./syncthing.nix
- ./users.nix
./virtualization.nix
./wireguard.server.nix
./yubikey.nix
systems/modules/profiles/users.nix
@@ -1,79 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-let
- cfg = config.profiles.users;
- secretPath = ../../../secrets/machines.nix;
- secretCondition = (builtins.pathExists secretPath);
-
- isAuthorized = p: builtins.isAttrs p && p.authorized or false;
- authorizedKeys = lists.optionals secretCondition (
- attrsets.mapAttrsToList
- (name: value: value.key)
- (attrsets.filterAttrs (name: value: isAuthorized value) (import secretPath).ssh)
- );
-in
-{
- options = {
- profiles.users = {
- enable = mkOption {
- default = true;
- description = "Enable users profile";
- type = types.bool;
- };
- user = mkOption {
- default = "vincent";
- description = "Username to use when creating user";
- type = types.str;
- };
- };
- };
- config = mkIf cfg.enable (mkMerge [
- {
- users = {
- extraUsers = {
- ${cfg.user} = {
- isNormalUser = true;
- uid = 1000;
- createHome = true;
- extraGroups = [ "wheel" "input" ] ++ optionals config.profiles.desktop.enable [ "audio" "video" "lp" "scanner" "networkmanager" ]
- ++ optionals config.profiles.docker.enable [ "docker" ]
- ++ optionals config.profiles.buildkit.enable [ "buildkit" ]
- ++ optionals config.profiles.virtualization.enable [ "libvirtd" "vboxusers" ];
- shell = if config.programs.fish.enable then pkgs.fish else pkgs.zsh;
- initialPassword = "changeMe";
- subUidRanges = [{ startUid = 100000; count = 65536; }];
- subGidRanges = [{ startGid = 100000; count = 65536; }];
- openssh.authorizedKeys.keys = authorizedKeys;
- };
- };
- };
- }
- (
- mkIf secretCondition {
- programs.ssh.extraConfig = with import ../../../secrets/machines.nix; ''
- Host kerkouane kerkouane.sbr.pm
- Hostname kerkouane.sbr.pm
- Port ${toString ssh.kerkouane.port}
- Host kerkouane.vpn ${wireguard.ips.kerkouane}
- Hostname ${wireguard.ips.kerkouane}
- Port ${toString ssh.kerkouane.port}
- Host carthage carthage.sbr.pm
- Hostname carthage.sbr.pm
- Port ${toString ssh.carthage.port}
- Host carthage.vpn ${wireguard.ips.carthage}
- Hostname ${wireguard.ips.carthage}
- Port ${toString ssh.carthage.port}
- Host hokkaido.vpn ${wireguard.ips.hokkaido}
- Hostname ${wireguard.ips.hokkaido}
- Host honshu.vpn ${wireguard.ips.honshu}
- Hostname ${wireguard.ips.honshu}
- Host okinawa.vpn ${wireguard.ips.okinawa}
- Hostname ${wireguard.ips.okinawa}
- Host wakasu.vpn ${wireguard.ips.wakasu}
- Hostname ${wireguard.ips.wakasu}
- '';
- }
- )
- ]);
-}
systems/hokkaido.nix
@@ -42,8 +42,6 @@ in
ssh.enable = true;
dev.enable = true;
yubikey.enable = true;
- # FIXME remove the need for it
- users.enable = false;
};
services = {
systems/kerkouane.nix
@@ -39,10 +39,6 @@ in
git.enable = true;
ssh.enable = true;
syncthing.enable = true;
-
- # FIXME remove the need for it
- users.enable = false;
-
wireguard.server.enable = true;
};
systems/okinawa.nix
@@ -57,8 +57,6 @@ in
ssh.enable = true;
syncthing.enable = true;
virtualization = { enable = true; nested = true; listenTCP = true; };
- # FIXME remove the need for it
- users.enable = false;
};
services = {
systems/sakhalin.nix
@@ -63,8 +63,6 @@ in
ssh.enable = true;
syncthing.enable = true;
virtualization = { enable = true; nested = true; listenTCP = true; };
- # FIXME remove the need for it
- users.enable = false;
};
fileSystems."/export/gaia" = { device = "/mnt/gaia"; options = [ "bind" ]; };
systems/wakasu.nix
@@ -56,8 +56,6 @@ in
ssh = { enable = true; forwardX11 = true; };
virtualization = { enable = true; nested = true; listenTCP = true; };
yubikey.enable = true;
- # FIXME remove the need for it
- users.enable = false;
};
programs = {
podman.enable = true;