From 7a406946f0fda636727e9693a07c4a246f426e37 Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 20 May 2015 16:27:15 +0200 Subject: hosts tv: separate hashedPasswords per host --- modules/cd/default.nix | 2 +- modules/mu/default.nix | 2 +- modules/tv/users.nix | 226 ------------------------------------------------- modules/wu/default.nix | 2 +- modules/wu/users.nix | 226 +++++++++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 229 insertions(+), 229 deletions(-) delete mode 100644 modules/tv/users.nix create mode 100644 modules/wu/users.nix diff --git a/modules/cd/default.nix b/modules/cd/default.nix index 7ceaf71f..3ee37044 100644 --- a/modules/cd/default.nix +++ b/modules/cd/default.nix @@ -3,7 +3,7 @@ { imports = [ - + ./iptables.nix ./networking.nix ../common/nixpkgs.nix diff --git a/modules/mu/default.nix b/modules/mu/default.nix index 4bbd074d..8490c842 100644 --- a/modules/mu/default.nix +++ b/modules/mu/default.nix @@ -10,7 +10,7 @@ in { imports = [ - + ../tv/base.nix ../tv/exim-retiolum.nix ../tv/retiolum.nix diff --git a/modules/tv/users.nix b/modules/tv/users.nix deleted file mode 100644 index 88f2b658..00000000 --- a/modules/tv/users.nix +++ /dev/null @@ -1,226 +0,0 @@ -{ config, pkgs, ... }: - -let - inherit (builtins) attrValues; - inherit (pkgs.lib) concatMap filterAttrs mapAttrs concatStringsSep; - - - users = { - tv = { - uid = 1337; - group = "users"; - extraGroups = [ - "audio" - "video" - "wheel" - ]; - }; - - ff = { - uid = 13378001; - group = "tv-sub"; - extraGroups = [ - "audio" - "video" - ]; - }; - - cr = { - uid = 13378002; - group = "tv-sub"; - extraGroups = [ - "audio" - "video" - "bumblebee" - ]; - }; - - vimb = { - uid = 13378003; - group = "tv-sub"; - extraGroups = [ - "audio" - "video" - "bumblebee" - ]; - }; - - fa = { - uid = 2300001; - group = "tv-sub"; - }; - - rl = { - uid = 2300002; - group = "tv-sub"; - }; - - tief = { - uid = 2300702; - group = "tv-sub"; - }; - - btc-bitcoind = { - uid = 2301001; - group = "tv-sub"; - }; - - btc-electrum = { - uid = 2301002; - group = "tv-sub"; - }; - - ltc-litecoind = { - uid = 2301101; - group = "tv-sub"; - }; - - eth = { - uid = 2302001; - group = "tv-sub"; - }; - - emse-hsdb = { - uid = 4200101; - group = "tv-sub"; - }; - - wine = { - uid = 13370400; - group = "tv-sub"; - extraGroups = [ - "audio" - "video" - "bumblebee" - ]; - }; - - # dwarffortress - df = { - uid = 13370401; - group = "tv-sub"; - extraGroups = [ - "audio" - "video" - "bumblebee" - ]; - }; - - # XXX visudo: Warning: Runas_Alias `FTL' referenced but not defined - FTL = { - uid = 13370402; - #group = "tv-sub"; - extraGroups = [ - "audio" - "video" - "bumblebee" - ]; - }; - - freeciv = { - uid = 13370403; - group = "tv-sub"; - }; - - xr = { - uid = 13370061; - group = "tv-sub"; - extraGroups = [ - "audio" - "video" - ]; - }; - - "23" = { - uid = 13370023; - group = "tv-sub"; - }; - - electrum = { - uid = 13370102; - group = "tv-sub"; - }; - - Reaktor = { - uid = 4230010; - group = "tv-sub"; - }; - - gitolite = { - uid = 7700; - }; - - skype = { - uid = 6660001; - group = "tv-sub"; - extraGroups = [ - "audio" - ]; - }; - - onion = { - uid = 6660010; - group = "tv-sub"; - }; - - zalora = { - uid = 1000301; - group = "tv-sub"; - extraGroups = [ - "audio" - # TODO remove vboxusers when hardening is active - "vboxusers" - "video" - ]; - }; - - }; - - - extraUsers = - mapAttrs (name: user: user // { - inherit name; - home = "/home/${name}"; - createHome = true; - useDefaultShell = true; - }) users; - - - extraGroups = { - tv-sub.gid = 1337; - }; - - - sudoers = - let - inherit (builtins) filter hasAttr; - inherit (import ../../lib { inherit pkgs; }) concat isSuffixOf removeSuffix setToList; - - hasMaster = { group ? "", ... }: - isSuffixOf "-sub" group; - - masterOf = user : removeSuffix "-sub" user.group; - in - concatStringsSep "\n" - (map (u: "${masterOf u} ALL=(${u.name}) NOPASSWD: ALL") - (filter hasMaster (attrValues extraUsers))); - -in - - -{ - imports = [ - - ]; - - users.defaultUserShell = "/run/current-system/sw/bin/bash"; - users.extraGroups = extraGroups; - users.extraUsers = extraUsers; - users.mutableUsers = false; - - security.sudo.extraConfig = - '' - Defaults mailto="tv@wu.retiolum" - ${sudoers} - ''; -} diff --git a/modules/wu/default.nix b/modules/wu/default.nix index 0fe84dd1..fbbeba2b 100644 --- a/modules/wu/default.nix +++ b/modules/wu/default.nix @@ -19,8 +19,8 @@ in ../tv/synaptics.nix #../tv/tools.nix ../tv/urxvt.nix - ../tv/users.nix ../tv/xserver.nix + ../wu/users.nix ]; nix.maxJobs = 8; diff --git a/modules/wu/users.nix b/modules/wu/users.nix new file mode 100644 index 00000000..654d49ce --- /dev/null +++ b/modules/wu/users.nix @@ -0,0 +1,226 @@ +{ config, pkgs, ... }: + +let + inherit (builtins) attrValues; + inherit (pkgs.lib) concatMap filterAttrs mapAttrs concatStringsSep; + + + users = { + tv = { + uid = 1337; + group = "users"; + extraGroups = [ + "audio" + "video" + "wheel" + ]; + }; + + ff = { + uid = 13378001; + group = "tv-sub"; + extraGroups = [ + "audio" + "video" + ]; + }; + + cr = { + uid = 13378002; + group = "tv-sub"; + extraGroups = [ + "audio" + "video" + "bumblebee" + ]; + }; + + vimb = { + uid = 13378003; + group = "tv-sub"; + extraGroups = [ + "audio" + "video" + "bumblebee" + ]; + }; + + fa = { + uid = 2300001; + group = "tv-sub"; + }; + + rl = { + uid = 2300002; + group = "tv-sub"; + }; + + tief = { + uid = 2300702; + group = "tv-sub"; + }; + + btc-bitcoind = { + uid = 2301001; + group = "tv-sub"; + }; + + btc-electrum = { + uid = 2301002; + group = "tv-sub"; + }; + + ltc-litecoind = { + uid = 2301101; + group = "tv-sub"; + }; + + eth = { + uid = 2302001; + group = "tv-sub"; + }; + + emse-hsdb = { + uid = 4200101; + group = "tv-sub"; + }; + + wine = { + uid = 13370400; + group = "tv-sub"; + extraGroups = [ + "audio" + "video" + "bumblebee" + ]; + }; + + # dwarffortress + df = { + uid = 13370401; + group = "tv-sub"; + extraGroups = [ + "audio" + "video" + "bumblebee" + ]; + }; + + # XXX visudo: Warning: Runas_Alias `FTL' referenced but not defined + FTL = { + uid = 13370402; + #group = "tv-sub"; + extraGroups = [ + "audio" + "video" + "bumblebee" + ]; + }; + + freeciv = { + uid = 13370403; + group = "tv-sub"; + }; + + xr = { + uid = 13370061; + group = "tv-sub"; + extraGroups = [ + "audio" + "video" + ]; + }; + + "23" = { + uid = 13370023; + group = "tv-sub"; + }; + + electrum = { + uid = 13370102; + group = "tv-sub"; + }; + + Reaktor = { + uid = 4230010; + group = "tv-sub"; + }; + + gitolite = { + uid = 7700; + }; + + skype = { + uid = 6660001; + group = "tv-sub"; + extraGroups = [ + "audio" + ]; + }; + + onion = { + uid = 6660010; + group = "tv-sub"; + }; + + zalora = { + uid = 1000301; + group = "tv-sub"; + extraGroups = [ + "audio" + # TODO remove vboxusers when hardening is active + "vboxusers" + "video" + ]; + }; + + }; + + + extraUsers = + mapAttrs (name: user: user // { + inherit name; + home = "/home/${name}"; + createHome = true; + useDefaultShell = true; + }) users; + + + extraGroups = { + tv-sub.gid = 1337; + }; + + + sudoers = + let + inherit (builtins) filter hasAttr; + inherit (import ../../lib { inherit pkgs; }) concat isSuffixOf removeSuffix setToList; + + hasMaster = { group ? "", ... }: + isSuffixOf "-sub" group; + + masterOf = user : removeSuffix "-sub" user.group; + in + concatStringsSep "\n" + (map (u: "${masterOf u} ALL=(${u.name}) NOPASSWD: ALL") + (filter hasMaster (attrValues extraUsers))); + +in + + +{ + imports = [ + + ]; + + users.defaultUserShell = "/run/current-system/sw/bin/bash"; + users.extraGroups = extraGroups; + users.extraUsers = extraUsers; + users.mutableUsers = false; + + security.sudo.extraConfig = + '' + Defaults mailto="tv@wu.retiolum" + ${sudoers} + ''; +} -- cgit v1.2.3