diff options
| author | Vincent Ambo <mail@tazj.in> | 2022-02-17T09·16+0300 |
|---|---|---|
| committer | clbot <clbot@tvl.fyi> | 2022-02-17T18·08+0000 |
| commit | dd5ce78dbdf88bcdafc46c7e77fc58b1973ba617 (patch) | |
| tree | 62dea477d184f69f97d5072129b7d52e29c6eb8d /ops/modules/tvl-users.nix | |
| parent | c72c1efdebddd1d8d6c37c8efd360e1c3fcda90b (diff) | |
refactor(ops/modules): Move user configuration into module r/3838
Rather than defining all system users inline on whitby, move them into a module that can be imported on multiple machines. Configuration for terminfos that we've added follows along. Note that while doing this I've disabled logins for riking and isomer since they are currently inactive in TVL. Change-Id: Id18031d355afc34079c5e6e49dc6943e61809a8f Reviewed-on: https://cl.tvl.fyi/c/depot/+/5298 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org> Autosubmit: tazjin <tazjin@tvl.su>
Diffstat (limited to '')
| -rw-r--r-- | ops/modules/tvl-users.nix | 94 |
1 files changed, 94 insertions, 0 deletions
diff --git a/ops/modules/tvl-users.nix b/ops/modules/tvl-users.nix new file mode 100644 index 0000000000..a4b4a11511 --- /dev/null +++ b/ops/modules/tvl-users.nix @@ -0,0 +1,94 @@ +# Standard NixOS users for TVL machines, as well as configuration that +# should following along when they are added to a machine. +{ depot, pkgs, ... }: + +{ + users = { + users.tazjin = { + isNormalUser = true; + extraGroups = [ "git" "wheel" ]; + shell = pkgs.fish; + openssh.authorizedKeys.keys = depot.users.tazjin.keys.all; + }; + + users.lukegb = { + isNormalUser = true; + extraGroups = [ "git" "wheel" ]; + openssh.authorizedKeys.keys = depot.users.lukegb.keys.all; + }; + + users.grfn = { + isNormalUser = true; + extraGroups = [ "git" "wheel" ]; + openssh.authorizedKeys.keys = [ + depot.users.grfn.keys.whitby + ]; + }; + + users.edef = { + isNormalUser = true; + extraGroups = [ "git" ]; + openssh.authorizedKeys.keys = depot.users.edef.keys.all; + }; + + users.qyliss = { + isNormalUser = true; + extraGroups = [ "git" ]; + openssh.authorizedKeys.keys = depot.users.qyliss.keys.all; + }; + + users.eta = { + isNormalUser = true; + extraGroups = [ "git" ]; + openssh.authorizedKeys.keys = depot.users.eta.keys.whitby; + }; + + users.cynthia = { + isNormalUser = true; # I'm normal OwO :3 + extraGroups = [ "git" ]; + openssh.authorizedKeys.keys = depot.users.cynthia.keys.all; + }; + + users.firefly = { + isNormalUser = true; + extraGroups = [ "git" ]; + openssh.authorizedKeys.keys = depot.users.firefly.keys.whitby; + }; + + users.sterni = { + isNormalUser = true; + extraGroups = [ "git" "wheel" ]; + openssh.authorizedKeys.keys = depot.users.sterni.keys.all; + }; + + users.flokli = { + isNormalUser = true; + extraGroups = [ "git" ]; + openssh.authorizedKeys.keys = depot.users.flokli.keys.all; + }; + + # Temporarily disabled (inactive) users. + users.isomer = { + isNormalUser = true; + extraGroups = [ "git" ]; + shell = "${pkgs.nologin}/bin/nologin"; + openssh.authorizedKeys.keys = depot.users.isomer.keys.all; + }; + + users.riking = { + isNormalUser = true; + extraGroups = [ "git" ]; + shell = "${pkgs.nologin}/bin/nologin"; + openssh.authorizedKeys.keys = depot.users.riking.keys.u2f ++ depot.users.riking.keys.passworded; + }; + }; + + environment.systemPackages = with pkgs; [ + alacritty.terminfo + foot.terminfo + rxvt_unicode.terminfo + + # TODO(sterni): re-enable when the kitty build is fixed upstreams + # kitty.terminfo + ]; +} |