nrabulinski/settei
1
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

settei/sane-defaults: move openssh.authorizedKeys from linux to shared options

Browse source
This commit is contained in:
Nikodem Rabuliński 2024-01-22 20:36:50 +01:00
parent b0d423b36f
commit c84e255380
1 changed files with 13 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

25
modules/system/settei/sane-defaults.nix
View file

@ -1,9 +1,11 @@
{isLinux}: { {isLinux}: {
config, config,
lib, lib,
username,
... ...
} @ args: let } @ args: let
cfg = config.settei.sane-defaults;
inherit (config.settei) username;
options = { options = {
settei.sane-defaults = with lib; { settei.sane-defaults = with lib; {
enable = mkEnableOption "Personal sane defaults (but they should make sense for anyone)"; enable = mkEnableOption "Personal sane defaults (but they should make sense for anyone)";
@ -19,8 +21,6 @@
}; };
sharedConfig = let sharedConfig = let
cfg = config.settei;
inherit (cfg) username;
adminNeedsPassword = isLinux -> config.security.sudo.wheelNeedsPassword; adminNeedsPassword = isLinux -> config.security.sudo.wheelNeedsPassword;
in { in {
_module.args = { _module.args = {
@ -38,6 +38,15 @@
# Flakes are unusable without git present so pull it into the environment by default # Flakes are unusable without git present so pull it into the environment by default
settei.user.config.programs.git.enable = lib.mkDefault true; settei.user.config.programs.git.enable = lib.mkDefault true;
# FIXME: Move to common
users.users.${username}.openssh.authorizedKeys.keys = let
configName' =
args.configurationName
or (throw "pass configurationName to module arguments or set users.users.${username}.openssh.authorizedKeys yourself");
filteredKeys = lib.filterAttrs (name: _: name != configName') cfg.allSshKeys;
in
lib.mkDefault (lib.attrValues filteredKeys);
nix = { nix = {
settings = { settings = {
experimental-features = ["nix-command" "flakes" "repl-flake" "auto-allocate-uids"]; experimental-features = ["nix-command" "flakes" "repl-flake" "auto-allocate-uids"];
@ -62,13 +71,13 @@
}; };
linuxConfig = lib.optionalAttrs isLinux (let linuxConfig = lib.optionalAttrs isLinux (let
cfg = config.settei.sane-defaults;
nmEnabled = config.networking.networkmanager.enable; nmEnabled = config.networking.networkmanager.enable;
in { in {
hardware.enableRedistributableFirmware = true; hardware.enableRedistributableFirmware = true;
services.openssh.enable = true; services.openssh.enable = true;
programs.mosh.enable = lib.mkDefault true; programs.mosh.enable = lib.mkDefault true;
programs.git.enable = lib.mkDefault true;
users = { users = {
mutableUsers = false; mutableUsers = false;
@ -77,14 +86,6 @@
home = "/home/${username}"; home = "/home/${username}";
group = username; group = username;
extraGroups = ["wheel"]; extraGroups = ["wheel"];
# FIXME: Move to common
openssh.authorizedKeys.keys = let
configName' =
args.configurationName
or (throw "pass configurationName to module arguments or set users.users.${username}.openssh.authorizedKeys yourself");
filteredKeys = lib.filterAttrs (name: _: name != configName') cfg.allSshKeys;
in
lib.mkDefault (lib.attrValues filteredKeys);
}; };
groups.${username} = {}; groups.${username} = {};
}; };