cleanup

2024-12-30 22:52:20 +01:00 · 2024-12-30 22:52:20 +01:00 · 5239ad4550
commit 5239ad4550
parent 29f54e7a5c
12 changed files with 89 additions and 14 deletions
--- a/common/main-user.nix
+++ b/common/main-user.nix
@ -4,7 +4,6 @@ in {
  options = {
    users.mainUser = lib.mkOption {
      type = types.passwdEntry types.str;
-      default = "lukas";
      description = ''
        The main user.
      '';
--- a/common/pubkeys.nix
+++ b/common/pubkeys.nix
@ -0,0 +1,17 @@
+{
+  lib,
+  self,
+  ...
+}: {
+  options.pubkeys = let
+    inherit (lib) types;
+  in
+    lib.mkOption {
+      type = types.attrsOf (types.attrsOf types.str);
+      description = ''
+        Public keys.
+      '';
+    };
+
+  config.pubkeys = import self + /pubkeys.nix;
+}
--- a/common/user-types.nix
+++ b/common/user-types.nix
@ -0,0 +1,33 @@
+{
+  config,
+  lib,
+  ...
+}: {
+  options.users = let
+    inherit (lib) types;
+  in {
+    normalUsers = lib.mkOption {
+      type = types.listOf (types.passwdEntry types.str);
+      description = ''
+        List of normal users.
+      '';
+    };
+
+    systemUsers = lib.mkOption {
+      type = types.listOf (types.passwdEntry types.str);
+      description = ''
+        List of system users.
+      '';
+    };
+  };
+
+  config.users = let
+    filterUsers = pred: (lib.pipe config.users.users [
+      (lib.filterAttrs (_: pred))
+      builtins.attrNames
+    ]);
+  in {
+    normalUsers = filterUsers (user: user.isNormalUser);
+    systemUsers = filterUsers (user: user.isSystemUser);
+  };
+}
--- a/common/users.nix
+++ b/common/users.nix
@ -10,18 +10,19 @@ in {
  users = {
    mutableUsers = false;

+    mainUser = "lukas";
+
    users = {
      root = {
        hashedPassword = "!";
-        openssh.authorizedKeys.keys = builtins.attrValues (import ../pubkeys.nix).hosts;
+        openssh.authorizedKeys.keys = builtins.attrValues config.pubkeys.hosts;
      };
      ${mainUser} = {
        description = "Lukas Wurzinger";
        uid = 1000;
        isNormalUser = true;
        hashedPasswordFile = config.age.secrets."user-${mainUser}".path;
-        openssh.authorizedKeys.keys = builtins.attrValues (import ../pubkeys.nix).users;
-        extraGroups = ["wheel"];
+        openssh.authorizedKeys.keys = builtins.attrValues config.pubkeys.users;
      };
    };
  };
--- a/common/wheel.nix
+++ b/common/wheel.nix
@ -0,0 +1,3 @@
+{config, ...}: {
+  users.groups.wheel.members = config.users.normalUsers;
+}