lbailly/infrastructure
1
0
Fork 0
forked from DGNum/infrastructure
Code Pull requests Activity

feat(modules/dgn-access-control): support Liminix systems

Browse source 
Liminix are not totally aligned with their implementation of users.

Signed-off-by: Ryan Lahfa <ryan@dgnum.eu>
This commit is contained in:
Ryan Lahfa 2024-12-07 16:19:59 +01:00 committed by Tom Hubrecht
parent a2a6bf8d1c
commit d9a6d38d5e
Signed by: thubrecht
SSH key fingerprint: SHA256:r+nK/SIcWlJ0zFZJGHtlAoRwq1Rm+WcKAm5ADYMoQPc
1 changed files with 15 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
modules/nixos/dgn-access-control.nix
View file

@ -47,6 +47,7 @@ let
mkIf mkIf
mkMerge mkMerge
mkOption mkOption
optionalAttrs
types types
; ;
@ -84,18 +85,21 @@ in
{ {
# Admins have root access to the node # Admins have root access to the node
dgn-access-control.users.root = mkDefault admins; dgn-access-control.users.root = mkDefault admins;
}
users.users = builtins.mapAttrs (_: members: { (optionalAttrs (nodeMeta.nixpkgs.system == "nixos") {
users.mutableUsers = false;
users.users = builtins.mapAttrs (
username: members:
{
openssh.authorizedKeys.keys = dgn-keys.getKeys members;
}
// optionalAttrs (username == "root") { inherit (nodeMeta) hashedPassword; }
) cfg.users;
})
(optionalAttrs (nodeMeta.nixpkgs.system == "zyxel-nwa50ax") {
users = builtins.mapAttrs (_: members: {
openssh.authorizedKeys.keys = dgn-keys.getKeys members; openssh.authorizedKeys.keys = dgn-keys.getKeys members;
}) cfg.users; }) cfg.users;
} })
{
users = {
mutableUsers = false;
users.root = {
inherit (nodeMeta) hashedPassword;
};
};
}
]); ]);
} }