diff --git a/classes/desktop/gamemode.nix b/classes/desktop/gamemode.nix index 7e15ae5..b3cd1d2 100644 --- a/classes/desktop/gamemode.nix +++ b/classes/desktop/gamemode.nix @@ -3,9 +3,7 @@ lib, pkgs, ... -}: let - inherit (config.users) mainUser; -in { +}: { programs.gamemode = { enable = true; settings = { @@ -19,5 +17,5 @@ in { }; }; - users.users.${mainUser}.extraGroups = ["gamemode"]; + users.groups.gamemode.members = config.users.normalUsers; } diff --git a/classes/desktop/networking.nix b/classes/desktop/networking.nix index 62c30e7..3fe1ecf 100644 --- a/classes/desktop/networking.nix +++ b/classes/desktop/networking.nix @@ -1,6 +1,4 @@ -{config, ...}: let - inherit (config.users) mainUser; -in { +{config, ...}: { services.resolved.enable = true; networking = { @@ -11,5 +9,5 @@ in { firewall.enable = false; }; - users.users.${mainUser}.extraGroups = ["networkmanager"]; + users.groups.networkmanager.members = config.users.normalUsers; } diff --git a/common/user.nix b/common/main-user.nix similarity index 89% rename from common/user.nix rename to common/main-user.nix index 78511b7..d714e79 100644 --- a/common/user.nix +++ b/common/main-user.nix @@ -4,7 +4,6 @@ in { options = { users.mainUser = lib.mkOption { type = types.passwdEntry types.str; - default = "lukas"; description = '' The main user. ''; diff --git a/common/pubkeys.nix b/common/pubkeys.nix new file mode 100644 index 0000000..561ed0b --- /dev/null +++ b/common/pubkeys.nix @@ -0,0 +1,17 @@ +{ + lib, + self, + ... +}: { + options.pubkeys = let + inherit (lib) types; + in + lib.mkOption { + type = types.attrsOf (types.attrsOf types.str); + description = '' + Public keys. + ''; + }; + + config.pubkeys = import self + /pubkeys.nix; +} diff --git a/common/user-types.nix b/common/user-types.nix new file mode 100644 index 0000000..f9595f5 --- /dev/null +++ b/common/user-types.nix @@ -0,0 +1,33 @@ +{ + config, + lib, + ... +}: { + options.users = let + inherit (lib) types; + in { + normalUsers = lib.mkOption { + type = types.listOf (types.passwdEntry types.str); + description = '' + List of normal users. + ''; + }; + + systemUsers = lib.mkOption { + type = types.listOf (types.passwdEntry types.str); + description = '' + List of system users. + ''; + }; + }; + + config.users = let + filterUsers = pred: (lib.pipe config.users.users [ + (lib.filterAttrs (_: pred)) + builtins.attrNames + ]); + in { + normalUsers = filterUsers (user: user.isNormalUser); + systemUsers = filterUsers (user: user.isSystemUser); + }; +} diff --git a/common/users.nix b/common/users.nix index a550e86..5354763 100644 --- a/common/users.nix +++ b/common/users.nix @@ -10,18 +10,19 @@ in { users = { mutableUsers = false; + mainUser = "lukas"; + users = { root = { hashedPassword = "!"; - openssh.authorizedKeys.keys = builtins.attrValues (import ../pubkeys.nix).hosts; + openssh.authorizedKeys.keys = builtins.attrValues config.pubkeys.hosts; }; ${mainUser} = { description = "Lukas Wurzinger"; uid = 1000; isNormalUser = true; hashedPasswordFile = config.age.secrets."user-${mainUser}".path; - openssh.authorizedKeys.keys = builtins.attrValues (import ../pubkeys.nix).users; - extraGroups = ["wheel"]; + openssh.authorizedKeys.keys = builtins.attrValues config.pubkeys.users; }; }; }; diff --git a/common/wheel.nix b/common/wheel.nix new file mode 100644 index 0000000..8481639 --- /dev/null +++ b/common/wheel.nix @@ -0,0 +1,3 @@ +{config, ...}: { + users.groups.wheel.members = config.users.normalUsers; +} diff --git a/hosts/desktop/glacier/users.nix b/hosts/desktop/glacier/users.nix new file mode 100644 index 0000000..11c1a30 --- /dev/null +++ b/hosts/desktop/glacier/users.nix @@ -0,0 +1,9 @@ +{config, ...}: { + users.users.guest = { + description = "Guest"; + uid = 1001; + isNormalUser = true; + hashedPasswordFile = config.age.secrets."user-guest".path; + openssh.authorizedKeys.keys = builtins.attrValues config.pubkeys.users; + }; +} diff --git a/hosts/server/vessel/audiocomp.nix b/hosts/server/vessel/audiocomp.nix index 7d682ed..ffb3c7e 100644 --- a/hosts/server/vessel/audiocomp.nix +++ b/hosts/server/vessel/audiocomp.nix @@ -1,5 +1,5 @@ { - inputs, + self, lib, pkgs, ... @@ -12,7 +12,7 @@ pkgs.openssh ]; text = let - remoteDir = inputs.self.nixosConfigurations.abacus.config.services.navidrome.settings.MusicFolder; + remoteDir = self.nixosConfigurations.abacus.config.services.navidrome.settings.MusicFolder; enc = pkgs.writeShellApplication { name = "enc"; runtimeInputs = [ diff --git a/lib.nix b/lib.nix index a8e5c92..bee8104 100644 --- a/lib.nix +++ b/lib.nix @@ -40,6 +40,7 @@ lib: _: { }: lib.nixosSystem { specialArgs = { + inherit (inputs) self; inherit inputs lib; attrName = name; }; diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 5249bb7..111ffe9 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -1,5 +1,6 @@ with import ../pubkeys.nix; { "user-lukas.age".publicKeys = (builtins.attrValues users) ++ (builtins.attrValues hosts); + "user-guest.age".publicKeys = (builtins.attrValues users) ++ (builtins.attrValues hosts); "microbin.age".publicKeys = (builtins.attrValues users) ++ [hosts.abacus]; diff --git a/secrets/user-guest.age b/secrets/user-guest.age new file mode 100644 index 0000000..99525a3 --- /dev/null +++ b/secrets/user-guest.age @@ -0,0 +1,15 @@ +age-encryption.org/v1 +-> ssh-ed25519 SFHVrw 4jAZDtFvwOfUUK8LgLSCTElHNi+QilqWQyP4C/LNflU +qpvs//hyzk7nTOqc7pu/rFY4xAL9TVFzjle8l/gPveU +-> ssh-ed25519 S+dwQQ DK4BzHpq8fupZaiyxh7VQ5qoSY5iSEyd4Kv8PNrz70I +TmbFc3XbyvLESnAkLqFSfRskExzRcPVP8MfKHr/IkNA +-> ssh-ed25519 ffmsLw qY8W9fSy5UuhbeGoI1K+wgQvqrw9ttcNOYelmt71Kng +t2JX4gdYxn6OlKrqXqufwcRrUbOPAmjxXXZnDHkYlSw +-> ssh-ed25519 d2fKsw 3rX4vasW2uHU+bC/YFE2xVvHOFCcz7vmlLPbVrmzt3I +pJFFn19v2dxKM9+6fwW7dBBqXGePHx4LPfBdTg67DHE +-> ssh-ed25519 US6ATA +UHEcCtfoYaTs0U/hI7xLRfw/ZZAJRmqVfAXjgYh/Hk +Wr2HWbLJAvIRCuCeepwEVFCRRu1liER06ErCYHDCWgo +-> ssh-ed25519 Sm0lOA smM2jccrg/AodVMaG8TAXmi+kRTY7Dn2C+50VObvVUg +TV08Asyq60sVfyiveWJ+29zf4kfJ/l0SAKm1otNSHKo +--- DWHY6OyVQuPAcCZWMTt8I2fjoino1r33Dx1Mrr8NqoQ +LWR҆\%^JxbסL(7v.⥈̍7 ""1|i'>6>R+֊DHƃ57X` \ No newline at end of file