users and passwords
This commit is contained in:
@@ -10,25 +10,22 @@
|
||||
./snapshot
|
||||
./sshd
|
||||
./unitstatus
|
||||
./users
|
||||
./zfsborg
|
||||
];
|
||||
|
||||
options.mj = {
|
||||
options.mj = with lib.types; {
|
||||
stateVersion = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
type = str;
|
||||
example = "22.11";
|
||||
description = "The NixOS state version to use for this system";
|
||||
};
|
||||
|
||||
timeZone = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
type = str;
|
||||
example = "Europe/Vilnius";
|
||||
description = "Time zone for this system";
|
||||
};
|
||||
|
||||
stubPasswords = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
default = false;
|
||||
};
|
||||
};
|
||||
|
||||
config = {
|
||||
@@ -63,33 +60,6 @@
|
||||
};
|
||||
};
|
||||
|
||||
users = let
|
||||
withPasswordFile = file: attrs:
|
||||
(
|
||||
if config.mj.stubPasswords
|
||||
then {
|
||||
initialPassword = "live";
|
||||
}
|
||||
else {
|
||||
passwordFile = file;
|
||||
}
|
||||
)
|
||||
// attrs;
|
||||
in {
|
||||
mutableUsers = false;
|
||||
|
||||
users = {
|
||||
motiejus = withPasswordFile config.age.secrets.motiejus-passwd-hash.path {
|
||||
isNormalUser = true;
|
||||
extraGroups = ["wheel"];
|
||||
uid = 1000;
|
||||
openssh.authorizedKeys.keys = [myData.ssh_pubkeys.motiejus];
|
||||
};
|
||||
|
||||
root = withPasswordFile config.age.secrets.root-passwd-hash.path {};
|
||||
};
|
||||
};
|
||||
|
||||
environment = {
|
||||
systemPackages = with pkgs; [
|
||||
jc # parse different formats and command outputs to json
|
||||
|
||||
45
modules/base/users/default.nix
Normal file
45
modules/base/users/default.nix
Normal file
@@ -0,0 +1,45 @@
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
myData,
|
||||
...
|
||||
}: {
|
||||
options.mj.base.users = with lib.types; {
|
||||
passwd = lib.mkOption {
|
||||
type = attrsOf (submodule (
|
||||
{...}: {
|
||||
options = {
|
||||
passwordFile = lib.mkOption {
|
||||
type = nullOr path;
|
||||
default = null;
|
||||
};
|
||||
initialPassword = lib.mkOption {
|
||||
type = nullOr str;
|
||||
default = null;
|
||||
};
|
||||
};
|
||||
}
|
||||
));
|
||||
};
|
||||
};
|
||||
|
||||
config = {
|
||||
users = {
|
||||
mutableUsers = false;
|
||||
|
||||
users = with config.mj.base.users; {
|
||||
motiejus =
|
||||
{
|
||||
isNormalUser = true;
|
||||
extraGroups = ["wheel"];
|
||||
uid = 1000;
|
||||
openssh.authorizedKeys.keys = [myData.ssh_pubkeys.motiejus];
|
||||
}
|
||||
// lib.filterAttrs (n: v: v != null) passwd.motiejus or {};
|
||||
|
||||
root = assert lib.assertMsg (passwd ? root) "root password needs to be defined";
|
||||
lib.filterAttrs (n: v: v != null) passwd.root;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
@@ -19,7 +19,7 @@ in {
|
||||
enable = lib.mkEnableOption "backup zfs snapshots with borg";
|
||||
|
||||
repo = lib.mkOption {type = str;};
|
||||
passwdPath = lib.mkOption {type = str;};
|
||||
passwordPath = lib.mkOption {type = str;};
|
||||
|
||||
mountpoints = lib.mkOption {
|
||||
default = {};
|
||||
@@ -68,7 +68,7 @@ in {
|
||||
repo = config.mj.base.zfsborg.repo;
|
||||
encryption = {
|
||||
mode = "repokey-blake2";
|
||||
passCommand = "cat ${config.mj.base.zfsborg.passwdPath}";
|
||||
passCommand = "cat ${config.mj.base.zfsborg.passwordPath}";
|
||||
};
|
||||
paths = attrs.paths;
|
||||
extraArgs = "--remote-path=borg1";
|
||||
|
||||
Reference in New Issue
Block a user