summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--tv/1systems/cd.nix14
-rw-r--r--tv/1systems/wu.nix110
-rw-r--r--tv/1systems/xu.nix113
-rw-r--r--tv/2configs/default.nix43
-rw-r--r--tv/2configs/sub/xr.nix22
-rw-r--r--tv/2configs/z.nix31
6 files changed, 9 insertions, 324 deletions
diff --git a/tv/1systems/cd.nix b/tv/1systems/cd.nix
index 126c6feb5..10c87b2c6 100644
--- a/tv/1systems/cd.nix
+++ b/tv/1systems/cd.nix
@@ -115,7 +115,6 @@ with lib;
iftop
iotop
iptables
- mutt # for mv
nethogs
ntp # ntpate
rxvt_unicode.terminfo
@@ -126,17 +125,4 @@ with lib;
SystemMaxUse=1G
RuntimeMaxUse=128M
'';
-
- users.extraUsers = {
- mv = {
- uid = 1338;
- group = "users";
- home = "/home/mv";
- createHome = true;
- useDefaultShell = true;
- openssh.authorizedKeys.keys = [
- config.krebs.users.mv.pubkey
- ];
- };
- };
}
diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix
index 2c0098c1c..3fa5481e2 100644
--- a/tv/1systems/wu.nix
+++ b/tv/1systems/wu.nix
@@ -11,8 +11,6 @@ with lib;
../2configs/git.nix
../2configs/mail-client.nix
../2configs/xserver
- ../2configs/z.nix
- ../2configs/sub/xr.nix
{
environment.systemPackages = with pkgs; [
@@ -158,114 +156,6 @@ with lib;
];
};
}
- {
- users.extraGroups = {
- tv.gid = 1337;
- slaves.gid = 3799582008; # genid slaves
- };
-
- users.extraUsers =
- mapAttrs (name: user@{ extraGroups ? [], ... }: user // {
- inherit name;
- home = "/home/${name}";
- createHome = true;
- useDefaultShell = true;
- group = "tv";
- extraGroups = ["slaves"] ++ extraGroups;
- }) {
- ff = {
- uid = 13378001;
- extraGroups = [
- "audio"
- "video"
- ];
- };
-
- cr = {
- uid = 13378002;
- extraGroups = [
- "audio"
- "video"
- ];
- };
-
- fa = {
- uid = 2300001;
- };
-
- rl = {
- uid = 2300002;
- };
-
- tief = {
- uid = 2300702;
- };
-
- btc-bitcoind = {
- uid = 2301001;
- };
-
- btc-electrum = {
- uid = 2301002;
- };
-
- ltc-litecoind = {
- uid = 2301101;
- };
-
- eth = {
- uid = 2302001;
- };
-
- emse-hsdb = {
- uid = 4200101;
- };
-
- wine = {
- uid = 13370400;
- extraGroups = [
- "audio"
- "video"
- ];
- };
-
- df = {
- uid = 13370401;
- extraGroups = [
- "audio"
- "video"
- ];
- };
-
- "23" = {
- uid = 13370023;
- };
-
- electrum = {
- uid = 13370102;
- };
-
- skype = {
- uid = 6660001;
- extraGroups = [
- "audio"
- ];
- };
-
- onion = {
- uid = 6660010;
- };
- };
-
- security.sudo.extraConfig =
- let
- isSlave = u: elem "slaves" u.extraGroups;
- masterOf = u: u.group;
- slaves = filterAttrs (_: isSlave) config.users.extraUsers;
- toSudoers = u: "${masterOf u} ALL=(${u.name}) NOPASSWD: ALL";
- in
- concatMapStringsSep "\n" toSudoers (attrValues slaves);
- }
];
boot.initrd.luks = {
diff --git a/tv/1systems/xu.nix b/tv/1systems/xu.nix
index 168eafcc7..1a9dddb55 100644
--- a/tv/1systems/xu.nix
+++ b/tv/1systems/xu.nix
@@ -14,8 +14,6 @@ with lib;
../2configs/git.nix
../2configs/mail-client.nix
../2configs/xserver
- ../2configs/z.nix
- ../2configs/sub/xr.nix
{
environment.systemPackages = with pkgs; [
@@ -160,117 +158,6 @@ with lib;
];
};
}
- {
- users.extraGroups = {
- tv.gid = 1337;
- slaves.gid = 3799582008; # genid slaves
- };
-
- users.extraUsers =
- mapAttrs (name: user@{ extraGroups ? [], ... }: user // {
- inherit name;
- home = "/home/${name}";
- createHome = true;
- useDefaultShell = true;
- group = "tv";
- extraGroups = ["slaves"] ++ extraGroups;
- }) {
- ff = {
- uid = 13378001;
- extraGroups = [
- "audio"
- "video"
- ];
- };
-
- cr = {
- uid = 13378002;
- extraGroups = [
- "audio"
- "video"
- "bumblebee"
- ];
- };
-
- fa = {
- uid = 2300001;
- };
-
- rl = {
- uid = 2300002;
- };
-
- tief = {
- uid = 2300702;
- };
-
- btc-bitcoind = {
- uid = 2301001;
- };
-
- btc-electrum = {
- uid = 2301002;
- };
-
- ltc-litecoind = {
- uid = 2301101;
- };
-
- eth = {
- uid = 2302001;
- };
-
- emse-hsdb = {
- uid = 4200101;
- };
-
- wine = {
- uid = 13370400;
- extraGroups = [
- "audio"
- "video"
- "bumblebee"
- ];
- };
-
- df = {
- uid = 13370401;
- extraGroups = [
- "audio"
- "video"
- "bumblebee"
- ];
- };
-
- "23" = {
- uid = 13370023;
- };
-
- electrum = {
- uid = 13370102;
- };
-
- skype = {
- uid = 6660001;
- extraGroups = [
- "audio"
- ];
- };
-
- onion = {
- uid = 6660010;
- };
- };
-
- security.sudo.extraConfig =
- let
- isSlave = u: elem "slaves" u.extraGroups;
- masterOf = u: u.group;
- slaves = filterAttrs (_: isSlave) config.users.extraUsers;
- toSudoers = u: "${masterOf u} ALL=(${u.name}) NOPASSWD: ALL";
- in
- concatMapStringsSep "\n" toSudoers (attrValues slaves);
- }
];
boot.initrd.luks = {
diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix
index d31862b60..688f8f9cf 100644
--- a/tv/2configs/default.nix
+++ b/tv/2configs/default.nix
@@ -27,6 +27,7 @@ with lib;
networking.hostName = config.krebs.build.host.name;
imports = [
+ <secrets>
./vim.nix
{
# stockholm dependencies
@@ -35,40 +36,14 @@ with lib;
];
}
{
- # TODO never put hashedPassword into the store
- users.extraUsers =
- mapAttrs (_: h: { hashedPassword = h; })
- (import <secrets/hashedPasswords.nix>);
- }
- {
- users.groups.subusers.gid = 1093178926; # genid subusers
- }
- {
- users.defaultUserShell = "/run/current-system/sw/bin/bash";
- users.mutableUsers = false;
- }
- {
- users.extraUsers = {
- root = {
- openssh.authorizedKeys.keys = [
- config.krebs.users.tv.pubkey
- config.krebs.users.tv_xu.pubkey
- ];
- };
- tv = {
- uid = 1337;
- group = "users";
- home = "/home/tv";
- createHome = true;
- useDefaultShell = true;
- extraGroups = [
- "audio"
- "video"
- "wheel"
- ];
- openssh.authorizedKeys.keys = [
- config.krebs.users.tv.pubkey
- ];
+ users = {
+ defaultUserShell = "/run/current-system/sw/bin/bash";
+ mutableUsers = false;
+ users = {
+ tv = {
+ isNormalUser = true;
+ uid = 1337;
+ };
};
};
}
diff --git a/tv/2configs/sub/xr.nix b/tv/2configs/sub/xr.nix
deleted file mode 100644
index 6c9cbb93e..000000000
--- a/tv/2configs/sub/xr.nix
+++ /dev/null
@@ -1,22 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-
-{
- krebs.per-user.xr.packages = [
- pkgs.cr
- ];
-
- security.sudo.extraConfig = "tv ALL=(xr) NOPASSWD: ALL";
-
- users.users.xr = {
- extraGroups = [
- "audio"
- "video"
- ];
- group = "subusers";
- home = "/home/xr";
- uid = 1660006127; # genid xr
- useDefaultShell = true;
- };
-}
diff --git a/tv/2configs/z.nix b/tv/2configs/z.nix
deleted file mode 100644
index 3acd168d4..000000000
--- a/tv/2configs/z.nix
+++ /dev/null
@@ -1,31 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-
-{
- krebs.per-user.z.packages = [
- pkgs.cr
- ];
-
- programs.bash.interactiveShellInit = ''
- case ''${XMONAD_SPAWN_WORKSPACE-} in
- za|zh|zj|zs)
- exec sudo -u z -i
- ;;
- esac
- '';
-
- security.sudo.extraConfig = "tv ALL=(z) NOPASSWD: ALL";
-
- users.users.z = {
- extraGroups = [
- "audio"
- "vboxusers"
- "video"
- ];
- group = "subusers";
- home = "/home/z";
- uid = 3043726074; # genid z
- useDefaultShell = true;
- };
-}