From bb6a5af93bae9d3b234d4352bdf476d56ef652d5 Mon Sep 17 00:00:00 2001
From: "quentin@aristote.fr" <quentin@aristote.fr>
Date: Sat, 22 Mar 2025 20:28:09 +0100
Subject: users: add kerberos remote builder

---
 config/system.nix |  4 ++++
 config/users.nix  | 44 ++++++++++++++++++++------------------------
 2 files changed, 24 insertions(+), 24 deletions(-)

(limited to 'config')

diff --git a/config/system.nix b/config/system.nix
index 5a568a2..870ca71 100644
--- a/config/system.nix
+++ b/config/system.nix
@@ -3,4 +3,8 @@
     flake = "git+file:///etc/nixos/";
     autoUpgrade.enable = true;
   };
+  system.autoUpgrade = {
+    dates = "12:30";
+    allowReboot = true;
+  };
 }
diff --git a/config/users.nix b/config/users.nix
index 8dc27a3..777777c 100644
--- a/config/users.nix
+++ b/config/users.nix
@@ -1,29 +1,25 @@
-{pkgs, ...}: {
-  personal.user.enable = true;
-  users = {
-    users = {
-      nixremote = {
-        isSystemUser = true;
-        shell = pkgs.busybox-sandbox-shell;
-        group = "nixremote";
-        openssh.authorizedKeys.keys = [
-          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEgohiYF2Dsaq6ImGaslnKJMwpiVtwAaM9cm1tpSRr7t root@kerberos"
-        ];
-      };
-      hermes = {
-        isNormalUser = true;
-        shell = pkgs.busybox-sandbox-shell;
-        openssh.authorizedKeys.keys = [
-          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGstvYymapGvkjvKbFqkMZtE9ft9uEM13n8q798HtOT+ root@hermes"
-        ];
-        homeMode = "700";
-      };
-    };
-    groups.nixremote = {};
+{
+  lib,
+  pkgs,
+  ...
+}: let
+  remoteBuildingUsers = {
+    hermes = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGstvYymapGvkjvKbFqkMZtE9ft9uEM13n8q798HtOT+ root@hermes";
+    kerberos = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEgohiYF2Dsaq6ImGaslnKJMwpiVtwAaM9cm1tpSRr7t root@kerberos";
   };
+in {
+  personal.user.enable = true;
+  users.users =
+    builtins.mapAttrs (_: key: {
+      isNormalUser = true;
+      shell = pkgs.busybox-sandbox-shell;
+      openssh.authorizedKeys.keys = [key];
+      homeMode = "700";
+    })
+    remoteBuildingUsers;
 
-  system.userActivationScripts.hermesSetup = ''
-    if [ $(whoami) = hermes ]
+  system.userActivationScripts.remoteBuildingSetup = ''
+    if [[ $(whoami) = @(${lib.concatStringsSep "|" (builtins.attrNames remoteBuildingUsers)}) ]]
     then
       mkdir --parents --mode=700 nixos-configuration
       git init --bare nixos-configuration
-- 
cgit v1.2.3