June
ec64eebfd6
Do this to be in line with other places, where resources get fetched using git and to hopefully avoid errors such as: Cannot find Git revision 'da9d3ead9d97ce0fef7538638326264957e2f1b4' in ref 'trunk' of repository 'ssh://forgejo@git.hamburg.ccc.de/CCCHH/infrastructure-authorized-keys.git'! Please make sure that the rev exists on the ref you've specified or add allRefs = true; to fetchGit. This issue was discovered while trying to make the new hydra work.
40 lines
1.4 KiB
Nix
40 lines
1.4 KiB
Nix
# Common users.
|
|
# Sources for this configuration:
|
|
# - a generated NixOS 23.05 configuration
|
|
# - https://nixos.org/manual/nixos/stable/#sec-user-management
|
|
# - https://git.grzb.de/yuri/nix-infra/-/blob/aa38daeea59f2ca12b7e591de6f8b61565780c48/configuration/common/default.nix#L19
|
|
# - https://git.grzb.de/yuri/nix-infra/-/blob/342a2f732da042d04e579d98e9f834418b7ebf25/users/colmena-deploy/default.nix
|
|
# - https://nixos.org/manual/nix/stable/command-ref/conf-file.html?highlight=nix.conf#available-settings
|
|
|
|
{ config, pkgs, lib, ... }:
|
|
|
|
let
|
|
authorizedKeysRepo = pkgs.fetchgit {
|
|
url = "https://git.hamburg.ccc.de/CCCHH/infrastructure-authorized-keys";
|
|
rev = "b6a29dc7af0a45a8c0b4904290c7cb0c5bc51413";
|
|
hash = "sha256-c0aH0wQeJtfXJG5wAbS6aO8yILLI1NNkFAHAeOm8RXA=";
|
|
};
|
|
authorizedKeys = builtins.filter (item: item != "") (lib.strings.splitString "\n" (builtins.readFile "${authorizedKeysRepo}/authorized_keys"));
|
|
in
|
|
{
|
|
users.mutableUsers = false;
|
|
|
|
users.users.chaos = {
|
|
isNormalUser = true;
|
|
description = "Chaos";
|
|
extraGroups = [ "wheel" ];
|
|
openssh.authorizedKeys.keys = authorizedKeys;
|
|
};
|
|
|
|
users.users.colmena-deploy = {
|
|
isNormalUser = true;
|
|
extraGroups = [ "wheel" ];
|
|
openssh.authorizedKeys.keys = authorizedKeys;
|
|
};
|
|
|
|
nix.settings.trusted-users = [ "colmena-deploy" ];
|
|
|
|
# Since our user doesn't have a password, allow passwordless sudo for wheel.
|
|
security.sudo.wheelNeedsPassword = false;
|
|
}
|