infrastructure/modules/dgn-access-control.nix

{ config, lib, dgn-lib, meta, name, ... }:

let
  nodeMeta = meta.nodes.${name};
  admins = meta.members.groups.root ++ nodeMeta.admins
    ++ (builtins.concatMap (g: meta.members.groups.${g}) nodeMeta.adminGroups);

  cfg = config.dgn-access-control;
in

with lib;

{
  options.dgn-access-control = {
    enable = mkEnableOption "DGNum access control." // { default = true; };

    users = mkOption {
      type = with types; attrsOf (listOf str);
      default = { };
      description = ''
        Attribute set describing which member has access to which user on the node.
      '';
    };
  };

  config = mkIf cfg.enable {
    # Admins have root access to the node
    dgn-access-control.users.root = mkDefault admins;

    users.users = builtins.mapAttrs
      (u: members: { openssh.authorizedKeys.keys = dgn-lib.getKeyFiles members; })
      cfg.users;

  };
}
modules: Init with access control 2023-05-22 15:07:03 +02:00			`{ config, lib, dgn-lib, meta, name, ... }:`

			`let`
			`nodeMeta = meta.nodes.${name};`
			`admins = meta.members.groups.root ++ nodeMeta.admins`
			`++ (builtins.concatMap (g: meta.members.groups.${g}) nodeMeta.adminGroups);`

			`cfg = config.dgn-access-control;`
			`in`

			`with lib;`

			`{`
			`options.dgn-access-control = {`
			`enable = mkEnableOption "DGNum access control." // { default = true; };`

			`users = mkOption {`
			`type = with types; attrsOf (listOf str);`
			`default = { };`
			`description = ''`
			`Attribute set describing which member has access to which user on the node.`
			`'';`
			`};`
			`};`

			`config = mkIf cfg.enable {`
			`# Admins have root access to the node`
			`dgn-access-control.users.root = mkDefault admins;`

			`users.users = builtins.mapAttrs`
			`(u: members: { openssh.authorizedKeys.keys = dgn-lib.getKeyFiles members; })`
			`cfg.users;`

			`};`
			`}`