1
Fork 0
satellite/hosts/nixos/common/optional/users/pilot.nix

91 lines
2.3 KiB
Nix
Raw Normal View History

2023-01-10 02:38:06 +01:00
{
2024-08-26 17:38:47 +02:00
pkgs,
outputs,
config,
lib,
...
}:
{
2024-08-27 23:28:37 +02:00
# This is it's own attribute in order to prevent infinite recursion
# in certain places.
2024-08-26 17:38:47 +02:00
satellite.pilot.name = lib.mkDefault "adrielus";
2024-05-21 01:37:39 +02:00
2024-08-27 23:28:37 +02:00
# {{{ Password handling
2024-05-21 01:37:39 +02:00
sops.secrets.pilot_password = {
2024-01-31 20:03:00 +01:00
sopsFile = ../secrets.yaml;
neededForUsers = true;
};
2024-08-27 23:28:37 +02:00
# }}}
2023-01-10 02:38:06 +01:00
users = {
# Configure users through nix only
mutableUsers = false;
2024-08-27 23:28:37 +02:00
# {{{ Create pilot user
2024-05-21 01:37:39 +02:00
users.pilot = {
inherit (config.satellite.pilot) name;
2024-07-08 03:18:36 +02:00
# This gets referenced in other parts of the config
uid = 1000;
2024-08-26 17:38:47 +02:00
# Adds me to some default groups, and creates the home dir
2023-05-28 02:00:10 +02:00
isNormalUser = true;
2023-12-12 14:32:06 +01:00
# Picked up by our persistence module
2024-05-21 01:37:39 +02:00
homeMode = "700";
2023-12-12 14:32:06 +01:00
2023-01-10 02:38:06 +01:00
# Add user to the following groups
extraGroups = [
2023-05-28 02:00:10 +02:00
"wheel" # Access to sudo
"lp" # Printers
"audio" # Audio devices
"video" # Webcam and the like
"network" # wpa_supplicant
2023-07-17 16:50:07 +02:00
"syncthing" # syncthing!
2023-01-10 02:38:06 +01:00
];
2024-05-21 01:37:39 +02:00
hashedPasswordFile = config.sops.secrets.pilot_password.path;
2024-01-31 20:03:00 +01:00
shell = pkgs.fish;
# {{{ Authorize ssh keys
openssh.authorizedKeys.keyFiles =
let
# Record containing all the hosts
hosts = outputs.nixosConfigurations;
# Function from hostname to relative path to public ssh key
idKey = host: ../../${host}/keys/id_ed25519.pub;
in
lib.pipe hosts [
# attrsetof host -> attrsetof path
(builtins.mapAttrs (name: _: idKey name)) # string -> host -> path
# attrsetof path -> path[]
builtins.attrValues
# path[] -> path[]
(builtins.filter builtins.pathExists)
];
# }}}
};
2024-08-27 23:28:37 +02:00
# }}}
2023-01-10 02:38:06 +01:00
};
2024-08-27 23:28:37 +02:00
# {{{ Set user-specific ssh permissions
# This is mainly useful because home-manager can often fail if the perms on
# `~/.ssh` are incorrect.
systemd.tmpfiles.rules =
let
user = config.users.users.pilot;
2024-08-27 23:35:21 +02:00
root = "/persist/state/${user.home}/ssh";
2024-08-27 23:28:37 +02:00
in
[
2024-08-28 00:18:45 +02:00
"d ${root} 0755 ${user.name} ${user.group}"
"d ${root}/.ssh 0755 ${user.name} ${user.group}"
"z ${root}/.ssh/id_*.pub 0755 ${user.name} ${user.group}"
"z ${root}/.ssh/id_rsa 0700 ${user.name} ${user.group}"
2024-08-28 00:10:02 +02:00
"z ${root}/.ssh/id_ed25519 0700 ${user.name} ${user.group}"
2024-08-27 23:28:37 +02:00
];
# }}}
2023-01-10 02:38:06 +01:00
}