newedge/liminix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

nixfmt-rfc-style

Browse Source 
There is nothing in this commit except for the changes made by
nix-shell -p nixfmt-rfc-style --run "nixfmt ."

If this has mucked up your open branches then sorry about that. You
can probably nixfmt them to match before merging
This commit is contained in:
Daniel Barlow
2025-02-10 21:55:08 +00:00
parent 13cc5a8992
commit 7e2b0068e6
211 changed files with 6049 additions and 4355 deletions
Download Patch File Download Diff File Expand all files Collapse all files

165
modules/users.nix
View File

@@ -10,11 +10,20 @@
## the immutable store, so you can't e.g change a password with
## :command:`passwd`
{ lib, pkgs, config, ...}:
{
lib,
pkgs,
config,
...
}:
let
inherit (lib)
concatStrings concatStringsSep mapAttrsToList mkOption types;
concatStrings
concatStringsSep
mapAttrsToList
mkOption
types
;
inherit (builtins) toString;
inherit (pkgs.pseudofile) dir;
passwd-file =
@@ -28,82 +37,98 @@ let
in
concatStrings lines;
group-file =
let lines = mapAttrsToList
(name: {gid, usernames ? []}:
"${name}:x:${toString gid}:${concatStringsSep "," usernames}\n" )
config.groups;
in concatStrings lines;
in {
let
lines = mapAttrsToList (
name:
{
gid,
usernames ? [ ],
}:
"${name}:x:${toString gid}:${concatStringsSep "," usernames}\n"
) config.groups;
in
concatStrings lines;
in
{
options = {
users = mkOption {
type = types.attrsOf (types.submodule {
options = {
passwd = mkOption {
type = types.str;
description = "encrypted password, as generated by mkpasswd -m sha512crypt";
example = "$6$RIYL.EgWOrtoJ0/7$Z53a8sc0o6AU/kuFOGiLJKhwVavTG/deoM7JTs6luNczYSUsh4UYmhvT8sVzm.l8F/LZXhhhkC7IHQs5UGAIM/";
default = "!!";
users = mkOption {
type = types.attrsOf (
types.submodule {
options = {
passwd = mkOption {
type = types.str;
description = "encrypted password, as generated by mkpasswd -m sha512crypt";
example = "$6$RIYL.EgWOrtoJ0/7$Z53a8sc0o6AU/kuFOGiLJKhwVavTG/deoM7JTs6luNczYSUsh4UYmhvT8sVzm.l8F/LZXhhhkC7IHQs5UGAIM/";
default = "!!";
};
uid = mkOption {
type = types.int;
};
gid = mkOption {
type = types.int;
};
gecos = mkOption {
type = types.str;
default = "";
example = "Jo Q User";
};
dir = mkOption {
type = types.str;
default = "/run";
};
shell = mkOption {
type = types.str;
default = "/bin/sh";
};
openssh.authorizedKeys.keys = mkOption {
type = types.listOf types.str;
default = [ ];
};
};
uid = mkOption {
type = types.int;
};
gid = mkOption {
type = types.int;
};
gecos = mkOption {
type = types.str;
default = "";
example = "Jo Q User";
};
dir = mkOption {
type = types.str;
default = "/run";
};
shell = mkOption {
type = types.str;
default = "/bin/sh";
};
openssh.authorizedKeys.keys = mkOption {
type = types.listOf types.str;
default = [];
};
};
});
}
);
};
groups = mkOption {
type = types.attrsOf (types.submodule {
options = {
gid = mkOption {
type = types.int;
groups = mkOption {
type = types.attrsOf (
types.submodule {
options = {
gid = mkOption {
type = types.int;
};
usernames = mkOption {
type = types.listOf types.str;
default = [ ];
};
};
usernames = mkOption {
type = types.listOf types.str;
default = [];
};
};
});
}
);
};
};
config =
let authorized_key_files =
lib.attrsets.mapAttrs
(name: val: dir {
".ssh" = dir {
authorized_keys = {
inherit (val) uid gid;
type = "f";
mode = "0400";
file = lib.concatStringsSep
"\n" val.openssh.authorizedKeys.keys;
};
};
})
config.users;
in {
let
authorized_key_files = lib.attrsets.mapAttrs (
name: val:
dir {
".ssh" = dir {
authorized_keys = {
inherit (val) uid gid;
type = "f";
mode = "0400";
file = lib.concatStringsSep "\n" val.openssh.authorizedKeys.keys;
};
};
}
) config.users;
in
{
filesystem = dir {
etc = dir {
passwd = { file = passwd-file; };
group = { file = group-file; };
passwd = {
file = passwd-file;
};
group = {
file = group-file;
};
};
home = dir authorized_key_files;
};