refactor(ops/modules): Move user configuration into module
Rather than defining all system users inline on whitby, move them into a module that can be imported on multiple machines. Configuration for terminfos that we've added follows along. Note that while doing this I've disabled logins for riking and isomer since they are currently inactive in TVL. Change-Id: Id18031d355afc34079c5e6e49dc6943e61809a8f Reviewed-on: https://cl.tvl.fyi/c/depot/+/5298 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org> Autosubmit: tazjin <tazjin@tvl.su>
This commit is contained in:
parent
c72c1efdeb
commit
dd5ce78dbd
2 changed files with 95 additions and 80 deletions
|
@ -24,6 +24,7 @@ in
|
||||||
"${depot.path}/ops/modules/sourcegraph.nix"
|
"${depot.path}/ops/modules/sourcegraph.nix"
|
||||||
"${depot.path}/ops/modules/tvl-buildkite.nix"
|
"${depot.path}/ops/modules/tvl-buildkite.nix"
|
||||||
"${depot.path}/ops/modules/tvl-slapd/default.nix"
|
"${depot.path}/ops/modules/tvl-slapd/default.nix"
|
||||||
|
"${depot.path}/ops/modules/tvl-users.nix"
|
||||||
"${depot.path}/ops/modules/www/atward.tvl.fyi.nix"
|
"${depot.path}/ops/modules/www/atward.tvl.fyi.nix"
|
||||||
"${depot.path}/ops/modules/www/auth.tvl.fyi.nix"
|
"${depot.path}/ops/modules/www/auth.tvl.fyi.nix"
|
||||||
"${depot.path}/ops/modules/www/b.tvl.fyi.nix"
|
"${depot.path}/ops/modules/www/b.tvl.fyi.nix"
|
||||||
|
@ -456,24 +457,19 @@ in
|
||||||
services.fail2ban.enable = true;
|
services.fail2ban.enable = true;
|
||||||
|
|
||||||
environment.systemPackages = (with pkgs; [
|
environment.systemPackages = (with pkgs; [
|
||||||
alacritty.terminfo
|
|
||||||
bat
|
bat
|
||||||
bb
|
bb
|
||||||
curl
|
curl
|
||||||
direnv
|
direnv
|
||||||
emacs-nox
|
emacs-nox
|
||||||
fd
|
fd
|
||||||
foot.terminfo
|
|
||||||
git
|
git
|
||||||
htop
|
htop
|
||||||
hyperfine
|
hyperfine
|
||||||
jq
|
jq
|
||||||
# TODO(sterni): re-enable when the kitty build is fixed upstreams
|
|
||||||
# kitty.terminfo
|
|
||||||
nano
|
nano
|
||||||
nvd
|
nvd
|
||||||
ripgrep
|
ripgrep
|
||||||
rxvt_unicode.terminfo
|
|
||||||
tree
|
tree
|
||||||
unzip
|
unzip
|
||||||
vim
|
vim
|
||||||
|
@ -645,81 +641,6 @@ in
|
||||||
];
|
];
|
||||||
|
|
||||||
users = {
|
users = {
|
||||||
users.tazjin = {
|
|
||||||
isNormalUser = true;
|
|
||||||
extraGroups = [ "git" "wheel" ];
|
|
||||||
shell = pkgs.fish;
|
|
||||||
openssh.authorizedKeys.keys = depot.users.tazjin.keys.all;
|
|
||||||
};
|
|
||||||
|
|
||||||
users.lukegb = {
|
|
||||||
isNormalUser = true;
|
|
||||||
extraGroups = [ "git" "wheel" ];
|
|
||||||
openssh.authorizedKeys.keys = depot.users.lukegb.keys.all;
|
|
||||||
};
|
|
||||||
|
|
||||||
users.grfn = {
|
|
||||||
isNormalUser = true;
|
|
||||||
extraGroups = [ "git" "wheel" ];
|
|
||||||
openssh.authorizedKeys.keys = [
|
|
||||||
depot.users.grfn.keys.whitby
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
users.isomer = {
|
|
||||||
isNormalUser = true;
|
|
||||||
extraGroups = [ "git" ];
|
|
||||||
openssh.authorizedKeys.keys = depot.users.isomer.keys.all;
|
|
||||||
};
|
|
||||||
|
|
||||||
users.riking = {
|
|
||||||
isNormalUser = true;
|
|
||||||
extraGroups = [ "git" ];
|
|
||||||
openssh.authorizedKeys.keys = depot.users.riking.keys.u2f ++ depot.users.riking.keys.passworded;
|
|
||||||
};
|
|
||||||
|
|
||||||
users.edef = {
|
|
||||||
isNormalUser = true;
|
|
||||||
extraGroups = [ "git" ];
|
|
||||||
openssh.authorizedKeys.keys = depot.users.edef.keys.all;
|
|
||||||
};
|
|
||||||
|
|
||||||
users.qyliss = {
|
|
||||||
isNormalUser = true;
|
|
||||||
extraGroups = [ "git" ];
|
|
||||||
openssh.authorizedKeys.keys = depot.users.qyliss.keys.all;
|
|
||||||
};
|
|
||||||
|
|
||||||
users.eta = {
|
|
||||||
isNormalUser = true;
|
|
||||||
extraGroups = [ "git" ];
|
|
||||||
openssh.authorizedKeys.keys = depot.users.eta.keys.whitby;
|
|
||||||
};
|
|
||||||
|
|
||||||
users.cynthia = {
|
|
||||||
isNormalUser = true; # I'm normal OwO :3
|
|
||||||
extraGroups = [ "git" ];
|
|
||||||
openssh.authorizedKeys.keys = depot.users.cynthia.keys.all;
|
|
||||||
};
|
|
||||||
|
|
||||||
users.firefly = {
|
|
||||||
isNormalUser = true;
|
|
||||||
extraGroups = [ "git" ];
|
|
||||||
openssh.authorizedKeys.keys = depot.users.firefly.keys.whitby;
|
|
||||||
};
|
|
||||||
|
|
||||||
users.sterni = {
|
|
||||||
isNormalUser = true;
|
|
||||||
extraGroups = [ "git" "wheel" ];
|
|
||||||
openssh.authorizedKeys.keys = depot.users.sterni.keys.all;
|
|
||||||
};
|
|
||||||
|
|
||||||
users.flokli = {
|
|
||||||
isNormalUser = true;
|
|
||||||
extraGroups = [ "git" ];
|
|
||||||
openssh.authorizedKeys.keys = depot.users.flokli.keys.all;
|
|
||||||
};
|
|
||||||
|
|
||||||
# Set up a user & group for git shenanigans
|
# Set up a user & group for git shenanigans
|
||||||
groups.git = { };
|
groups.git = { };
|
||||||
users.git = {
|
users.git = {
|
||||||
|
|
94
ops/modules/tvl-users.nix
Normal file
94
ops/modules/tvl-users.nix
Normal file
|
@ -0,0 +1,94 @@
|
||||||
|
# Standard NixOS users for TVL machines, as well as configuration that
|
||||||
|
# should following along when they are added to a machine.
|
||||||
|
{ depot, pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
users = {
|
||||||
|
users.tazjin = {
|
||||||
|
isNormalUser = true;
|
||||||
|
extraGroups = [ "git" "wheel" ];
|
||||||
|
shell = pkgs.fish;
|
||||||
|
openssh.authorizedKeys.keys = depot.users.tazjin.keys.all;
|
||||||
|
};
|
||||||
|
|
||||||
|
users.lukegb = {
|
||||||
|
isNormalUser = true;
|
||||||
|
extraGroups = [ "git" "wheel" ];
|
||||||
|
openssh.authorizedKeys.keys = depot.users.lukegb.keys.all;
|
||||||
|
};
|
||||||
|
|
||||||
|
users.grfn = {
|
||||||
|
isNormalUser = true;
|
||||||
|
extraGroups = [ "git" "wheel" ];
|
||||||
|
openssh.authorizedKeys.keys = [
|
||||||
|
depot.users.grfn.keys.whitby
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
users.edef = {
|
||||||
|
isNormalUser = true;
|
||||||
|
extraGroups = [ "git" ];
|
||||||
|
openssh.authorizedKeys.keys = depot.users.edef.keys.all;
|
||||||
|
};
|
||||||
|
|
||||||
|
users.qyliss = {
|
||||||
|
isNormalUser = true;
|
||||||
|
extraGroups = [ "git" ];
|
||||||
|
openssh.authorizedKeys.keys = depot.users.qyliss.keys.all;
|
||||||
|
};
|
||||||
|
|
||||||
|
users.eta = {
|
||||||
|
isNormalUser = true;
|
||||||
|
extraGroups = [ "git" ];
|
||||||
|
openssh.authorizedKeys.keys = depot.users.eta.keys.whitby;
|
||||||
|
};
|
||||||
|
|
||||||
|
users.cynthia = {
|
||||||
|
isNormalUser = true; # I'm normal OwO :3
|
||||||
|
extraGroups = [ "git" ];
|
||||||
|
openssh.authorizedKeys.keys = depot.users.cynthia.keys.all;
|
||||||
|
};
|
||||||
|
|
||||||
|
users.firefly = {
|
||||||
|
isNormalUser = true;
|
||||||
|
extraGroups = [ "git" ];
|
||||||
|
openssh.authorizedKeys.keys = depot.users.firefly.keys.whitby;
|
||||||
|
};
|
||||||
|
|
||||||
|
users.sterni = {
|
||||||
|
isNormalUser = true;
|
||||||
|
extraGroups = [ "git" "wheel" ];
|
||||||
|
openssh.authorizedKeys.keys = depot.users.sterni.keys.all;
|
||||||
|
};
|
||||||
|
|
||||||
|
users.flokli = {
|
||||||
|
isNormalUser = true;
|
||||||
|
extraGroups = [ "git" ];
|
||||||
|
openssh.authorizedKeys.keys = depot.users.flokli.keys.all;
|
||||||
|
};
|
||||||
|
|
||||||
|
# Temporarily disabled (inactive) users.
|
||||||
|
users.isomer = {
|
||||||
|
isNormalUser = true;
|
||||||
|
extraGroups = [ "git" ];
|
||||||
|
shell = "${pkgs.nologin}/bin/nologin";
|
||||||
|
openssh.authorizedKeys.keys = depot.users.isomer.keys.all;
|
||||||
|
};
|
||||||
|
|
||||||
|
users.riking = {
|
||||||
|
isNormalUser = true;
|
||||||
|
extraGroups = [ "git" ];
|
||||||
|
shell = "${pkgs.nologin}/bin/nologin";
|
||||||
|
openssh.authorizedKeys.keys = depot.users.riking.keys.u2f ++ depot.users.riking.keys.passworded;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
environment.systemPackages = with pkgs; [
|
||||||
|
alacritty.terminfo
|
||||||
|
foot.terminfo
|
||||||
|
rxvt_unicode.terminfo
|
||||||
|
|
||||||
|
# TODO(sterni): re-enable when the kitty build is fixed upstreams
|
||||||
|
# kitty.terminfo
|
||||||
|
];
|
||||||
|
}
|
Loading…
Reference in a new issue