krebs: extract users into separate module

krebs/3modules/default.nix

@@ -56,6 +56,7 @@ let
       ./tinc_graphs.nix
       ./upstream
       ./urlwatch.nix
+      ./users.nix
       ./xresources.nix
       ./zones.nix
     ];
@@ -66,10 +67,6 @@ let
   api = {
     enable = mkEnableOption "krebs";
 
-    users = mkOption {
-      type = with types; attrsOf user;
-    };
-
     sitemap = mkOption {
       default = {};
       type = types.attrsOf types.sitemap.entry;
@@ -112,18 +109,6 @@ let
 
       krebs.dns.search-domain = mkDefault "r";
 
-      krebs.users = {
-        krebs = {
-          home = "/krebs";
-          mail = "spam@krebsco.de";
-        };
-        root = {
-          home = "/root";
-          pubkey = config.krebs.build.host.ssh.pubkey;
-          uid = 0;
-        };
-      };
-
       services.openssh.hostKeys =
         let inherit (config.krebs.build.host.ssh) privkey; in
         mkIf (privkey != null) [privkey];

krebs/3modules/users.nix

@@ -0,0 +1,20 @@
+{ config, ... }: let
+  lib = import ../../lib;
+in {
+  options.krebs.users = lib.mkOption {
+    type = with lib.types; attrsOf user;
+  };
+  config = lib.mkIf config.krebs.enable {
+    krebs.users = {
+      krebs = {
+        home = "/krebs";
+        mail = "spam@krebsco.de";
+      };
+      root = {
+        home = "/root";
+        pubkey = config.krebs.build.host.ssh.pubkey;
+        uid = 0;
+      };
+    };
+  };
+}