Mic92/stockholm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

1 tv wu: simplify users

Browse Source
This commit is contained in:
tv 2015-07-27 00:49:06 +02:00
parent 557090b2a2
commit 0057d3a191
1 changed files with 10 additions and 66 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

76
1systems/tv/wu.nix
View File

@ -169,19 +169,21 @@ in
} }
{ {
users.extraGroups = { users.extraGroups = {
tv-sub.gid = 1337; tv.gid = 1337;
slaves.gid = 3799582008; # genid slaves
}; };
users.extraUsers = users.extraUsers =
mapAttrs (name: user: user // { mapAttrs (name: user@{ extraGroups ? [], ... }: user // {
inherit name; inherit name;
home = "/home/${name}"; home = "/home/${name}";
createHome = true; createHome = true;
useDefaultShell = true; useDefaultShell = true;
group = "tv";
extraGroups = ["slaves"] ++ extraGroups;
}) { }) {
ff = { ff = {
uid = 13378001; uid = 13378001;
group = "tv-sub";
extraGroups = [ extraGroups = [
"audio" "audio"
"video" "video"
@ -190,17 +192,6 @@ in
cr = { cr = {
uid = 13378002; uid = 13378002;
group = "tv-sub";
extraGroups = [
"audio"
"video"
"bumblebee"
];
};
vimb = {
uid = 13378003;
group = "tv-sub";
extraGroups = [ extraGroups = [
"audio" "audio"
"video" "video"
@ -210,47 +201,38 @@ in
fa = { fa = {
uid = 2300001; uid = 2300001;
group = "tv-sub";
}; };
rl = { rl = {
uid = 2300002; uid = 2300002;
group = "tv-sub";
}; };
tief = { tief = {
uid = 2300702; uid = 2300702;
group = "tv-sub";
}; };
btc-bitcoind = { btc-bitcoind = {
uid = 2301001; uid = 2301001;
group = "tv-sub";
}; };
btc-electrum = { btc-electrum = {
uid = 2301002; uid = 2301002;
group = "tv-sub";
}; };
ltc-litecoind = { ltc-litecoind = {
uid = 2301101; uid = 2301101;
group = "tv-sub";
}; };
eth = { eth = {
uid = 2302001; uid = 2302001;
group = "tv-sub";
}; };
emse-hsdb = { emse-hsdb = {
uid = 4200101; uid = 4200101;
group = "tv-sub";
}; };
wine = { wine = {
uid = 13370400; uid = 13370400;
group = "tv-sub";
extraGroups = [ extraGroups = [
"audio" "audio"
"video" "video"
@ -258,10 +240,8 @@ in
]; ];
}; };
# dwarffortress
df = { df = {
uid = 13370401; uid = 13370401;
group = "tv-sub";
extraGroups = [ extraGroups = [
"audio" "audio"
"video" "video"
@ -269,25 +249,8 @@ in
]; ];
}; };
# XXX visudo: Warning: Runas_Alias `FTL' referenced but not defined
FTL = {
uid = 13370402;
#group = "tv-sub";
extraGroups = [
"audio"
"video"
"bumblebee"
];
};
freeciv = {
uid = 13370403;
group = "tv-sub";
};
xr = { xr = {
uid = 13370061; uid = 13370061;
group = "tv-sub";
extraGroups = [ extraGroups = [
"audio" "audio"
"video" "video"
@ -296,26 +259,14 @@ in
"23" = { "23" = {
uid = 13370023; uid = 13370023;
group = "tv-sub";
}; };
electrum = { electrum = {
uid = 13370102; uid = 13370102;
group = "tv-sub";
};
Reaktor = {
uid = 4230010;
group = "tv-sub";
};
gitolite = {
uid = 7700;
}; };
skype = { skype = {
uid = 6660001; uid = 6660001;
group = "tv-sub";
extraGroups = [ extraGroups = [
"audio" "audio"
]; ];
@ -323,12 +274,10 @@ in
onion = { onion = {
uid = 6660010; uid = 6660010;
group = "tv-sub";
}; };
zalora = { zalora = {
uid = 1000301; uid = 1000301;
group = "tv-sub";
extraGroups = [ extraGroups = [
"audio" "audio"
# TODO remove vboxusers when hardening is active # TODO remove vboxusers when hardening is active
@ -340,17 +289,12 @@ in
security.sudo.extraConfig = security.sudo.extraConfig =
let let
inherit (import ../../4lib/tv { inherit lib pkgs; }) isSlave = u: elem "slaves" u.extraGroups;
isSuffixOf; masterOf = u: u.group;
slaves = filterAttrs (_: isSlave) config.users.extraUsers;
hasMaster = { group ? "", ... }: toSudoers = u: "${masterOf u} ALL=(${u.name}) NOPASSWD: ALL";
isSuffixOf "-sub" group;
masterOf = user : removeSuffix "-sub" user.group;
in in
concatStringsSep "\n" concatMapStringsSep "\n" toSudoers (attrValues slaves);
(map (u: "${masterOf u} ALL=(${u.name}) NOPASSWD: ALL")
(filter hasMaster (attrValues config.users.extraUsers)));
} }
]; ];