initial test config

2025-05-04 13:08:12 +02:00 · 2025-05-04 13:08:12 +02:00 · cbbe1e1a59
commit cbbe1e1a59
parent b5d6ec3bbe
13 changed files with 653 additions and 0 deletions
--- a/nixos/roles/admins.nix
+++ b/nixos/roles/admins.nix
@ -0,0 +1,42 @@
+{ lib, ... }:
+with lib;
+let
+  admins = {
+    nerf = {
+      hashedPassword = "$y$j9T$b3ZDy/YaHDNiqcFFZyEcS.$HlWj1JiqbEMTsD0bMKSwKcJGO7cfpC4P8W8VAlvUTK/";
+      sshKeys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEdA4LpEGUUmN8esFyrNZXFb2GiBID9/S6zzhcnofQuP nerf@nerflap2"
+        "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEdfOWD1DLuB1Ho69uRC3VgQu+X3gExFzVHhu2CAl8JSAAAABHNzaDo= laptop_child-sk"
+      ];
+      nixKeys = [
+        "nerflap2-1:pDZCg0oo9PxNQxwVSQSvycw7WXTl53PGvVeZWvxuqJc="
+      ];
+    };
+  };
+
+  mkAdmin =
+    name:
+    {
+      hashedPassword,
+      sshKeys,
+      ...
+    }:
+    {
+      "${name}" = {
+        isNormalUser = true;
+        createHome = true;
+        extraGroups = [ "wheel" ];
+        group = "users";
+        home = "/home/${name}";
+        openssh.authorizedKeys = {
+          keys = sshKeys;
+        };
+        inherit hashedPassword;
+      };
+    };
+  mkNixKeys = _: { nixKeys, ... }: nixKeys;
+in
+{
+  users.users = mkMerge (mapAttrsToList mkAdmin admins);
+  nix.settings.trusted-public-keys = lists.concatLists (mapAttrsToList mkNixKeys admins);
+}