Mic92/stockholm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

tv: remove legacy users

Browse Source
This commit is contained in:
tv 2015-11-08 11:53:29 +01:00
parent b166b6c29d
commit 60faa6e3cf
6 changed files with 9 additions and 324 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
tv/1systems/cd.nix
View File

@ -115,7 +115,6 @@ with lib;
iftop iftop
iotop iotop
iptables iptables
mutt # for mv
nethogs nethogs
ntp # ntpate ntp # ntpate
rxvt_unicode.terminfo rxvt_unicode.terminfo
@ -126,17 +125,4 @@ with lib;
SystemMaxUse=1G SystemMaxUse=1G
RuntimeMaxUse=128M RuntimeMaxUse=128M
''; '';
users.extraUsers = {
mv = {
uid = 1338;
group = "users";
home = "/home/mv";
createHome = true;
useDefaultShell = true;
openssh.authorizedKeys.keys = [
config.krebs.users.mv.pubkey
];
};
};
} }

110
tv/1systems/wu.nix
View File

@ -11,8 +11,6 @@ with lib;
../2configs/git.nix ../2configs/git.nix
../2configs/mail-client.nix ../2configs/mail-client.nix
../2configs/xserver ../2configs/xserver
../2configs/z.nix
../2configs/sub/xr.nix
{ {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
@ -158,114 +156,6 @@ with lib;
]; ];
}; };
} }
{
users.extraGroups = {
tv.gid = 1337;
slaves.gid = 3799582008; # genid slaves
};
users.extraUsers =
mapAttrs (name: user@{ extraGroups ? [], ... }: user // {
inherit name;
home = "/home/${name}";
createHome = true;
useDefaultShell = true;
group = "tv";
extraGroups = ["slaves"] ++ extraGroups;
}) {
ff = {
uid = 13378001;
extraGroups = [
"audio"
"video"
];
};
cr = {
uid = 13378002;
extraGroups = [
"audio"
"video"
];
};
fa = {
uid = 2300001;
};
rl = {
uid = 2300002;
};
tief = {
uid = 2300702;
};
btc-bitcoind = {
uid = 2301001;
};
btc-electrum = {
uid = 2301002;
};
ltc-litecoind = {
uid = 2301101;
};
eth = {
uid = 2302001;
};
emse-hsdb = {
uid = 4200101;
};
wine = {
uid = 13370400;
extraGroups = [
"audio"
"video"
];
};
df = {
uid = 13370401;
extraGroups = [
"audio"
"video"
];
};
"23" = {
uid = 13370023;
};
electrum = {
uid = 13370102;
};
skype = {
uid = 6660001;
extraGroups = [
"audio"
];
};
onion = {
uid = 6660010;
};
};
security.sudo.extraConfig =
let
isSlave = u: elem "slaves" u.extraGroups;
masterOf = u: u.group;
slaves = filterAttrs (_: isSlave) config.users.extraUsers;
toSudoers = u: "${masterOf u} ALL=(${u.name}) NOPASSWD: ALL";
in
concatMapStringsSep "\n" toSudoers (attrValues slaves);
}
]; ];
boot.initrd.luks = { boot.initrd.luks = {

113
tv/1systems/xu.nix
View File

@ -14,8 +14,6 @@ with lib;
../2configs/git.nix ../2configs/git.nix
../2configs/mail-client.nix ../2configs/mail-client.nix
../2configs/xserver ../2configs/xserver
../2configs/z.nix
../2configs/sub/xr.nix
{ {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
@ -160,117 +158,6 @@ with lib;
]; ];
}; };
} }
{
users.extraGroups = {
tv.gid = 1337;
slaves.gid = 3799582008; # genid slaves
};
users.extraUsers =
mapAttrs (name: user@{ extraGroups ? [], ... }: user // {
inherit name;
home = "/home/${name}";
createHome = true;
useDefaultShell = true;
group = "tv";
extraGroups = ["slaves"] ++ extraGroups;
}) {
ff = {
uid = 13378001;
extraGroups = [
"audio"
"video"
];
};
cr = {
uid = 13378002;
extraGroups = [
"audio"
"video"
"bumblebee"
];
};
fa = {
uid = 2300001;
};
rl = {
uid = 2300002;
};
tief = {
uid = 2300702;
};
btc-bitcoind = {
uid = 2301001;
};
btc-electrum = {
uid = 2301002;
};
ltc-litecoind = {
uid = 2301101;
};
eth = {
uid = 2302001;
};
emse-hsdb = {
uid = 4200101;
};
wine = {
uid = 13370400;
extraGroups = [
"audio"
"video"
"bumblebee"
];
};
df = {
uid = 13370401;
extraGroups = [
"audio"
"video"
"bumblebee"
];
};
"23" = {
uid = 13370023;
};
electrum = {
uid = 13370102;
};
skype = {
uid = 6660001;
extraGroups = [
"audio"
];
};
onion = {
uid = 6660010;
};
};
security.sudo.extraConfig =
let
isSlave = u: elem "slaves" u.extraGroups;
masterOf = u: u.group;
slaves = filterAttrs (_: isSlave) config.users.extraUsers;
toSudoers = u: "${masterOf u} ALL=(${u.name}) NOPASSWD: ALL";
in
concatMapStringsSep "\n" toSudoers (attrValues slaves);
}
]; ];
boot.initrd.luks = { boot.initrd.luks = {

43
tv/2configs/default.nix
View File

@ -27,6 +27,7 @@ with lib;
networking.hostName = config.krebs.build.host.name; networking.hostName = config.krebs.build.host.name;
imports = [ imports = [
<secrets>
./vim.nix ./vim.nix
{ {
# stockholm dependencies # stockholm dependencies
@ -35,40 +36,14 @@ with lib;
]; ];
} }
{ {
# TODO never put hashedPassword into the store users = {
users.extraUsers = defaultUserShell = "/run/current-system/sw/bin/bash";
mapAttrs (_: h: { hashedPassword = h; }) mutableUsers = false;
(import <secrets/hashedPasswords.nix>); users = {
} tv = {
{ isNormalUser = true;
users.groups.subusers.gid = 1093178926; # genid subusers uid = 1337;
} };
{
users.defaultUserShell = "/run/current-system/sw/bin/bash";
users.mutableUsers = false;
}
{
users.extraUsers = {
root = {
openssh.authorizedKeys.keys = [
config.krebs.users.tv.pubkey
config.krebs.users.tv_xu.pubkey
];
};
tv = {
uid = 1337;
group = "users";
home = "/home/tv";
createHome = true;
useDefaultShell = true;
extraGroups = [
"audio"
"video"
"wheel"
];
openssh.authorizedKeys.keys = [
config.krebs.users.tv.pubkey
];
}; };
}; };
} }

22
tv/2configs/sub/xr.nix
View File

@ -1,22 +0,0 @@
{ config, lib, pkgs, ... }:
with lib;
{
krebs.per-user.xr.packages = [
pkgs.cr
];
security.sudo.extraConfig = "tv ALL=(xr) NOPASSWD: ALL";
users.users.xr = {
extraGroups = [
"audio"
"video"
];
group = "subusers";
home = "/home/xr";
uid = 1660006127; # genid xr
useDefaultShell = true;
};
}

31
tv/2configs/z.nix
View File

@ -1,31 +0,0 @@
{ config, lib, pkgs, ... }:
with lib;
{
krebs.per-user.z.packages = [
pkgs.cr
];
programs.bash.interactiveShellInit = ''
case ''${XMONAD_SPAWN_WORKSPACE-} in
za|zh|zj|zs)
exec sudo -u z -i
;;
esac
'';
security.sudo.extraConfig = "tv ALL=(z) NOPASSWD: ALL";
users.users.z = {
extraGroups = [
"audio"
"vboxusers"
"video"
];
group = "subusers";
home = "/home/z";
uid = 3043726074; # genid z
useDefaultShell = true;
};
}