users: custom property to define users with root
This commit is contained in:
parent
55000c365a
commit
d8e85815bd
|
|
@ -1,3 +1,9 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
let
|
||||
inherit (lib) mkIf mkOption types genAttrs;
|
||||
cfg = config.fountain;
|
||||
in
|
||||
{
|
||||
# TODO: consider DRY-ing these
|
||||
imports = [
|
||||
|
|
@ -7,5 +13,21 @@
|
|||
./trungle.nix
|
||||
];
|
||||
|
||||
options.fountain = {
|
||||
admins = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [ ];
|
||||
description = "List of users who should have root on this system";
|
||||
};
|
||||
};
|
||||
|
||||
config = {
|
||||
users.mutableUsers = false;
|
||||
|
||||
users.users = genAttrs cfg.admins
|
||||
(name: {
|
||||
extraGroups = [ "wheel" ];
|
||||
}
|
||||
);
|
||||
};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -37,7 +37,7 @@ in
|
|||
};
|
||||
|
||||
fountain.users.qenya.enable = true;
|
||||
users.users.qenya.extraGroups = [ "wheel" ];
|
||||
fountain.admins = [ "qenya" ];
|
||||
|
||||
system.stateVersion = "24.11";
|
||||
}
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@ in
|
|||
networking.domain = "birdsong.network";
|
||||
|
||||
fountain.users.qenya.enable = true;
|
||||
users.users.qenya.extraGroups = [ "wheel" ];
|
||||
fountain.admins = [ "qenya" ];
|
||||
fountain.users.randomcat.enable = true;
|
||||
fountain.users.trungle.enable = true;
|
||||
|
||||
|
|
|
|||
|
|
@ -32,7 +32,7 @@ in
|
|||
fountain.users.qenya.enable = true;
|
||||
age.secrets.user-password-kilgharrah-qenya.file = ../../secrets/user-password-kilgharrah-qenya.age;
|
||||
users.users.qenya.hashedPasswordFile = config.age.secrets.user-password-kilgharrah-qenya.path;
|
||||
users.users.qenya.extraGroups = [ "wheel" ];
|
||||
fountain.admins = [ "qenya" ];
|
||||
home-manager.users.qenya = { pkgs, ... }: {
|
||||
home.packages = with pkgs; [ obs-studio ];
|
||||
# For the moment, this hosts some network-accessible services, so we want it on 24/7
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@
|
|||
networking.domain = "birdsong.network";
|
||||
|
||||
fountain.users.qenya.enable = true;
|
||||
users.users.qenya.extraGroups = [ "wheel" ];
|
||||
fountain.admins = [ "qenya" ];
|
||||
qenya.base-server.enable = true;
|
||||
|
||||
qenya.services.distributed-builds = {
|
||||
|
|
|
|||
|
|
@ -31,10 +31,10 @@ in
|
|||
nix.optimise.automatic = mkForce false;
|
||||
|
||||
fountain.users.qenya.enable = true;
|
||||
fountain.admins = [ "qenya" ];
|
||||
age.secrets.user-password-tohru-qenya.file = ../../secrets/user-password-tohru-qenya.age;
|
||||
users.users.qenya.hashedPasswordFile = config.age.secrets.user-password-tohru-qenya.path;
|
||||
users.users.qenya.extraGroups = [
|
||||
"wheel" # sudo
|
||||
"networkmanager" # UI wifi configuration
|
||||
"dialout" # access to serial ports
|
||||
];
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@
|
|||
networking.domain = "birdsong.network";
|
||||
|
||||
fountain.users.qenya.enable = true;
|
||||
users.users.qenya.extraGroups = [ "wheel" ];
|
||||
fountain.admins = [ "qenya" ];
|
||||
qenya.base-server.enable = true;
|
||||
|
||||
qenya.services.distributed-builds = {
|
||||
|
|
|
|||
Loading…
Reference in a new issue