rrvsh/pantheon
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(nixos): add owner config to manifest and users module

Browse source
This commit is contained in:
Mohammad Rafiq 2025-07-06 23:33:36 +08:00
parent f670889e29
commit aef828b713
No known key found for this signature in database
2 changed files with 73 additions and 37 deletions
Download patch file Download diff file Expand all files Collapse all files

10
nix/manifest.nix
View file

@ -8,7 +8,14 @@ let
}; };
in in
{ {
flake.manifest.hosts = { flake.manifest = {
owner = {
username = "rafiq";
email = "rafiq@rrv.sh";
shell = "fish";
pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILdsZyY3gu8IGB8MzMnLdh+ClDxQQ2RYG9rkeetIKq8n rafiq";
};
hosts = {
"nixos/test".extraCfg = testCfg; "nixos/test".extraCfg = testCfg;
"nixos/nemesis" = { "nixos/nemesis" = {
machine = { machine = {
@ -49,4 +56,5 @@ in
extraCfg = testCfg; extraCfg = testCfg;
}; };
}; };
};
} }

28
nix/modules/nixos/users.nix Normal file
View file

@ -0,0 +1,28 @@
{ config, ... }:
let
inherit (config.flake.manifest) owner;
in
{
flake.modules.nixos.default =
{ pkgs, ... }:
{
#TODO: move sudo/security options elsewhere
security.sudo.wheelNeedsPassword = false;
nix.settings.trusted-users = [ "@wheel" ];
#TODO: move to shell config
programs.${owner.shell}.enable = true;
#TODO: move ssh key settings elsewhere
users = {
mutableUsers = false;
groups.users.gid = 100;
users.root.openssh.authorizedKeys.keys = [ owner.pubkey ];
users.${owner.username} = {
isNormalUser = true;
# hashedPasswordFile
extraGroups = [ "wheel" ];
shell = pkgs.${owner.shell};
openssh.authorizedKeys.keys = [ owner.pubkey ];
};
};
};
}