nix-infra/config/common/users.nix

# Common users.
# Sources for this configuration:
# - a generated NixOS 23.05 configuration
# - https://nixos.org/manual/nixos/stable/#sec-user-management
# - https://git.grzb.de/yuri/nix-infra/-/blob/aa38daeea59f2ca12b7e591de6f8b61565780c48/configuration/common/default.nix#L19
# - https://git.grzb.de/yuri/nix-infra/-/blob/342a2f732da042d04e579d98e9f834418b7ebf25/users/colmena-deploy/default.nix
# - https://nixos.org/manual/nix/stable/command-ref/conf-file.html?highlight=nix.conf#available-settings

{ config, pkgs, lib, ... }:

let
  authorizedKeysRepo = pkgs.fetchgit {
    url = "https://git.hamburg.ccc.de/CCCHH/infrastructure-authorized-keys";
    rev = "b6a29dc7af0a45a8c0b4904290c7cb0c5bc51413";
    hash = "sha256-c0aH0wQeJtfXJG5wAbS6aO8yILLI1NNkFAHAeOm8RXA=";
  };
  authorizedKeys = builtins.filter (item: item != "") (lib.strings.splitString "\n" (builtins.readFile "${authorizedKeysRepo}/authorized_keys"));
in
{
  users.mutableUsers = false;

  users.users.chaos = {
    isNormalUser = true;
    description = "Chaos";
    extraGroups = [ "wheel" ];
    openssh.authorizedKeys.keys = authorizedKeys;
  };

  users.users.colmena-deploy = {
    isNormalUser = true;
    extraGroups = [ "wheel" ];
    openssh.authorizedKeys.keys = authorizedKeys;
  };

  nix.settings.trusted-users = [ "colmena-deploy" ];

  # Since our user doesn't have a password, allow passwordless sudo for wheel.
  security.sudo.wheelNeedsPassword = false;
}
Initial commit. Add configuration for NixOS Proxmox image 2023-09-11 23:20:34 +02:00			`# Common users.`
			`# Sources for this configuration:`
			`# - a generated NixOS 23.05 configuration`
			`# - https://nixos.org/manual/nixos/stable/#sec-user-management`
Introduce colmena-deploy user 2023-09-14 20:19:49 +02:00			`# - https://git.grzb.de/yuri/nix-infra/-/blob/aa38daeea59f2ca12b7e591de6f8b61565780c48/configuration/common/default.nix#L19`
			`# - https://git.grzb.de/yuri/nix-infra/-/blob/342a2f732da042d04e579d98e9f834418b7ebf25/users/colmena-deploy/default.nix`
			`# - https://nixos.org/manual/nix/stable/command-ref/conf-file.html?highlight=nix.conf#available-settings`
Initial commit. Add configuration for NixOS Proxmox image 2023-09-11 23:20:34 +02:00
			`{ config, pkgs, lib, ... }:`

			`let`
common: use pkgs.fetchgit and git commit hash for authorized keys repo Do this to be in line with other places, where resources get fetched using git and to hopefully avoid errors such as: Cannot find Git revision 'da9d3ead9d97ce0fef7538638326264957e2f1b4' in ref 'trunk' of repository 'ssh://forgejo@git.hamburg.ccc.de/CCCHH/infrastructure-authorized-keys.git'! Please make sure that the rev exists on the ref you've specified or add allRefs = true; to fetchGit. This issue was discovered while trying to make the new hydra work. 2024-10-29 23:17:31 +01:00			`authorizedKeysRepo = pkgs.fetchgit {`
			`url = "https://git.hamburg.ccc.de/CCCHH/infrastructure-authorized-keys";`
			`rev = "b6a29dc7af0a45a8c0b4904290c7cb0c5bc51413";`
			`hash = "sha256-c0aH0wQeJtfXJG5wAbS6aO8yILLI1NNkFAHAeOm8RXA=";`
Initial commit. Add configuration for NixOS Proxmox image 2023-09-11 23:20:34 +02:00			`};`
Introduce colmena-deploy user 2023-09-14 20:19:49 +02:00			`authorizedKeys = builtins.filter (item: item != "") (lib.strings.splitString "\n" (builtins.readFile "${authorizedKeysRepo}/authorized_keys"));`
Initial commit. Add configuration for NixOS Proxmox image 2023-09-11 23:20:34 +02:00			`in`
Run "nix fmt" to format this entire flake 2024-03-06 22:50:32 +01:00			`{`
			`users.mutableUsers = false;`
Initial commit. Add configuration for NixOS Proxmox image 2023-09-11 23:20:34 +02:00
Run "nix fmt" to format this entire flake 2024-03-06 22:50:32 +01:00			`users.users.chaos = {`
			`isNormalUser = true;`
			`description = "Chaos";`
			`extraGroups = [ "wheel" ];`
			`openssh.authorizedKeys.keys = authorizedKeys;`
			`};`
Initial commit. Add configuration for NixOS Proxmox image 2023-09-11 23:20:34 +02:00
Run "nix fmt" to format this entire flake 2024-03-06 22:50:32 +01:00			`users.users.colmena-deploy = {`
			`isNormalUser = true;`
			`extraGroups = [ "wheel" ];`
			`openssh.authorizedKeys.keys = authorizedKeys;`
			`};`
Introduce colmena-deploy user 2023-09-14 20:19:49 +02:00
Run "nix fmt" to format this entire flake 2024-03-06 22:50:32 +01:00			`nix.settings.trusted-users = [ "colmena-deploy" ];`
Introduce colmena-deploy user 2023-09-14 20:19:49 +02:00
Run "nix fmt" to format this entire flake 2024-03-06 22:50:32 +01:00			`# Since our user doesn't have a password, allow passwordless sudo for wheel.`
			`security.sudo.wheelNeedsPassword = false;`
			`}`