jet/noisebridge-wiki
jet/noisebridge-wiki
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
noisebridge-wiki/modules/users.nix
Jet 8cfede9f57
Some checks failed
CI / check (push) Has been cancelled
Details
CI / deploy (push) Has been cancelled
Details
feat: init
2026-03-17 04:07:44 -07:00

74 lines
2.3 KiB
Nix
Raw Blame History

{ config, pkgs, lib, ... }:
let
admins = [
{
name = "superq";
github = "SuperQ";
description = "Ben Kochie";
}
{
name = "rizend";
description = "rizend";
extraKeys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDWvlc3+qDxhKE3jCCxKKU1h9QJyhCqLgHAwkiokvSPig6dXZW9f8uS/1CNMEmB5avrZhT6S3V00NExqZMldJechROhQoZb6YrUzakaeJCHrbThotQ/TlDuRWCCEh+y/qowk261X4Rbdx/KMwPuROP0p+pw2u3CVoLC7ejnsCwzTMZJ450QtZau0nvP7PY1vnehg2npA4HOqtwjOABJlMMpSZfaQdddwQJ7YE01GLpXF73Lwcnyue51fWFdjsQwIeQM2feO0yf1r1fjoLyMfWCVLK2GI0ONXVFWKQ52kfzr4QQ7Tq+Xi12qr7KGlHZ8yl7tw3MUoyU7k0HrUea1F8WF"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCvHlZKV8yBsJOkeu2FkWZ1UDY/uTS8bBUbqh1W0pJ3BMec55uvRLNv1AT5Z7RHKbwdjiZTBm6sP0CRVjsOxeGRCVeddHx1SxsXeihZIRQLHX+Z7M1YwYdzmzRDIEhuZhp+RnGH71ESVEHlmUhNPYsNmlgE3nyNbbDatYRZQqC204pal6cz4CHRUWYIozAQvpO8BF+cNDbNgT1yR5DWflwHErlv8yltmxNjh+gQQgp7RzI+05uzpRgumLCIqdHIKUflDJGvZXnUNAr5nv8Xe3W77AZz348nK2SYoD7dOBw23LpEzmy0mENL+/d3ZCuricslc1eBqCpVxJiF7s/RCtix"
];
}
{
name = "bfb";
github = "kevinjos";
description = "bfb";
}
{
name = "jof";
github = "jof";
description = "Jonathan Lassoff";
}
{
name = "mcint";
github = "mcint";
description = "Loren McIntyre";
}
];
mkAdmin = { name, github ? null, description, extraKeys ? [] }: {
inherit name;
value = {
isNormalUser = true;
inherit description;
extraGroups = [ "wheel" ];
openssh.authorizedKeys.keys = extraKeys;
openssh.authorizedKeys.keyFiles =
lib.optionals (github != null) [
(builtins.fetchurl {
url = "https://github.com/${github}.keys";
})
];
};
};
# Collect all GitHub key files for root access (deploy-rs needs root SSH)
adminKeyFiles = lib.concatMap
({ github ? null, ... }:
lib.optionals (github != null) [
(builtins.fetchurl { url = "https://github.com/${github}.keys"; })
])
admins;
adminExtraKeys = lib.concatMap
({ extraKeys ? [], ... }: extraKeys)
admins;
in
{
users.mutableUsers = false;
users.users = builtins.listToAttrs (map mkAdmin admins);
# Root gets all admin keys so deploy-rs can SSH in
users.users.root.openssh.authorizedKeys = {
keyFiles = adminKeyFiles;
keys = adminExtraKeys;
};
security.sudo.wheelNeedsPassword = false;
}
Reference in a new issue View git blame Copy permalink