tv: init user z

2015-11-06 21:53:21 +01:00 · 2015-11-06 21:53:21 +01:00 · bad79f7f12
commit bad79f7f12
parent a0c068d6ec
5 changed files with 45 additions and 28 deletions
--- a/tv/1systems/wu.nix
+++ b/tv/1systems/wu.nix
@ -32,6 +32,7 @@ with lib;
    ../2configs/git.nix
    ../2configs/mail-client.nix
    ../2configs/xserver
+    ../2configs/z.nix
    {
      environment.systemPackages = with pkgs; [

@ -287,16 +288,6 @@ with lib;
          onion = {
            uid = 6660010;
          };
-
-          zalora = {
-            uid = 1000301;
-            extraGroups = [
-              "audio"
-              # TODO remove vboxusers when hardening is active
-              "vboxusers"
-              "video"
-            ];
-          };
        };

      security.sudo.extraConfig =
--- a/tv/1systems/xu.nix
+++ b/tv/1systems/xu.nix
@ -30,6 +30,7 @@ with lib;
    ../2configs/git.nix
    ../2configs/mail-client.nix
    ../2configs/xserver
+    ../2configs/z.nix
    {
      environment.systemPackages = with pkgs; [

@ -286,16 +287,6 @@ with lib;
          onion = {
            uid = 6660010;
          };
-
-          zalora = {
-            uid = 1000301;
-            extraGroups = [
-              "audio"
-              # TODO remove vboxusers when hardening is active
-              "vboxusers"
-              "video"
-            ];
-          };
        };

      security.sudo.extraConfig =
--- a/tv/2configs/base.nix
+++ b/tv/2configs/base.nix
@ -22,6 +22,9 @@ with lib;
        mapAttrs (_: h: { hashedPassword = h; })
                 (import <secrets/hashedPasswords.nix>);
    }
+    {
+      users.groups.subusers.gid = 1093178926; # genid subusers
+    }
    {
      users.defaultUserShell = "/run/current-system/sw/bin/bash";
      users.mutableUsers = false;
--- a/tv/2configs/xserver/default.nix
+++ b/tv/2configs/xserver/default.nix
@ -70,14 +70,6 @@ let
        ExecStart = "${xserver}/bin/xserver";
      };
    };
-
-    programs.bash.interactiveShellInit = ''
-      case ''${XMONAD_SPAWN_WORKSPACE-} in
-        za|zh|zj|zs)
-          exec sudo -u zalora -i
-        ;;
-      esac
-    '';
  };

  xmonad-environment = {
--- a/tv/2configs/z.nix
+++ b/tv/2configs/z.nix
@ -0,0 +1,40 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+{
+  krebs.per-user.z.packages = [
+    (pkgs.writeScriptBin "cr" ''
+      #! /bin/sh
+      set -efu
+      export LC_TIME=de_DE.utf8
+      exec ${pkgs.chromium}/bin/chromium \
+          --ssl-version-min=tls1 \
+          --disk-cache-dir=/tmp/chromium-disk-cache_"$LOGNAME" \
+          --disk-cache-size=50000000 \
+          "%@"
+    '')
+  ];
+
+  programs.bash.interactiveShellInit = ''
+    case ''${XMONAD_SPAWN_WORKSPACE-} in
+      za|zh|zj|zs)
+        exec sudo -u z -i
+      ;;
+    esac
+  '';
+
+  security.sudo.extraConfig = "tv ALL=(z) NOPASSWD: ALL";
+
+  users.users.z = {
+    extraGroups = [
+      "audio"
+      "vboxusers"
+      "video"
+    ];
+    group = "subusers";
+    home = "/home/z";
+    uid = 3043726074; # genid z
+    useDefaultShell = true;
+  };
+}