58 lines
1.4 KiB
Nix
58 lines
1.4 KiB
Nix
{
|
|
lib,
|
|
config,
|
|
pkgs,
|
|
...
|
|
}:
|
|
let
|
|
cfg = config.my.utils.serverNodeUsers;
|
|
gitlabUsername = "pazpi";
|
|
sshKeys =
|
|
let
|
|
localKeys = [
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDhiGLc/whCY3lCmDiRlYnMJOLiO/gvcRj/sKVEFVAhQ pazpi@deadbeef"
|
|
# Add more local keys as needed
|
|
];
|
|
gitlabKeys = pkgs.lib.splitString "\n" (
|
|
builtins.readFile (
|
|
pkgs.fetchurl {
|
|
url = "https://gitlab.com/${gitlabUsername}.keys";
|
|
sha256 = "tHC4DBRO8mXBLFBqGiZlgyY5Pzpl4AMeURCni6H7IjI=";
|
|
}
|
|
)
|
|
);
|
|
in
|
|
localKeys ++ gitlabKeys;
|
|
in
|
|
{
|
|
options.my.utils.serverNodeUsers = {
|
|
enable = lib.mkEnableOption "Set users for server hosts";
|
|
};
|
|
|
|
config = lib.mkIf cfg.enable {
|
|
users = {
|
|
|
|
# If set to false, the contents of the user and group files will simply
|
|
# be replaced on system activation.
|
|
# This also holds for the user passwords.
|
|
# All changed passwords will be reset according
|
|
# to the `users.users` configuration on activation.
|
|
mutableUsers = false;
|
|
|
|
users.root = {
|
|
hashedPassword = "!";
|
|
openssh.authorizedKeys.keys = sshKeys;
|
|
};
|
|
|
|
users.pazpi = {
|
|
isNormalUser = true;
|
|
hashedPassword = "$y$j9T$oWLCV1hnGPyOGabMfAS3p1$/iwouRZGwQXcv6IHnLuT3I9.pmeXNpcHxq.b8xfitr1";
|
|
shell = pkgs.bash;
|
|
extraGroups = [ "wheel" ];
|
|
openssh.authorizedKeys.keys = sshKeys;
|
|
};
|
|
|
|
};
|
|
};
|
|
|
|
}
|