# Common users. # Sources for this configuration: # - a generated NixOS 23.05 configuration # - https://nixos.org/manual/nixos/stable/#sec-user-management # - https://git.grzb.de/yuri/nix-infra/-/blob/aa38daeea59f2ca12b7e591de6f8b61565780c48/configuration/common/default.nix#L19 # - https://git.grzb.de/yuri/nix-infra/-/blob/342a2f732da042d04e579d98e9f834418b7ebf25/users/colmena-deploy/default.nix # - https://nixos.org/manual/nix/stable/command-ref/conf-file.html?highlight=nix.conf#available-settings { config, pkgs, lib, ... }: let authorizedKeysRepo = pkgs.fetchgit { url = "https://git.hamburg.ccc.de/CCCHH/infrastructure-authorized-keys"; rev = "686a6af22f6696f0c0595c56f463c078550049fc"; hash = "sha256-plTYjM6zPzoBE/dp6EUrk9mCqmab278p8FqBCTX8Grc="; }; authorizedKeys = builtins.filter (item: item != "") (lib.strings.splitString "\n" (builtins.readFile "${authorizedKeysRepo}/authorized_keys")); in { users.mutableUsers = false; users.users.chaos = { isNormalUser = true; description = "Chaos"; extraGroups = [ "wheel" ]; openssh.authorizedKeys.keys = authorizedKeys; }; users.users.colmena-deploy = { isNormalUser = true; extraGroups = [ "wheel" ]; openssh.authorizedKeys.keys = authorizedKeys; }; nix.settings.trusted-users = [ "colmena-deploy" ]; # Since our user doesn't have a password, allow passwordless sudo for wheel. security.sudo.wheelNeedsPassword = false; }