summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBen Sima <ben@bsima.me>2019-07-05 18:26:10 -0700
committerBen Sima <ben@bsima.me>2019-07-05 19:05:12 -0700
commitfb86a62e4bee9ac7f8ff7bfc0a034793c87fd1cf (patch)
treed38a8a1c4cc80d75b2720db02559faaee56d0aa8
parentf00b77cdb5c46f4c95559539145d24392c1622f8 (diff)
refactor user keys, and add deploy user
-rw-r--r--depo/hikuj-zupip/default.nix15
-rw-r--r--depo/nutin-madaj/default.nix2
-rw-r--r--depo/users.nix16
3 files changed, 20 insertions, 13 deletions
diff --git a/depo/hikuj-zupip/default.nix b/depo/hikuj-zupip/default.nix
index ed1733e..e297a3e 100644
--- a/depo/hikuj-zupip/default.nix
+++ b/depo/hikuj-zupip/default.nix
@@ -1,6 +1,6 @@
/*
-hidor-kahih - main development/build server
+hidor-kahih - main development/build server. Lives in ben's living room.
*/
@@ -14,14 +14,11 @@ import "${nixpkgs}/nixos" {
(import ../../pack/overlay.nix)
];
- imports =
- [ ./hardware.nix
- ../users.nix
- ../packages.nix
- ./configuration.nix
+ imports = [
+ ./hardware.nix
+ ../users.nix
+ ../packages.nix
+ ./configuration.nix
];
-
- users.users.root.openssh.authorizedKeys.keys =
- [(builtins.readFile ../../keys/deploy.pub)];
};
}
diff --git a/depo/nutin-madaj/default.nix b/depo/nutin-madaj/default.nix
index bb854cd..fdfb32e 100644
--- a/depo/nutin-madaj/default.nix
+++ b/depo/nutin-madaj/default.nix
@@ -88,7 +88,5 @@ import "${nixpkgs}/nixos" {
networking.hostName = "simatime";
networking.firewall.allowPing = true;
services.openssh.enable = true;
- users.users.root.openssh.authorizedKeys.keys =
- [(builtins.readFile ../../keys/deploy.pub)];
};
}
diff --git a/depo/users.nix b/depo/users.nix
index 4d81ac8..9093566 100644
--- a/depo/users.nix
+++ b/depo/users.nix
@@ -1,18 +1,30 @@
{ ... }:
+let
+ key = f: builtins.readFile (../keys/. + ("/" + f));
+in
{
users = {
users = {
+ # bots
+ deploy = {
+ isSystemUser = true;
+ openssh.authorizedKeys.keys = [ (key "deploy.pub") ];
+ extraGroups = [ "wheel" ];
+ };
+
+ # humans
+ root.openssh.authorizedKeys.keys = [ (key "ben.pub") ];
ben = {
isNormalUser = true;
home = "/home/ben";
- openssh.authorizedKeys.keys = [(builtins.readFile ../keys/ben.pub)];
+ openssh.authorizedKeys.keys = [ (key "ben.pub") ];
extraGroups = [ "wheel" "networkmanager" "docker" ];
};
nick = {
isNormalUser = true;
home = "/home/nick";
- openssh.authorizedKeys.keys = [(builtins.readFile ../keys/nick.pub)];
+ openssh.authorizedKeys.keys = [ (key "nick.pub") ];
extraGroups = [ "docker" ];
};
};