[mcp] Some user setup on the way to automated deployments
This commit is contained in:
@@ -1,37 +0,0 @@
|
||||
{
|
||||
gitea = 2001;
|
||||
timetagger = 2002;
|
||||
pocket-id = {
|
||||
uid = 2003;
|
||||
gid = 2003;
|
||||
};
|
||||
bookstack = {
|
||||
uid = 2004;
|
||||
gid = 2004;
|
||||
};
|
||||
mariadb = {
|
||||
uid = 2005;
|
||||
gid = 2005;
|
||||
};
|
||||
focalboard = {
|
||||
uid = 2006;
|
||||
gid = 2006;
|
||||
};
|
||||
offen = {
|
||||
uid = 2007;
|
||||
gid = 2007;
|
||||
};
|
||||
|
||||
mkUserAndGroup = name: ids: {
|
||||
groups."${name}" = {
|
||||
gid = ids.gid;
|
||||
};
|
||||
|
||||
users."${name}" = {
|
||||
uid = ids.uid;
|
||||
isSystemUser = true;
|
||||
description = "System User for ${name}";
|
||||
group = "${name}";
|
||||
};
|
||||
};
|
||||
}
|
||||
56
system/hosts/mcp/containers/users.nix
Normal file
56
system/hosts/mcp/containers/users.nix
Normal file
@@ -0,0 +1,56 @@
|
||||
{ pkgs, ... }: let
|
||||
systemUsers = {
|
||||
gitea = {
|
||||
uid = 2001;
|
||||
extraGroups = [ "git" ];
|
||||
};
|
||||
# timetagger = 2002;
|
||||
pocket-id = 2003;
|
||||
bookstack = 2004;
|
||||
mariadb = 2005;
|
||||
focalboard = 2006;
|
||||
offen = 2007;
|
||||
public-html = {
|
||||
uid = 2008;
|
||||
shell = pkgs.zsh;
|
||||
authorizedKeys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKPiqbLAXpBkjXnHLvz3VCd5i+VmYdd9dAcRt+8E1OQX drew@vega"
|
||||
];
|
||||
home = "/tank/web";
|
||||
packages = [ pkgs.git ];
|
||||
};
|
||||
};
|
||||
|
||||
mkUser = name: value: {
|
||||
uid = value.uid or value;
|
||||
isSystemUser = true; # only affects UID allocation, but required
|
||||
description = "System User for ${name}";
|
||||
group = "${name}";
|
||||
shell = value.shell or null;
|
||||
extraGroups = value.extraGroups or [];
|
||||
openssh.authorizedKeys.keys = value.authorizedKeys or [];
|
||||
home = value.home or "/var/empty";
|
||||
packages = value.packages or [];
|
||||
};
|
||||
mkGroup = name: value: let
|
||||
# 1. Value if int
|
||||
# 2. "gid" if present
|
||||
# 3. "uid"
|
||||
gid =
|
||||
if builtins.isInt value
|
||||
then value
|
||||
else if builtins.hasAttr "gid" value
|
||||
then value.gid
|
||||
else value.uid;
|
||||
in {
|
||||
inherit gid;
|
||||
};
|
||||
in {
|
||||
users.users = builtins.mapAttrs mkUser systemUsers;
|
||||
users.groups = (builtins.mapAttrs mkGroup systemUsers) // {
|
||||
# Legacy groups.
|
||||
git = {
|
||||
gid = 992;
|
||||
};
|
||||
};
|
||||
}
|
||||
@@ -13,6 +13,12 @@
|
||||
programs.git = {
|
||||
userName = "Drew Haven";
|
||||
userEmail = "drew.haven@gmail.com";
|
||||
extraConfig = {
|
||||
safe = {
|
||||
# Marks the web directory as safe even though I don't own it.
|
||||
directory = "/tank/web";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
services.syncthing.tray.enable = false;
|
||||
|
||||
Reference in New Issue
Block a user