1 tv wu: simplify users

This commit is contained in:
tv 2015-07-27 00:49:06 +02:00
parent 557090b2a2
commit 0057d3a191

View File

@ -169,19 +169,21 @@ in
}
{
users.extraGroups = {
tv-sub.gid = 1337;
tv.gid = 1337;
slaves.gid = 3799582008; # genid slaves
};
users.extraUsers =
mapAttrs (name: user: user // {
mapAttrs (name: user@{ extraGroups ? [], ... }: user // {
inherit name;
home = "/home/${name}";
createHome = true;
useDefaultShell = true;
group = "tv";
extraGroups = ["slaves"] ++ extraGroups;
}) {
ff = {
uid = 13378001;
group = "tv-sub";
extraGroups = [
"audio"
"video"
@ -190,17 +192,6 @@ in
cr = {
uid = 13378002;
group = "tv-sub";
extraGroups = [
"audio"
"video"
"bumblebee"
];
};
vimb = {
uid = 13378003;
group = "tv-sub";
extraGroups = [
"audio"
"video"
@ -210,47 +201,38 @@ in
fa = {
uid = 2300001;
group = "tv-sub";
};
rl = {
uid = 2300002;
group = "tv-sub";
};
tief = {
uid = 2300702;
group = "tv-sub";
};
btc-bitcoind = {
uid = 2301001;
group = "tv-sub";
};
btc-electrum = {
uid = 2301002;
group = "tv-sub";
};
ltc-litecoind = {
uid = 2301101;
group = "tv-sub";
};
eth = {
uid = 2302001;
group = "tv-sub";
};
emse-hsdb = {
uid = 4200101;
group = "tv-sub";
};
wine = {
uid = 13370400;
group = "tv-sub";
extraGroups = [
"audio"
"video"
@ -258,10 +240,8 @@ in
];
};
# dwarffortress
df = {
uid = 13370401;
group = "tv-sub";
extraGroups = [
"audio"
"video"
@ -269,25 +249,8 @@ in
];
};
# XXX visudo: Warning: Runas_Alias `FTL' referenced but not defined
FTL = {
uid = 13370402;
#group = "tv-sub";
extraGroups = [
"audio"
"video"
"bumblebee"
];
};
freeciv = {
uid = 13370403;
group = "tv-sub";
};
xr = {
uid = 13370061;
group = "tv-sub";
extraGroups = [
"audio"
"video"
@ -296,26 +259,14 @@ in
"23" = {
uid = 13370023;
group = "tv-sub";
};
electrum = {
uid = 13370102;
group = "tv-sub";
};
Reaktor = {
uid = 4230010;
group = "tv-sub";
};
gitolite = {
uid = 7700;
};
skype = {
uid = 6660001;
group = "tv-sub";
extraGroups = [
"audio"
];
@ -323,12 +274,10 @@ in
onion = {
uid = 6660010;
group = "tv-sub";
};
zalora = {
uid = 1000301;
group = "tv-sub";
extraGroups = [
"audio"
# TODO remove vboxusers when hardening is active
@ -340,17 +289,12 @@ in
security.sudo.extraConfig =
let
inherit (import ../../4lib/tv { inherit lib pkgs; })
isSuffixOf;
hasMaster = { group ? "", ... }:
isSuffixOf "-sub" group;
masterOf = user : removeSuffix "-sub" user.group;
isSlave = u: elem "slaves" u.extraGroups;
masterOf = u: u.group;
slaves = filterAttrs (_: isSlave) config.users.extraUsers;
toSudoers = u: "${masterOf u} ALL=(${u.name}) NOPASSWD: ALL";
in
concatStringsSep "\n"
(map (u: "${masterOf u} ALL=(${u.name}) NOPASSWD: ALL")
(filter hasMaster (attrValues config.users.extraUsers)));
concatMapStringsSep "\n" toSudoers (attrValues slaves);
}
];