Checkin to see if lib gets fudo

config/users.nix

@@ -30,6 +30,7 @@ in {
         "niten@RUS.SELBY.CA"
         "niten/root@RUS.SELBY.CA"
       ];
+      email = "niten@fudo.org";
     };
 
     andrew = {
@@ -114,6 +115,7 @@ in {
       home-directory = "/home/reaper";
       k5login =
         [ "reaper@FUDO.ORG" "reaper/root@FUDO.ORG" "reaper/admin@FUDO.ORG" ];
+      email = "reaper@fudo.org";
     };
 
     slickoil = {
@@ -198,6 +200,7 @@ in {
       #   user-email = "xiaoxuan@fudo.org";
       #   home-dir = "/home/fudo/xiaoxuan";
       # };
+      email = "xiaoxuan@fudo.org";
     };
 
     thibor = {
@@ -488,6 +491,7 @@ in {
       ldap-hashed-passwd = "{SSHA}dF/5NGkafL8M1kpa3LYZKdh0Pc7a02gA";
       login-hashed-passwd =
         "$6$a1q2Duoe35hd5$IaZGXPfqyGv9uq5DQm7DZq0vIHsUs39sLktBiBBqMiwl/f/Z4jSvNZLJp9DZJYe5u2qGBYh1ca.jsXvQA8FPZ/";
+      email = "viator@informis.land";
     };
   };
 }

flake.lock

@@ -223,7 +223,7 @@
         "niten-doom-config": "niten-doom-config"
       },
       "locked": {
-        "narHash": "sha256-45L0HqvqGw7+s87MvKMR14cxEhBJHRnanmTpJlw7E78=",
+        "narHash": "sha256-SU2+Swf6wHfyRGx3tsIh3iX/NWbsBgVCDeGPRgVuXEA=",
         "path": "./nix-home",
         "type": "path"
       },
@@ -346,11 +346,11 @@
     },
     "nixpkgs_3": {
       "locked": {
-        "lastModified": 1632918953,
+        "lastModified": 1633267966,
-        "narHash": "sha256-XY3TKBfhP7wCu/SeqrwIkTWkyYHy5W1yRR8pxyzRY9Y=",
+        "narHash": "sha256-gFKvZ5AmV/dDTKXVxacPbXe4R0BsFpwtVaQxuIm2nnk=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "ee90403e147b181300dffca5b0afa405e14f1945",
+        "rev": "7daf35532d2d8bf5e6f7f962e6cd13a66d01a71d",
         "type": "github"
       },
       "original": {

lib/default.nix

@@ -6,6 +6,8 @@ with lib; {
     
     ./instance.nix
 
+    ./fudo-lib.nix
+
     ./fudo/acme-for-hostname.nix
     ./fudo/authentication.nix
     ./fudo/backplane
@@ -14,7 +16,6 @@ with lib; {
     ./fudo/distributed-builds.nix
     ./fudo/dns.nix
     ./fudo/domains.nix
-    ./fudo-lib.nix
     ./fudo/garbage-collector.nix
     ./fudo/git.nix
     ./fudo/global.nix

lib/fudo-lib.nix

@@ -7,7 +7,7 @@ in
 {
   lib.overlays = [
     (final: prev: {
-      fudo = {
+      final.fudo = {
         inherit ip dns;
       };
     })

lib/fudo/local-network.nix

@@ -8,8 +8,6 @@ let
 
   traceout = out: builtins.trace out out;
 
-  fudo-lib = import ../fudo-lib.nix { inherit lib; };
-
 in {
 
   options.fudo.local-network = with types; {
@@ -110,20 +108,20 @@ in {
       interfaces = cfg.dhcp-interfaces;
 
       extraConfig = ''
-        subnet ${fudo-lib.ip.getNetworkBase cfg.network} netmask ${
+        subnet ${lib.fudo.ip.getNetworkBase cfg.network} netmask ${
-          fudo-lib.ip.maskFromV32Network cfg.network
+          lib.fudo.ip.maskFromV32Network cfg.network
         } {
           authoritative;
-          option subnet-mask ${fudo-lib.ip.maskFromV32Network cfg.network};
+          option subnet-mask ${lib.fudo.ip.maskFromV32Network cfg.network};
-          option broadcast-address ${fudo-lib.ip.networkMaxIp cfg.network};
+          option broadcast-address ${lib.fudo.ip.networkMaxIp cfg.network};
           option routers ${cfg.gateway};
           option domain-name-servers ${concatStringsSep " " cfg.dns-servers};
           option domain-name "${cfg.domain}";
           option domain-search "${
             concatStringsSep " " ([ cfg.domain ] ++ cfg.search-domains)
           }";
-          range ${fudo-lib.ip.networkMinIp cfg.dhcp-dynamic-network} ${
+          range ${lib.fudo.ip.networkMinIp cfg.dhcp-dynamic-network} ${
-            fudo-lib.ip.networkMaxButOneIp cfg.dhcp-dynamic-network
+            lib.fudo.ip.networkMaxButOneIp cfg.dhcp-dynamic-network
           };
         }
       '';
@@ -225,7 +223,7 @@ in {
           ${join-lines (mapAttrsToList hostSshFpRecords network.hosts)}
           ${join-lines (mapAttrsToList cnameRecord network.aliases)}
           ${join-lines network.verbatim-dns-records}
-          ${fudo-lib.dns.srvRecordsToBindZone network.srv-records}
+          ${lib.fudo.dns.srvRecordsToBindZone network.srv-records}
         '';
       }] ++ blockZones;
     };

lib/fudo/users.nix

@@ -3,7 +3,7 @@
 with lib;
 let
 
-  user = import ../types/users.nix { inherit lib; };
+  user = import ../types/user.nix { inherit lib; };
 
   list-includes = list: el: isNull (findFirst (this: this == el) null list);
 
@@ -100,10 +100,15 @@ in {
       IdentityFile /etc/ssh/private_keys.d/%u.key
     '';
 
-    environment.etc = let
+    environment.etc = mapAttrs' (username: userOpts:
-      privkey-users = filterAttrs (username: userOpts: userOpts.ssh-keys != null) sys.local-users;
+      nameValuePair
-    in mapAttrs' (username: userOpts:
+        "ssh/private_keys.d/${username}"
-      nameValuePair "ssh/private_keys.bd/${username}.key" userOpts.ssh-keys.private-key) privkey-users;
+        {
+          text = concatStringsSep "\n"
+            (map (keypair: readFile keypair.public-key)
+              userOpts.ssh-keys);
+        })
+      sys.local-users;
 
     users = {
       users = mapAttrs (username: userOpts: {

lib/instance.nix

@@ -2,7 +2,8 @@
 
 with lib;
 let
-  user = import ./types/users.nix { inherit lib; };
+  user = import ./types/user.nix { inherit lib; };
+
 in {
   options.instance = with types; {
     hostname = mkOption {
@@ -31,7 +32,7 @@ in {
     };
 
     local-groups = mkOption {
-      type = listOf str;
+      type = attrsOf (submodule user.groupOpts);
       description = "List of groups which should be created on the local host.";
     };
 
@@ -41,7 +42,7 @@ in {
     };
 
     local-users = mkOption {
-      type = attrsOf user.userOpts;
+      type = attrsOf (submodule user.userOpts);
       description = "List of users who should have access to the local host";
     };
   };

lib/types/user.nix

@@ -1,6 +1,7 @@
 { lib, ... }:
 
-{
+with lib;
+rec {
   systemUserOpts = { username, ... }: {
     options = with lib.types; {
       username = mkOption {
@@ -95,20 +96,25 @@
       };
 
       ssh-keys = mkOption {
-        type = nullOr (listOf (submodule sshKeyOpts));
+        type = listOf (submodule sshKeyOpts);
         description = "Path to the user's public and private key files.";
         default = [];
       };
+
+      email = mkOption {
+        type = nullOr str;
+        description = "User's primary email address.";
+        default = null;
+      };
     };
   };
 
   groupOpts = { group-name, ... }: {
     options = with lib.types; {
-      group-name = mkOption {
+      # group-name = mkOption {
-        type = nullOr str;
+      #   description = "Group name.";
-        default = group-name;
+      #   default = group-name;
-        description = "Group name.";
+      # };
-      };
 
       description = mkOption {
         type = str;

nix-home

@@ -1 +1 @@
-Subproject commit 94f5f2560a40b167ce368812c6b883bd7c6df5c1
+Subproject commit 711576e6e4cede979b15cf9d1c8c3d42fb565a99