diff options
| author | quentin@aristote.fr <quentin@aristote.fr> | 2025-03-22 20:28:09 +0100 |
|---|---|---|
| committer | quentin@aristote.fr <quentin@aristote.fr> | 2025-03-22 21:09:52 +0100 |
| commit | bb6a5af93bae9d3b234d4352bdf476d56ef652d5 (patch) | |
| tree | 90ee5d52356b583f46ea24bcfd55ea6e213b180e /config | |
| parent | 824f144cf0e0caf129cca8495a990ab99fffc045 (diff) | |
users: add kerberos remote builder
Diffstat (limited to 'config')
| -rw-r--r-- | config/system.nix | 4 | ||||
| -rw-r--r-- | config/users.nix | 44 |
2 files changed, 24 insertions, 24 deletions
diff --git a/config/system.nix b/config/system.nix index 5a568a2..870ca71 100644 --- a/config/system.nix +++ b/config/system.nix @@ -3,4 +3,8 @@ flake = "git+file:///etc/nixos/"; autoUpgrade.enable = true; }; + system.autoUpgrade = { + dates = "12:30"; + allowReboot = true; + }; } diff --git a/config/users.nix b/config/users.nix index 8dc27a3..777777c 100644 --- a/config/users.nix +++ b/config/users.nix @@ -1,29 +1,25 @@ -{pkgs, ...}: { - personal.user.enable = true; - users = { - users = { - nixremote = { - isSystemUser = true; - shell = pkgs.busybox-sandbox-shell; - group = "nixremote"; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEgohiYF2Dsaq6ImGaslnKJMwpiVtwAaM9cm1tpSRr7t root@kerberos" - ]; - }; - hermes = { - isNormalUser = true; - shell = pkgs.busybox-sandbox-shell; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGstvYymapGvkjvKbFqkMZtE9ft9uEM13n8q798HtOT+ root@hermes" - ]; - homeMode = "700"; - }; - }; - groups.nixremote = {}; +{ + lib, + pkgs, + ... +}: let + remoteBuildingUsers = { + hermes = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGstvYymapGvkjvKbFqkMZtE9ft9uEM13n8q798HtOT+ root@hermes"; + kerberos = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEgohiYF2Dsaq6ImGaslnKJMwpiVtwAaM9cm1tpSRr7t root@kerberos"; }; +in { + personal.user.enable = true; + users.users = + builtins.mapAttrs (_: key: { + isNormalUser = true; + shell = pkgs.busybox-sandbox-shell; + openssh.authorizedKeys.keys = [key]; + homeMode = "700"; + }) + remoteBuildingUsers; - system.userActivationScripts.hermesSetup = '' - if [ $(whoami) = hermes ] + system.userActivationScripts.remoteBuildingSetup = '' + if [[ $(whoami) = @(${lib.concatStringsSep "|" (builtins.attrNames remoteBuildingUsers)}) ]] then mkdir --parents --mode=700 nixos-configuration git init --bare nixos-configuration |