-
Notifications
You must be signed in to change notification settings - Fork 0
/
flake.nix
70 lines (62 loc) · 1.98 KB
/
flake.nix
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
{
description = "A garnix module for Linux users";
inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";
outputs =
{ self
, nixpkgs
,
}:
let
lib = nixpkgs.lib;
userSubmodule.options = {
user = lib.mkOption {
type = lib.types.nonEmptyStr;
description = "The linux username";
example = "alice";
};
groups = lib.mkOption {
type = lib.types.listOf lib.types.str;
description = "The groups the user belongs to";
example = [ "wheel" ];
default = [ ];
};
shell = lib.mkOption {
type = lib.types.enum [ "bash" "zsh" "fish" ];
default = "bash";
description = "The users login shell";
};
authorizedSshKeys = lib.mkOption {
type = lib.types.listOf lib.types.nonEmptyStr;
description =
''The public SSH keys that can access this user. (Note that you must
use the IP address rather than domain for SSH.)'';
};
};
in
{
garnixModules.default = { pkgs, config, ... }: {
options = {
user = lib.mkOption {
type = lib.types.attrsOf (lib.types.submodule userSubmodule);
description = "An attrset of users";
};
};
config =
{
nixosConfigurations.default =
builtins.attrValues (builtins.mapAttrs
(name: projectConfig: {
users.users.${projectConfig.user} = {
extraGroups = projectConfig.groups;
isNormalUser = true;
shell = pkgs.${projectConfig.shell};
openssh.authorizedKeys.keys = projectConfig.authorizedSshKeys;
};
programs.zsh.enable = projectConfig.shell == "zsh";
programs.fish.enable = projectConfig.shell == "fish";
})
config.user);
};
};
};
}