diff options
author | Ben Sima <ben@bsima.me> | 2019-07-05 18:26:10 -0700 |
---|---|---|
committer | Ben Sima <ben@bsima.me> | 2019-07-05 19:05:12 -0700 |
commit | fb86a62e4bee9ac7f8ff7bfc0a034793c87fd1cf (patch) | |
tree | d38a8a1c4cc80d75b2720db02559faaee56d0aa8 | |
parent | f00b77cdb5c46f4c95559539145d24392c1622f8 (diff) |
refactor user keys, and add deploy user
-rw-r--r-- | depo/hikuj-zupip/default.nix | 15 | ||||
-rw-r--r-- | depo/nutin-madaj/default.nix | 2 | ||||
-rw-r--r-- | depo/users.nix | 16 |
3 files changed, 20 insertions, 13 deletions
diff --git a/depo/hikuj-zupip/default.nix b/depo/hikuj-zupip/default.nix index ed1733e..e297a3e 100644 --- a/depo/hikuj-zupip/default.nix +++ b/depo/hikuj-zupip/default.nix @@ -1,6 +1,6 @@ /* -hidor-kahih - main development/build server +hidor-kahih - main development/build server. Lives in ben's living room. */ @@ -14,14 +14,11 @@ import "${nixpkgs}/nixos" { (import ../../pack/overlay.nix) ]; - imports = - [ ./hardware.nix - ../users.nix - ../packages.nix - ./configuration.nix + imports = [ + ./hardware.nix + ../users.nix + ../packages.nix + ./configuration.nix ]; - - users.users.root.openssh.authorizedKeys.keys = - [(builtins.readFile ../../keys/deploy.pub)]; }; } diff --git a/depo/nutin-madaj/default.nix b/depo/nutin-madaj/default.nix index bb854cd..fdfb32e 100644 --- a/depo/nutin-madaj/default.nix +++ b/depo/nutin-madaj/default.nix @@ -88,7 +88,5 @@ import "${nixpkgs}/nixos" { networking.hostName = "simatime"; networking.firewall.allowPing = true; services.openssh.enable = true; - users.users.root.openssh.authorizedKeys.keys = - [(builtins.readFile ../../keys/deploy.pub)]; }; } diff --git a/depo/users.nix b/depo/users.nix index 4d81ac8..9093566 100644 --- a/depo/users.nix +++ b/depo/users.nix @@ -1,18 +1,30 @@ { ... }: +let + key = f: builtins.readFile (../keys/. + ("/" + f)); +in { users = { users = { + # bots + deploy = { + isSystemUser = true; + openssh.authorizedKeys.keys = [ (key "deploy.pub") ]; + extraGroups = [ "wheel" ]; + }; + + # humans + root.openssh.authorizedKeys.keys = [ (key "ben.pub") ]; ben = { isNormalUser = true; home = "/home/ben"; - openssh.authorizedKeys.keys = [(builtins.readFile ../keys/ben.pub)]; + openssh.authorizedKeys.keys = [ (key "ben.pub") ]; extraGroups = [ "wheel" "networkmanager" "docker" ]; }; nick = { isNormalUser = true; home = "/home/nick"; - openssh.authorizedKeys.keys = [(builtins.readFile ../keys/nick.pub)]; + openssh.authorizedKeys.keys = [ (key "nick.pub") ]; extraGroups = [ "docker" ]; }; }; |