ellmau/nixos
1
0
Fork 0
mirror of https://github.com/ellmau/nixos.git synced 2025-12-19 09:29:36 +01:00
Code Issues Projects Releases Wiki Activity

Add user file options and the actual file

Browse Source
This commit is contained in:
Stefan Ellmauthaler 2022-05-11 10:14:42 +02:00
parent b77a255a38
commit 91581ebb15
Failed to extract signature
2 changed files with 136 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
common/users.nix Normal file
View File

@ -0,0 +1,23 @@
{ config, pkgs, lib, ... }:
with lib; {
config = {
elss = {
users = {
enable = true;
admiins = [ "ellmau" ];
users = [ ];
meta = {
ellmau = {
description = "Stefan Ellmauthaler";
mailAddress = "stefan.ellmauthaler@tu-dresden.de";
hashedPassword = "$6$8TtAMwO3cf6EK0uH$k6MVV.H/DDNdb3yMWwv/z4Bo9TT9WYxCKqILh50t8YBR67SGbA1wRoho6FLTSRJmu.YGDUJARR3nXE27h.ve0/";
publicKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII0XgjNGsqo8gbtPTpH8pHCdGQyGNWdKcSAmyhiLBLM3 stefan.ellmauthaler@tu-dresden.de"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCyL/ynqq4pMhALzbLky9b/+Oledo8X21bWOKWUyBUlXp9u35WkU5BnSbHZ79TxuKl+Lw28hXItW/xtyDdVEPAKx6uopA9alMMbRr0ghpkEyc76Pdh3TcXDNj613i2Rwx9nHMJpcuWcl8rKtoorH4z3GzftJoWMQbvmYhy0kctLXsf81Ud9eKOELzftLILDYa7/L9C08x3b/vfK90vK0AdiQU0nZf+XmbPT5wosAjTzFrigSpSaoqdJhEhq9V3dRTPVM6DT7gEVCzgcFDJJKRGx944ivMubtzKffirF/RgDaLkD6WHlV3Ymg1gSpKAswY2QwcnV0mkRofWh8y1/eGckNJ0CJ7vv2GKZUI7AVjUyEZq1GxDMEhLN12SHoOby/hP3BeCTEcZeDqPj28ZlS8e+oF0dTJnwsD6nHPV5xlPdQeyD17QF7HUoNd/wV+SzRGzaVz6AEh2vodSt2t9eaugMK3L/xiOSrguhkyJEI95cJgBOC+i4BF+poOikACzZPIpQ8bx0HKEynDsM4QlNvKmjS6uBQuLaUjaQIHjEt24MiAJdhxHZIsSliMzmRycs9jRMBj4WiSolee6j+YDm7e/l1vSE3mRO23atPOWvIF+1+r1LGFWLQp2j8iQJJ6DyX4+5Nkk0VrM0JCinNWTj+1C4hxvqwzrZ5i5mMYgSTJYx0w== nucturne"
];
};
};
};
};
};
}

113
modules/users.nix Normal file
View File

@ -0,0 +1,113 @@
{ config, pkgs, lib, ... }:
with lib; {
options.elss.users = {
enable = mkEnableOption "elss specific user configuration";
commonUserFile = mkOption {
type = types.attrsOf
(types.submodule{
options = {
enable = mkEnableOption "use a common file of users";
fileLoc = mkOption {
description = "path to the file of users";
type = types.path;
default = ../common/users.nix;
};
};
});
};
users = mkOption {
description = "logins of non-admin users to configure";
type = types.listOf types.str;
};
admins = mkOption {
description = "logins of admin users to configure";
type = types.listOf types.str;
};
meta = mkOption {
type = types.attrsOf
(types.submodule {
options = {
description = mkOption {
type = types.str;
description = "full name of the user";
};
hashedPassword = mkOption
{
type = types.str;
default = null;
description = "hashed password, only required for admins";
};
publicKeys = mkOption {
type = types.listOf types.str;
description = "SSH public keys for the user";
};
mailAddress = mkOption {
type = types.str;
description = "Email address of the user";
};
};
});
};
};
config =
let
cfg = config.elss.users;
inherit (elss.withConfig config) mapAdmins mapUsers mapAllUsersAndRoot;
getMeta = login:
builtins.getAttr login cfg.meta;
mkAdmin = login:
mkMerge [
(mkUser login)
{
extraGroups = [ "wheel" ];
inherit (getMeta login) hashedPassword;
}
];
mkUser = login:
let meta = getMeta login;
in
{
inherit (meta) description;
isNormalUser = true;
home = "/home/${login}";
extraGroups = [ ];
openssh.authorizedKeys.keys = meta.publicKeys;
};
in
mkIf (cfg.enable)
{
assertions =
let
cfg = config.elss.users;
in
[
{
assertion = mutuallyExclusive cfg.users cfg.admins;
message = "kbs.users.users and kbs.users.admins are mutually exclusive";
}
{
assertion = all (hash: hash != "")
(catAttrs "hashedPassword" (attrVals cfg.admins cfg.meta));
message = "No admin without password";
}
{
assertion = length (cfg.admins) > 0;
message = "One admin needed at least";
}
];
users = {
mutableUsers = false;
users =
mkMerge [
(mapAdmins mkAdmin)
(mapUsers mkUser)
];
};
};
}