add basic user management

2023-12-23 08:27:00 +01:00 · 2023-12-23 08:27:00 +01:00 · aca834a717
commit aca834a717
parent f2c3f279d5
8 changed files with 47 additions and 12 deletions
--- a/flake.nix
+++ b/flake.nix
@ -24,6 +24,7 @@
        hostname,
        system ? "x86_64-linux",
        modules ? [],
+        users ? [],
      }: nixpkgs.lib.nixosSystem {
        inherit system hostname;
        modules = [
@ -32,7 +33,7 @@
          ./system/programs.nix
          ./system/configuration.nix
          ./system/${hostname}/configuration.nix
-        ] ++ fileList "modules" ++ modules;
+        ] ++ fileList "modules" ++ modules ++ map (user: ./users/${user}/default.nix ) users;
      };
    in {
      photon = constructSystem {
--- a/modules/default.nix
+++ b/modules/default.nix
@ -1,5 +0,0 @@
-{ lib, ... }:
-
-{
-  options.opinionatedDefaults = lib.mkEnableOption "opinionated defaults";
-}
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -0,0 +1,13 @@
+let
+  alice = "ssh-ed25519 AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
+  dennis = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJFc7O+5G6fwpXv9j/miJzST6g1AKkPTFtKwuj6j8NC+";
+
+  allUsers = [alice dennis];
+
+  palatine-hill = "ssh-ed25519 AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
+  photon = "ssh-ed25519 AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
+
+  allSystems = [palatine-hill photon];
+in {
+  "TEST.age".publicKeys = allUsers ++ [photon];
+}
--- a/systems/configuration.nix
+++ b/systems/configuration.nix
@ -190,7 +190,5 @@ in {
      persistent = true;
      system.autoUpgrade.flake = "github:RAD-Development/nix-dotfiles";
    };
-
-    stateVersion = "22.11";
  };
 }
--- a/systems/palatine-hill/configuration.nix
+++ b/systems/palatine-hill/configuration.nix
@ -26,10 +26,6 @@ in {
    };
  };

-  users.users.brain = {
-    extraGroups = [ "docker" ];
-  };
-
  environment.systemPackages = with pkgs; [
    docker-compose
  ];
@ -45,4 +41,6 @@ in {
  };

  networking.firewall.enable = false;
+
+  system.stateVersion = "23.05";
 }
--- a/users/alice/default.nix
+++ b/users/alice/default.nix
@ -0,0 +1,27 @@
+{
+  pkgs,
+  lib,
+  config,
+}: let
+  pubKeys = import ./keys/default.nix;
+in {
+  isNormalUser = true;
+  description = "AmethystAndroid";
+  uid = 1000;
+  extraGroups = [
+    "wheel"
+    "media"
+    (lib.mkIf config.networking.networkmanager.enable "networkmanager")
+    (lib.mkIf config.programs.adb.enable "adbusers")
+    (lib.mkIf config.programs.wireshark.enable "wireshark")
+    (lib.mkIf config.programs.virtualisation.docker.enable "docker")
+    "libvirtd"
+    "dialout"
+    "plugdev"
+    "uaccess"
+  ];
+  shell = pkgs.fish;
+  openssh.authorizedKeys.keys = [
+    (lib.mkIf (pubKeys ? ${config.networking.hostName}) pubKeys.${config.networking.hostName})
+  ];
+}
--- a/users/alice/keys/default.nix
+++ b/users/alice/keys/default.nix
@ -0,0 +1,3 @@
+{
+  palatine-hill = "ed25516-AAAAAAA";
+}
--- a/users/user.nix
+++ b/users/user.nix