DGNum/infrastructure
12
6
Fork 3
Code Issues 16 Pull requests 11 Projects 1 Releases Packages Wiki Activity Actions

feat(modules/dgn-access-control): support Liminix systems

Browse source 
Liminix are not totally aligned with their implementation of users.

Signed-off-by: Ryan Lahfa <ryan@dgnum.eu>
This commit is contained in:
Ryan Lahfa 2024-12-07 16:19:59 +01:00 committed by Tom Hubrecht
parent a2a6bf8d1c
commit d9a6d38d5e
Signed by: thubrecht
SSH key fingerprint: SHA256:r+nK/SIcWlJ0zFZJGHtlAoRwq1Rm+WcKAm5ADYMoQPc
1 changed files with 15 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
modules/nixos/dgn-access-control.nix
View file

@ -47,6 +47,7 @@ let
mkIf
mkMerge
mkOption
optionalAttrs
types
;
@ -84,18 +85,21 @@ in
{
# Admins have root access to the node
dgn-access-control.users.root = mkDefault admins;
users.users = builtins.mapAttrs (_: members: {
}
(optionalAttrs (nodeMeta.nixpkgs.system == "nixos") {
users.mutableUsers = false;
users.users = builtins.mapAttrs (
username: members:
{
openssh.authorizedKeys.keys = dgn-keys.getKeys members;
}
// optionalAttrs (username == "root") { inherit (nodeMeta) hashedPassword; }
) cfg.users;
})
(optionalAttrs (nodeMeta.nixpkgs.system == "zyxel-nwa50ax") {
users = builtins.mapAttrs (_: members: {
openssh.authorizedKeys.keys = dgn-keys.getKeys members;
}) cfg.users;
}
{
users = {
mutableUsers = false;
users.root = {
inherit (nodeMeta) hashedPassword;
};
};
}
})
]);
}