users: add kerberos remote builder

1 files changed, 20 insertions, 24 deletions

diff --git a/config/users.nix b/config/users.nix
index 8dc27a3..777777c 100644
--- a/config/users.nix
+++ b/config/users.nix
@@ -1,29 +1,25 @@
-{pkgs, ...}: {
-  personal.user.enable = true;
-  users = {
-    users = {
-      nixremote = {
-        isSystemUser = true;
-        shell = pkgs.busybox-sandbox-shell;
-        group = "nixremote";
-        openssh.authorizedKeys.keys = [
-          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEgohiYF2Dsaq6ImGaslnKJMwpiVtwAaM9cm1tpSRr7t root@kerberos"
-        ];
-      };
-      hermes = {
-        isNormalUser = true;
-        shell = pkgs.busybox-sandbox-shell;
-        openssh.authorizedKeys.keys = [
-          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGstvYymapGvkjvKbFqkMZtE9ft9uEM13n8q798HtOT+ root@hermes"
-        ];
-        homeMode = "700";
-      };
-    };
-    groups.nixremote = {};
+{
+  lib,
+  pkgs,
+  ...
+}: let
+  remoteBuildingUsers = {
+    hermes = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGstvYymapGvkjvKbFqkMZtE9ft9uEM13n8q798HtOT+ root@hermes";
+    kerberos = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEgohiYF2Dsaq6ImGaslnKJMwpiVtwAaM9cm1tpSRr7t root@kerberos";
   };
+in {
+  personal.user.enable = true;
+  users.users =
+    builtins.mapAttrs (_: key: {
+      isNormalUser = true;
+      shell = pkgs.busybox-sandbox-shell;
+      openssh.authorizedKeys.keys = [key];
+      homeMode = "700";
+    })
+    remoteBuildingUsers;
 
-  system.userActivationScripts.hermesSetup = ''
-    if [ $(whoami) = hermes ]
+  system.userActivationScripts.remoteBuildingSetup = ''
+    if [[ $(whoami) = @(${lib.concatStringsSep "|" (builtins.attrNames remoteBuildingUsers)}) ]]
     then
       mkdir --parents --mode=700 nixos-configuration
       git init --bare nixos-configuration