refactor(ops/modules): Move user configuration into module r/3838

Rather than defining all system users inline on whitby, move them into a module that can be imported on multiple machines. Configuration for terminfos that we've added follows along. Note that while doing this I've disabled logins for riking and isomer since they are currently inactive in TVL. Change-Id: Id18031d355afc34079c5e6e49dc6943e61809a8f Reviewed-on: https://cl.tvl.fyi/c/depot/+/5298 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org> Autosubmit: tazjin <tazjin@tvl.su>
author: Vincent Ambo <mail@tazj.in> 2022-02-17T09·16+0300
committer: clbot <clbot@tvl.fyi> 2022-02-17T18·08+0000
commit: dd5ce78dbdf88bcdafc46c7e77fc58b1973ba617 (patch)
tree: 62dea477d184f69f97d5072129b7d52e29c6eb8d
parent: c72c1efdebddd1d8d6c37c8efd360e1c3fcda90b (diff)
2 files changed, 95 insertions, 80 deletions
diff --git a/ops/machines/whitby/default.nix b/ops/machines/whitby/default.nix
index 1965a661f9..e9ec50da13 100644
--- a/ops/machines/whitby/default.nix
+++ b/ops/machines/whitby/default.nix
@@ -24,6 +24,7 @@ in
     "${depot.path}/ops/modules/sourcegraph.nix"
     "${depot.path}/ops/modules/tvl-buildkite.nix"
     "${depot.path}/ops/modules/tvl-slapd/default.nix"
+    "${depot.path}/ops/modules/tvl-users.nix"
     "${depot.path}/ops/modules/www/atward.tvl.fyi.nix"
     "${depot.path}/ops/modules/www/auth.tvl.fyi.nix"
     "${depot.path}/ops/modules/www/b.tvl.fyi.nix"
@@ -456,24 +457,19 @@ in
   services.fail2ban.enable = true;
 
   environment.systemPackages = (with pkgs; [
-    alacritty.terminfo
     bat
     bb
     curl
     direnv
     emacs-nox
     fd
-    foot.terminfo
     git
     htop
     hyperfine
     jq
-    # TODO(sterni): re-enable when the kitty build is fixed upstreams
-    # kitty.terminfo
     nano
     nvd
     ripgrep
-    rxvt_unicode.terminfo
     tree
     unzip
     vim
@@ -645,81 +641,6 @@ in
   ];
 
   users = {
-    users.tazjin = {
-      isNormalUser = true;
-      extraGroups = [ "git" "wheel" ];
-      shell = pkgs.fish;
-      openssh.authorizedKeys.keys = depot.users.tazjin.keys.all;
-    };
-
-    users.lukegb = {
-      isNormalUser = true;
-      extraGroups = [ "git" "wheel" ];
-      openssh.authorizedKeys.keys = depot.users.lukegb.keys.all;
-    };
-
-    users.grfn = {
-      isNormalUser = true;
-      extraGroups = [ "git" "wheel" ];
-      openssh.authorizedKeys.keys = [
-        depot.users.grfn.keys.whitby
-      ];
-    };
-
-    users.isomer = {
-      isNormalUser = true;
-      extraGroups = [ "git" ];
-      openssh.authorizedKeys.keys = depot.users.isomer.keys.all;
-    };
-
-    users.riking = {
-      isNormalUser = true;
-      extraGroups = [ "git" ];
-      openssh.authorizedKeys.keys = depot.users.riking.keys.u2f ++ depot.users.riking.keys.passworded;
-    };
-
-    users.edef = {
-      isNormalUser = true;
-      extraGroups = [ "git" ];
-      openssh.authorizedKeys.keys = depot.users.edef.keys.all;
-    };
-
-    users.qyliss = {
-      isNormalUser = true;
-      extraGroups = [ "git" ];
-      openssh.authorizedKeys.keys = depot.users.qyliss.keys.all;
-    };
-
-    users.eta = {
-      isNormalUser = true;
-      extraGroups = [ "git" ];
-      openssh.authorizedKeys.keys = depot.users.eta.keys.whitby;
-    };
-
-    users.cynthia = {
-      isNormalUser = true; # I'm normal OwO :3
-      extraGroups = [ "git" ];
-      openssh.authorizedKeys.keys = depot.users.cynthia.keys.all;
-    };
-
-    users.firefly = {
-      isNormalUser = true;
-      extraGroups = [ "git" ];
-      openssh.authorizedKeys.keys = depot.users.firefly.keys.whitby;
-    };
-
-    users.sterni = {
-      isNormalUser = true;
-      extraGroups = [ "git" "wheel" ];
-      openssh.authorizedKeys.keys = depot.users.sterni.keys.all;
-    };
-
-    users.flokli = {
-      isNormalUser = true;
-      extraGroups = [ "git" ];
-      openssh.authorizedKeys.keys = depot.users.flokli.keys.all;
-    };
-
     # Set up a user & group for git shenanigans
     groups.git = { };
     users.git = {
diff --git a/ops/modules/tvl-users.nix b/ops/modules/tvl-users.nix
new file mode 100644
index 0000000000..a4b4a11511
--- /dev/null
+++ b/ops/modules/tvl-users.nix
@@ -0,0 +1,94 @@
+# Standard NixOS users for TVL machines, as well as configuration that
+# should following along when they are added to a machine.
+{ depot, pkgs, ... }:
+
+{
+  users = {
+    users.tazjin = {
+      isNormalUser = true;
+      extraGroups = [ "git" "wheel" ];
+      shell = pkgs.fish;
+      openssh.authorizedKeys.keys = depot.users.tazjin.keys.all;
+    };
+
+    users.lukegb = {
+      isNormalUser = true;
+      extraGroups = [ "git" "wheel" ];
+      openssh.authorizedKeys.keys = depot.users.lukegb.keys.all;
+    };
+
+    users.grfn = {
+      isNormalUser = true;
+      extraGroups = [ "git" "wheel" ];
+      openssh.authorizedKeys.keys = [
+        depot.users.grfn.keys.whitby
+      ];
+    };
+
+    users.edef = {
+      isNormalUser = true;
+      extraGroups = [ "git" ];
+      openssh.authorizedKeys.keys = depot.users.edef.keys.all;
+    };
+
+    users.qyliss = {
+      isNormalUser = true;
+      extraGroups = [ "git" ];
+      openssh.authorizedKeys.keys = depot.users.qyliss.keys.all;
+    };
+
+    users.eta = {
+      isNormalUser = true;
+      extraGroups = [ "git" ];
+      openssh.authorizedKeys.keys = depot.users.eta.keys.whitby;
+    };
+
+    users.cynthia = {
+      isNormalUser = true; # I'm normal OwO :3
+      extraGroups = [ "git" ];
+      openssh.authorizedKeys.keys = depot.users.cynthia.keys.all;
+    };
+
+    users.firefly = {
+      isNormalUser = true;
+      extraGroups = [ "git" ];
+      openssh.authorizedKeys.keys = depot.users.firefly.keys.whitby;
+    };
+
+    users.sterni = {
+      isNormalUser = true;
+      extraGroups = [ "git" "wheel" ];
+      openssh.authorizedKeys.keys = depot.users.sterni.keys.all;
+    };
+
+    users.flokli = {
+      isNormalUser = true;
+      extraGroups = [ "git" ];
+      openssh.authorizedKeys.keys = depot.users.flokli.keys.all;
+    };
+
+    # Temporarily disabled (inactive) users.
+    users.isomer = {
+      isNormalUser = true;
+      extraGroups = [ "git" ];
+      shell = "${pkgs.nologin}/bin/nologin";
+      openssh.authorizedKeys.keys = depot.users.isomer.keys.all;
+    };
+
+    users.riking = {
+      isNormalUser = true;
+      extraGroups = [ "git" ];
+      shell = "${pkgs.nologin}/bin/nologin";
+      openssh.authorizedKeys.keys = depot.users.riking.keys.u2f ++ depot.users.riking.keys.passworded;
+    };
+  };
+
+  environment.systemPackages = with pkgs; [
+    alacritty.terminfo
+    foot.terminfo
+    rxvt_unicode.terminfo
+
+    # TODO(sterni): re-enable when the kitty build is fixed upstreams
+    # kitty.terminfo
+  ];
+}
author	Vincent Ambo <mail@tazj.in>	2022-02-17T09·16+0300
committer	clbot <clbot@tvl.fyi>	2022-02-17T18·08+0000
commit	dd5ce78dbdf88bcdafc46c7e77fc58b1973ba617 (patch)
tree	62dea477d184f69f97d5072129b7d52e29c6eb8d
parent	c72c1efdebddd1d8d6c37c8efd360e1c3fcda90b (diff)