1 tv wu: simplify users
This commit is contained in:
parent
557090b2a2
commit
0057d3a191
@ -169,19 +169,21 @@ in
|
||||
}
|
||||
{
|
||||
users.extraGroups = {
|
||||
tv-sub.gid = 1337;
|
||||
tv.gid = 1337;
|
||||
slaves.gid = 3799582008; # genid slaves
|
||||
};
|
||||
|
||||
users.extraUsers =
|
||||
mapAttrs (name: user: user // {
|
||||
mapAttrs (name: user@{ extraGroups ? [], ... }: user // {
|
||||
inherit name;
|
||||
home = "/home/${name}";
|
||||
createHome = true;
|
||||
useDefaultShell = true;
|
||||
group = "tv";
|
||||
extraGroups = ["slaves"] ++ extraGroups;
|
||||
}) {
|
||||
ff = {
|
||||
uid = 13378001;
|
||||
group = "tv-sub";
|
||||
extraGroups = [
|
||||
"audio"
|
||||
"video"
|
||||
@ -190,17 +192,6 @@ in
|
||||
|
||||
cr = {
|
||||
uid = 13378002;
|
||||
group = "tv-sub";
|
||||
extraGroups = [
|
||||
"audio"
|
||||
"video"
|
||||
"bumblebee"
|
||||
];
|
||||
};
|
||||
|
||||
vimb = {
|
||||
uid = 13378003;
|
||||
group = "tv-sub";
|
||||
extraGroups = [
|
||||
"audio"
|
||||
"video"
|
||||
@ -210,47 +201,38 @@ in
|
||||
|
||||
fa = {
|
||||
uid = 2300001;
|
||||
group = "tv-sub";
|
||||
};
|
||||
|
||||
rl = {
|
||||
uid = 2300002;
|
||||
group = "tv-sub";
|
||||
};
|
||||
|
||||
tief = {
|
||||
uid = 2300702;
|
||||
group = "tv-sub";
|
||||
};
|
||||
|
||||
btc-bitcoind = {
|
||||
uid = 2301001;
|
||||
group = "tv-sub";
|
||||
};
|
||||
|
||||
btc-electrum = {
|
||||
uid = 2301002;
|
||||
group = "tv-sub";
|
||||
};
|
||||
|
||||
ltc-litecoind = {
|
||||
uid = 2301101;
|
||||
group = "tv-sub";
|
||||
};
|
||||
|
||||
eth = {
|
||||
uid = 2302001;
|
||||
group = "tv-sub";
|
||||
};
|
||||
|
||||
emse-hsdb = {
|
||||
uid = 4200101;
|
||||
group = "tv-sub";
|
||||
};
|
||||
|
||||
wine = {
|
||||
uid = 13370400;
|
||||
group = "tv-sub";
|
||||
extraGroups = [
|
||||
"audio"
|
||||
"video"
|
||||
@ -258,10 +240,8 @@ in
|
||||
];
|
||||
};
|
||||
|
||||
# dwarffortress
|
||||
df = {
|
||||
uid = 13370401;
|
||||
group = "tv-sub";
|
||||
extraGroups = [
|
||||
"audio"
|
||||
"video"
|
||||
@ -269,25 +249,8 @@ in
|
||||
];
|
||||
};
|
||||
|
||||
# XXX visudo: Warning: Runas_Alias `FTL' referenced but not defined
|
||||
FTL = {
|
||||
uid = 13370402;
|
||||
#group = "tv-sub";
|
||||
extraGroups = [
|
||||
"audio"
|
||||
"video"
|
||||
"bumblebee"
|
||||
];
|
||||
};
|
||||
|
||||
freeciv = {
|
||||
uid = 13370403;
|
||||
group = "tv-sub";
|
||||
};
|
||||
|
||||
xr = {
|
||||
uid = 13370061;
|
||||
group = "tv-sub";
|
||||
extraGroups = [
|
||||
"audio"
|
||||
"video"
|
||||
@ -296,26 +259,14 @@ in
|
||||
|
||||
"23" = {
|
||||
uid = 13370023;
|
||||
group = "tv-sub";
|
||||
};
|
||||
|
||||
electrum = {
|
||||
uid = 13370102;
|
||||
group = "tv-sub";
|
||||
};
|
||||
|
||||
Reaktor = {
|
||||
uid = 4230010;
|
||||
group = "tv-sub";
|
||||
};
|
||||
|
||||
gitolite = {
|
||||
uid = 7700;
|
||||
};
|
||||
|
||||
skype = {
|
||||
uid = 6660001;
|
||||
group = "tv-sub";
|
||||
extraGroups = [
|
||||
"audio"
|
||||
];
|
||||
@ -323,12 +274,10 @@ in
|
||||
|
||||
onion = {
|
||||
uid = 6660010;
|
||||
group = "tv-sub";
|
||||
};
|
||||
|
||||
zalora = {
|
||||
uid = 1000301;
|
||||
group = "tv-sub";
|
||||
extraGroups = [
|
||||
"audio"
|
||||
# TODO remove vboxusers when hardening is active
|
||||
@ -340,17 +289,12 @@ in
|
||||
|
||||
security.sudo.extraConfig =
|
||||
let
|
||||
inherit (import ../../4lib/tv { inherit lib pkgs; })
|
||||
isSuffixOf;
|
||||
|
||||
hasMaster = { group ? "", ... }:
|
||||
isSuffixOf "-sub" group;
|
||||
|
||||
masterOf = user : removeSuffix "-sub" user.group;
|
||||
isSlave = u: elem "slaves" u.extraGroups;
|
||||
masterOf = u: u.group;
|
||||
slaves = filterAttrs (_: isSlave) config.users.extraUsers;
|
||||
toSudoers = u: "${masterOf u} ALL=(${u.name}) NOPASSWD: ALL";
|
||||
in
|
||||
concatStringsSep "\n"
|
||||
(map (u: "${masterOf u} ALL=(${u.name}) NOPASSWD: ALL")
|
||||
(filter hasMaster (attrValues config.users.extraUsers)));
|
||||
concatMapStringsSep "\n" toSudoers (attrValues slaves);
|
||||
}
|
||||
];
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user