nix/nixos-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Only allow admins to login to hardened hosts.

Browse Source
This commit is contained in:
niten 2021-11-30 10:46:38 -08:00
parent a1d4e2aeb4
commit 9bc143805b
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
config/instance.nix
View File

@ -12,7 +12,7 @@ with lib;
host-user-list = host.local-users; host-user-list = host.local-users;
domain-user-list = config.fudo.domains."${local-domain}".local-users; domain-user-list = config.fudo.domains."${local-domain}".local-users;
site-user-list = config.fudo.sites."${local-site}".local-users; site-user-list = config.fudo.sites."${local-site}".local-users;
local-users = all-users =
getAttrs (host-user-list ++ domain-user-list ++ site-user-list) config.fudo.users; getAttrs (host-user-list ++ domain-user-list ++ site-user-list) config.fudo.users;
host-admin-list = host.local-admins; host-admin-list = host.local-admins;
@ -39,6 +39,11 @@ with lib;
host-fqdn = "${config.instance.hostname}.${local-domain}"; host-fqdn = "${config.instance.hostname}.${local-domain}";
local-users =
if (host.hardened) then
local-admins
else all-users;
in { in {
instance = { instance = {
inherit inherit