diff --git a/config/users.nix b/config/users.nix index 7bd65f1..248ab43 100644 --- a/config/users.nix +++ b/config/users.nix @@ -30,6 +30,7 @@ in { "niten@RUS.SELBY.CA" "niten/root@RUS.SELBY.CA" ]; + email = "niten@fudo.org"; }; andrew = { @@ -114,6 +115,7 @@ in { home-directory = "/home/reaper"; k5login = [ "reaper@FUDO.ORG" "reaper/root@FUDO.ORG" "reaper/admin@FUDO.ORG" ]; + email = "reaper@fudo.org"; }; slickoil = { @@ -198,6 +200,7 @@ in { # user-email = "xiaoxuan@fudo.org"; # home-dir = "/home/fudo/xiaoxuan"; # }; + email = "xiaoxuan@fudo.org"; }; thibor = { @@ -488,6 +491,7 @@ in { ldap-hashed-passwd = "{SSHA}dF/5NGkafL8M1kpa3LYZKdh0Pc7a02gA"; login-hashed-passwd = "$6$a1q2Duoe35hd5$IaZGXPfqyGv9uq5DQm7DZq0vIHsUs39sLktBiBBqMiwl/f/Z4jSvNZLJp9DZJYe5u2qGBYh1ca.jsXvQA8FPZ/"; + email = "viator@informis.land"; }; }; } diff --git a/flake.lock b/flake.lock index e8308d4..7f2f37d 100644 --- a/flake.lock +++ b/flake.lock @@ -223,7 +223,7 @@ "niten-doom-config": "niten-doom-config" }, "locked": { - "narHash": "sha256-45L0HqvqGw7+s87MvKMR14cxEhBJHRnanmTpJlw7E78=", + "narHash": "sha256-SU2+Swf6wHfyRGx3tsIh3iX/NWbsBgVCDeGPRgVuXEA=", "path": "./nix-home", "type": "path" }, @@ -346,11 +346,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1632918953, - "narHash": "sha256-XY3TKBfhP7wCu/SeqrwIkTWkyYHy5W1yRR8pxyzRY9Y=", + "lastModified": 1633267966, + "narHash": "sha256-gFKvZ5AmV/dDTKXVxacPbXe4R0BsFpwtVaQxuIm2nnk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ee90403e147b181300dffca5b0afa405e14f1945", + "rev": "7daf35532d2d8bf5e6f7f962e6cd13a66d01a71d", "type": "github" }, "original": { diff --git a/lib/default.nix b/lib/default.nix index c66e400..6ff3a06 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -6,6 +6,8 @@ with lib; { ./instance.nix + ./fudo-lib.nix + ./fudo/acme-for-hostname.nix ./fudo/authentication.nix ./fudo/backplane @@ -14,7 +16,6 @@ with lib; { ./fudo/distributed-builds.nix ./fudo/dns.nix ./fudo/domains.nix - ./fudo-lib.nix ./fudo/garbage-collector.nix ./fudo/git.nix ./fudo/global.nix diff --git a/lib/fudo-lib.nix b/lib/fudo-lib.nix index 71189ac..a1b4492 100644 --- a/lib/fudo-lib.nix +++ b/lib/fudo-lib.nix @@ -7,7 +7,7 @@ in { lib.overlays = [ (final: prev: { - fudo = { + final.fudo = { inherit ip dns; }; }) diff --git a/lib/fudo/local-network.nix b/lib/fudo/local-network.nix index 9913b76..931536d 100644 --- a/lib/fudo/local-network.nix +++ b/lib/fudo/local-network.nix @@ -8,8 +8,6 @@ let traceout = out: builtins.trace out out; - fudo-lib = import ../fudo-lib.nix { inherit lib; }; - in { options.fudo.local-network = with types; { @@ -110,20 +108,20 @@ in { interfaces = cfg.dhcp-interfaces; extraConfig = '' - subnet ${fudo-lib.ip.getNetworkBase cfg.network} netmask ${ - fudo-lib.ip.maskFromV32Network cfg.network + subnet ${lib.fudo.ip.getNetworkBase cfg.network} netmask ${ + lib.fudo.ip.maskFromV32Network cfg.network } { authoritative; - option subnet-mask ${fudo-lib.ip.maskFromV32Network cfg.network}; - option broadcast-address ${fudo-lib.ip.networkMaxIp cfg.network}; + option subnet-mask ${lib.fudo.ip.maskFromV32Network cfg.network}; + option broadcast-address ${lib.fudo.ip.networkMaxIp cfg.network}; option routers ${cfg.gateway}; option domain-name-servers ${concatStringsSep " " cfg.dns-servers}; option domain-name "${cfg.domain}"; option domain-search "${ concatStringsSep " " ([ cfg.domain ] ++ cfg.search-domains) }"; - range ${fudo-lib.ip.networkMinIp cfg.dhcp-dynamic-network} ${ - fudo-lib.ip.networkMaxButOneIp cfg.dhcp-dynamic-network + range ${lib.fudo.ip.networkMinIp cfg.dhcp-dynamic-network} ${ + lib.fudo.ip.networkMaxButOneIp cfg.dhcp-dynamic-network }; } ''; @@ -225,7 +223,7 @@ in { ${join-lines (mapAttrsToList hostSshFpRecords network.hosts)} ${join-lines (mapAttrsToList cnameRecord network.aliases)} ${join-lines network.verbatim-dns-records} - ${fudo-lib.dns.srvRecordsToBindZone network.srv-records} + ${lib.fudo.dns.srvRecordsToBindZone network.srv-records} ''; }] ++ blockZones; }; diff --git a/lib/fudo/users.nix b/lib/fudo/users.nix index 028e13f..a26be81 100644 --- a/lib/fudo/users.nix +++ b/lib/fudo/users.nix @@ -3,7 +3,7 @@ with lib; let - user = import ../types/users.nix { inherit lib; }; + user = import ../types/user.nix { inherit lib; }; list-includes = list: el: isNull (findFirst (this: this == el) null list); @@ -100,10 +100,15 @@ in { IdentityFile /etc/ssh/private_keys.d/%u.key ''; - environment.etc = let - privkey-users = filterAttrs (username: userOpts: userOpts.ssh-keys != null) sys.local-users; - in mapAttrs' (username: userOpts: - nameValuePair "ssh/private_keys.bd/${username}.key" userOpts.ssh-keys.private-key) privkey-users; + environment.etc = mapAttrs' (username: userOpts: + nameValuePair + "ssh/private_keys.d/${username}" + { + text = concatStringsSep "\n" + (map (keypair: readFile keypair.public-key) + userOpts.ssh-keys); + }) + sys.local-users; users = { users = mapAttrs (username: userOpts: { diff --git a/lib/instance.nix b/lib/instance.nix index a52e7cd..aff0b7b 100644 --- a/lib/instance.nix +++ b/lib/instance.nix @@ -2,7 +2,8 @@ with lib; let - user = import ./types/users.nix { inherit lib; }; + user = import ./types/user.nix { inherit lib; }; + in { options.instance = with types; { hostname = mkOption { @@ -31,7 +32,7 @@ in { }; local-groups = mkOption { - type = listOf str; + type = attrsOf (submodule user.groupOpts); description = "List of groups which should be created on the local host."; }; @@ -41,7 +42,7 @@ in { }; local-users = mkOption { - type = attrsOf user.userOpts; + type = attrsOf (submodule user.userOpts); description = "List of users who should have access to the local host"; }; }; diff --git a/lib/types/user.nix b/lib/types/user.nix index 5bf9733..49e26a5 100644 --- a/lib/types/user.nix +++ b/lib/types/user.nix @@ -1,6 +1,7 @@ { lib, ... }: -{ +with lib; +rec { systemUserOpts = { username, ... }: { options = with lib.types; { username = mkOption { @@ -95,20 +96,25 @@ }; ssh-keys = mkOption { - type = nullOr (listOf (submodule sshKeyOpts)); + type = listOf (submodule sshKeyOpts); description = "Path to the user's public and private key files."; default = []; }; + + email = mkOption { + type = nullOr str; + description = "User's primary email address."; + default = null; + }; }; }; groupOpts = { group-name, ... }: { options = with lib.types; { - group-name = mkOption { - type = nullOr str; - default = group-name; - description = "Group name."; - }; + # group-name = mkOption { + # description = "Group name."; + # default = group-name; + # }; description = mkOption { type = str; diff --git a/nix-home b/nix-home index 94f5f25..711576e 160000 --- a/nix-home +++ b/nix-home @@ -1 +1 @@ -Subproject commit 94f5f2560a40b167ce368812c6b883bd7c6df5c1 +Subproject commit 711576e6e4cede979b15cf9d1c8c3d42fb565a99