diff options
| author | tv <tv@shackspace.de> | 2015-05-20 16:27:15 +0200 |
|---|---|---|
| committer | tv <tv@shackspace.de> | 2015-05-20 16:27:15 +0200 |
| commit | 7a406946f0fda636727e9693a07c4a246f426e37 (patch) | |
| tree | e959e61cbb9c4d11621a3eec2c992bc71ac59eb6 /modules/tv | |
| parent | d65a5340226abcf512e8a6db01ad8e56db64a6bd (diff) | |
hosts tv: separate hashedPasswords per host
Diffstat (limited to 'modules/tv')
| -rw-r--r-- | modules/tv/users.nix | 226 |
1 files changed, 0 insertions, 226 deletions
diff --git a/modules/tv/users.nix b/modules/tv/users.nix deleted file mode 100644 index 88f2b658..00000000 --- a/modules/tv/users.nix +++ /dev/null @@ -1,226 +0,0 @@ -{ config, pkgs, ... }: - -let - inherit (builtins) attrValues; - inherit (pkgs.lib) concatMap filterAttrs mapAttrs concatStringsSep; - - - users = { - tv = { - uid = 1337; - group = "users"; - extraGroups = [ - "audio" - "video" - "wheel" - ]; - }; - - ff = { - uid = 13378001; - group = "tv-sub"; - extraGroups = [ - "audio" - "video" - ]; - }; - - cr = { - uid = 13378002; - group = "tv-sub"; - extraGroups = [ - "audio" - "video" - "bumblebee" - ]; - }; - - vimb = { - uid = 13378003; - group = "tv-sub"; - extraGroups = [ - "audio" - "video" - "bumblebee" - ]; - }; - - fa = { - uid = 2300001; - group = "tv-sub"; - }; - - rl = { - uid = 2300002; - group = "tv-sub"; - }; - - tief = { - uid = 2300702; - group = "tv-sub"; - }; - - btc-bitcoind = { - uid = 2301001; - group = "tv-sub"; - }; - - btc-electrum = { - uid = 2301002; - group = "tv-sub"; - }; - - ltc-litecoind = { - uid = 2301101; - group = "tv-sub"; - }; - - eth = { - uid = 2302001; - group = "tv-sub"; - }; - - emse-hsdb = { - uid = 4200101; - group = "tv-sub"; - }; - - wine = { - uid = 13370400; - group = "tv-sub"; - extraGroups = [ - "audio" - "video" - "bumblebee" - ]; - }; - - # dwarffortress - df = { - uid = 13370401; - group = "tv-sub"; - extraGroups = [ - "audio" - "video" - "bumblebee" - ]; - }; - - # XXX visudo: Warning: Runas_Alias `FTL' referenced but not defined - FTL = { - uid = 13370402; - #group = "tv-sub"; - extraGroups = [ - "audio" - "video" - "bumblebee" - ]; - }; - - freeciv = { - uid = 13370403; - group = "tv-sub"; - }; - - xr = { - uid = 13370061; - group = "tv-sub"; - extraGroups = [ - "audio" - "video" - ]; - }; - - "23" = { - uid = 13370023; - group = "tv-sub"; - }; - - electrum = { - uid = 13370102; - group = "tv-sub"; - }; - - Reaktor = { - uid = 4230010; - group = "tv-sub"; - }; - - gitolite = { - uid = 7700; - }; - - skype = { - uid = 6660001; - group = "tv-sub"; - extraGroups = [ - "audio" - ]; - }; - - onion = { - uid = 6660010; - group = "tv-sub"; - }; - - zalora = { - uid = 1000301; - group = "tv-sub"; - extraGroups = [ - "audio" - # TODO remove vboxusers when hardening is active - "vboxusers" - "video" - ]; - }; - - }; - - - extraUsers = - mapAttrs (name: user: user // { - inherit name; - home = "/home/${name}"; - createHome = true; - useDefaultShell = true; - }) users; - - - extraGroups = { - tv-sub.gid = 1337; - }; - - - sudoers = - let - inherit (builtins) filter hasAttr; - inherit (import ../../lib { inherit pkgs; }) concat isSuffixOf removeSuffix setToList; - - hasMaster = { group ? "", ... }: - isSuffixOf "-sub" group; - - masterOf = user : removeSuffix "-sub" user.group; - in - concatStringsSep "\n" - (map (u: "${masterOf u} ALL=(${u.name}) NOPASSWD: ALL") - (filter hasMaster (attrValues extraUsers))); - -in - - -{ - imports = [ - <secrets/hashedPasswords.nix> - ]; - - users.defaultUserShell = "/run/current-system/sw/bin/bash"; - users.extraGroups = extraGroups; - users.extraUsers = extraUsers; - users.mutableUsers = false; - - security.sudo.extraConfig = - '' - Defaults mailto="tv@wu.retiolum" - ${sudoers} - ''; -} |