infrastructure/modules/dgn-access-control.nix

35 lines
869 B
Nix

{ config, lib, dgn-lib, meta, name, ... }:
let
nodeMeta = meta.nodes.${name};
admins = meta.members.groups.root ++ nodeMeta.admins
++ (builtins.concatMap (g: meta.members.groups.${g}) nodeMeta.adminGroups);
cfg = config.dgn-access-control;
in
with lib;
{
options.dgn-access-control = {
enable = mkEnableOption "DGNum access control." // { default = true; };
users = mkOption {
type = with types; attrsOf (listOf str);
default = { };
description = ''
Attribute set describing which member has access to which user on the node.
'';
};
};
config = mkIf cfg.enable {
# Admins have root access to the node
dgn-access-control.users.root = mkDefault admins;
users.users = builtins.mapAttrs
(u: members: { openssh.authorizedKeys.keys = dgn-lib.getAllKeys members; })
cfg.users;
};
}