From fb86a62e4bee9ac7f8ff7bfc0a034793c87fd1cf Mon Sep 17 00:00:00 2001 From: Ben Sima Date: Fri, 5 Jul 2019 18:26:10 -0700 Subject: refactor user keys, and add deploy user --- depo/hikuj-zupip/default.nix | 15 ++++++--------- depo/nutin-madaj/default.nix | 2 -- depo/users.nix | 16 ++++++++++++++-- 3 files changed, 20 insertions(+), 13 deletions(-) (limited to 'depo') diff --git a/depo/hikuj-zupip/default.nix b/depo/hikuj-zupip/default.nix index ed1733e..e297a3e 100644 --- a/depo/hikuj-zupip/default.nix +++ b/depo/hikuj-zupip/default.nix @@ -1,6 +1,6 @@ /* -hidor-kahih - main development/build server +hidor-kahih - main development/build server. Lives in ben's living room. */ @@ -14,14 +14,11 @@ import "${nixpkgs}/nixos" { (import ../../pack/overlay.nix) ]; - imports = - [ ./hardware.nix - ../users.nix - ../packages.nix - ./configuration.nix + imports = [ + ./hardware.nix + ../users.nix + ../packages.nix + ./configuration.nix ]; - - users.users.root.openssh.authorizedKeys.keys = - [(builtins.readFile ../../keys/deploy.pub)]; }; } diff --git a/depo/nutin-madaj/default.nix b/depo/nutin-madaj/default.nix index bb854cd..fdfb32e 100644 --- a/depo/nutin-madaj/default.nix +++ b/depo/nutin-madaj/default.nix @@ -88,7 +88,5 @@ import "${nixpkgs}/nixos" { networking.hostName = "simatime"; networking.firewall.allowPing = true; services.openssh.enable = true; - users.users.root.openssh.authorizedKeys.keys = - [(builtins.readFile ../../keys/deploy.pub)]; }; } diff --git a/depo/users.nix b/depo/users.nix index 4d81ac8..9093566 100644 --- a/depo/users.nix +++ b/depo/users.nix @@ -1,18 +1,30 @@ { ... }: +let + key = f: builtins.readFile (../keys/. + ("/" + f)); +in { users = { users = { + # bots + deploy = { + isSystemUser = true; + openssh.authorizedKeys.keys = [ (key "deploy.pub") ]; + extraGroups = [ "wheel" ]; + }; + + # humans + root.openssh.authorizedKeys.keys = [ (key "ben.pub") ]; ben = { isNormalUser = true; home = "/home/ben"; - openssh.authorizedKeys.keys = [(builtins.readFile ../keys/ben.pub)]; + openssh.authorizedKeys.keys = [ (key "ben.pub") ]; extraGroups = [ "wheel" "networkmanager" "docker" ]; }; nick = { isNormalUser = true; home = "/home/nick"; - openssh.authorizedKeys.keys = [(builtins.readFile ../keys/nick.pub)]; + openssh.authorizedKeys.keys = [ (key "nick.pub") ]; extraGroups = [ "docker" ]; }; }; -- cgit v1.2.3