diff --git a/machines/ap01/_configuration.nix b/machines/ap01/_configuration.nix index 716256d..0284ae0 100644 --- a/machines/ap01/_configuration.nix +++ b/machines/ap01/_configuration.nix @@ -14,11 +14,11 @@ let # inherit (pkgs) writeText; svc = config.system.service; secrets-1 = { - ssid = "Zyxel 2G (N)"; + ssid = "DGNum 2G prototype (N)"; wpa_passphrase = "diamond dogs"; }; secrets-2 = { - ssid = "Zyxel 5G (AX)"; + ssid = "DGNum 5G prototype (AX)"; wpa_passphrase = "diamond dogs"; }; baseParams = { @@ -72,19 +72,20 @@ rec { "${modulesPath}/ntp" "${modulesPath}/vlan" "${modulesPath}/bridge" + ../../modules/dgn-access-control.nix + # TODO: god that's so a fucking hack. + (import "${modulesPath}/../devices/zyxel-nwa50ax").module ]; - hostname = "zyxel"; + hostname = "ap01-prototype"; + # SSH keys are handled by the access control module. + dgn-access-control.enable = true; users.root = { # EDIT: choose a root password and then use # "mkpasswd -m sha512crypt" to determine the hash. # It should start wirh $6$. - passwd = "$y$j9T$f8GhLiqYmr3lc58eKhgyD0$z7P/7S9u.kq/cANZExxhS98bze/6i7aBxU6tbl7RMi."; - openssh.authorizedKeys.keys = [ - # EDIT: you can add your ssh pubkey here - # "ssh-rsa AAAAB3NzaC1....H6hKd user@example.com"; - ]; + passwd = "$6$jVXFFOp8HBYmgINR$lutB4kvw.W1jlXRby9ZYAgBitQ32RxQdYAGN.s2x4ris8J07vM6tzlRBQoeLELOIEMClDzbciQV0itfHQnTqd1"; }; services.int = svc.bridge.primary.build { ifname = "int"; }; diff --git a/meta/nodes.nix b/meta/nodes.nix index a531edb..941fd8e 100644 --- a/meta/nodes.nix +++ b/meta/nodes.nix @@ -140,6 +140,7 @@ # Access points definition ap01 = { site = "unknown"; + adminGroups = [ "fai" ]; system = "zyxel-nwa50ax"; }; diff --git a/meta/organization.nix b/meta/organization.nix index d5796f0..b9c9b29 100644 --- a/meta/organization.nix +++ b/meta/organization.nix @@ -114,6 +114,12 @@ "fai" ]; + # AP administration DGNum + ap.adminGroups = [ + "root" + "fai" + ]; + # Videos DGNum peertube.admins = [ "thubrecht" ]; }; diff --git a/modules/dgn-access-control.nix b/modules/dgn-access-control.nix index 9e6db4a..4e85a34 100644 --- a/modules/dgn-access-control.nix +++ b/modules/dgn-access-control.nix @@ -84,18 +84,24 @@ in { # Admins have root access to the node dgn-access-control.users.root = mkDefault admins; - - users.users = builtins.mapAttrs (_: members: { - openssh.authorizedKeys.keys = dgn-keys.getKeys members; - }) cfg.users; } - { + (mkIf (nodeMeta.system == "nixos") { users = { mutableUsers = false; users.root = { inherit (nodeMeta) hashedPassword; }; }; - } + }) + (mkIf (nodeMeta.system == "nixos") { + users.users = builtins.mapAttrs (_: members: { + openssh.authorizedKeys.keys = dgn-keys.getKeys members; + }) cfg.users; + }) + (mkIf (nodeMeta.system == "zyxel-nwa50ax") { + users = builtins.mapAttrs (_: members: { + openssh.authorizedKeys.keys = dgn-keys.getKeys members; + }) cfg.users; + }) ]); }