fix(build01/nix-builder): Use dgn-access-control

2025-01-10 19:26:24 +01:00 · 2025-01-10 19:26:24 +01:00 · 07d226a06e
commit 07d226a06e
parent 4b30fb8a36
2 changed files with 2 additions and 7 deletions
--- a/machines/nixos/build01/nix-builder.nix
+++ b/machines/nixos/build01/nix-builder.nix
@ -8,15 +8,9 @@
  meta,
  ...
 }:
-let
-  keys = (import ../../../keys)._keys;
-in
 {
  config = {
-    users.users = lib.genAttrs meta.organization.groups.nix-builder (u: {
-      isNormalUser = true;
-      openssh.authorizedKeys.keys = keys.${u};
-    });
+    dgn-access-control.users = lib.genAttrs meta.organization.groups.nix-builder (u: lib.singleton u);

    security.pam.loginLimits = [
      {
--- a/modules/nixos/dgn-access-control.nix
+++ b/modules/nixos/dgn-access-control.nix
@ -58,6 +58,7 @@ in
    users.users = builtins.mapAttrs (
      username: members:
      {
+        isNormalUser = lib.mkIf (username != "root") true;
        openssh.authorizedKeys.keys = dgn-keys.getKeys members;
      }
      // optionalAttrs (username == "root") { inherit (nodeMeta) hashedPassword; }