From 07d226a06e62bb5bf85791f48fb9aa053fac93c4 Mon Sep 17 00:00:00 2001
From: sinavir <sinavir@sinavir.fr>
Date: Fri, 10 Jan 2025 19:26:24 +0100
Subject: [PATCH] fix(build01/nix-builder): Use dgn-access-control

---
 machines/nixos/build01/nix-builder.nix | 8 +-------
 modules/nixos/dgn-access-control.nix   | 1 +
 2 files changed, 2 insertions(+), 7 deletions(-)

diff --git a/machines/nixos/build01/nix-builder.nix b/machines/nixos/build01/nix-builder.nix
index d21fec4..e8dcfcd 100644
--- a/machines/nixos/build01/nix-builder.nix
+++ b/machines/nixos/build01/nix-builder.nix
@@ -8,15 +8,9 @@
   meta,
   ...
 }:
-let
-  keys = (import ../../../keys)._keys;
-in
 {
   config = {
-    users.users = lib.genAttrs meta.organization.groups.nix-builder (u: {
-      isNormalUser = true;
-      openssh.authorizedKeys.keys = keys.${u};
-    });
+    dgn-access-control.users = lib.genAttrs meta.organization.groups.nix-builder (u: lib.singleton u);
 
     security.pam.loginLimits = [
       {
diff --git a/modules/nixos/dgn-access-control.nix b/modules/nixos/dgn-access-control.nix
index b366f3b..ee1468b 100644
--- a/modules/nixos/dgn-access-control.nix
+++ b/modules/nixos/dgn-access-control.nix
@@ -58,6 +58,7 @@ in
     users.users = builtins.mapAttrs (
       username: members:
       {
+        isNormalUser = lib.mkIf (username != "root") true;
         openssh.authorizedKeys.keys = dgn-keys.getKeys members;
       }
       // optionalAttrs (username == "root") { inherit (nodeMeta) hashedPassword; }