add local user on bolty to allow for normal dotfile builds on bolty as it was a workstation

2024-08-24 21:49:15 +01:00 · 2024-08-24 21:49:15 +01:00 · ed35c0547b
commit ed35c0547b
parent ad14c6f92d
3 changed files with 35 additions and 2 deletions
--- a/flake.nix
+++ b/flake.nix
@ -37,6 +37,29 @@
        ];
        specialArgs = {inherit inputs system;};
      };
+    mkPrivateServer = pkgs: system: hostname:
+      pkgs.lib.nixosSystem {
+        inherit system;
+        modules = [
+          (./. + "/nixos/boxes/${hostname}")
+          (import ./nixos/server-common.nix)
+          sops.nixosModules.sops
+          disko.nixosModules.disko
+          home-manager.nixosModules.home-manager
+          {
+            home-manager = {
+              useGlobalPkgs = true;
+              useUserPackages = true;
+              users.cyryl = {
+                imports = [./nixos/home-manager ./nixos/home-manager/linux.nix];
+                _module.args.inputs = inputs;
+                _module.args.system = system;
+              };
+            };
+          }
+        ];
+        specialArgs = {inherit inputs system;};
+      };
    mkRaspi = pkgs: hostname: let
      system = "aarch64-linux";
    in
@ -173,7 +196,7 @@
    nixosConfigurations = {
      foryog = mkWorkstation nixpkgs-nixos-unstable "x86_64-linux" "foryog";
      thinky = mkWorkstation nixpkgs-stable "x86_64-linux" "thinky";
-      bolty = mkServer nixpkgs-stable "x86_64-linux" "bolty";
+      bolty = mkPrivateServer nixpkgs-stable "x86_64-linux" "bolty";
      cupsnet = mkServer nixpkgs-stable "aarch64-linux" "cupsnet";
      mb1 = mkServer nixpkgs-stable "x86_64-linux" "mb1";
      airnix = mkServer nixpkgs-stable "aarch64-linux" "airnix";
--- a/nixos/boxes/bolty/default.nix
+++ b/nixos/boxes/bolty/default.nix
@ -29,4 +29,9 @@
  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";

  time.timeZone = "Europe/London";
+  users.extraUsers.root.openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPbJNY48F1Vn11aDX5hJSj4oS2NIKEH2busqoyQTLIvk cyryl@bolty"];
+  users.users.cyryl = {
+    home = "/data/home/cyryl";
+    createHome = true;
+  };
 }
--- a/nixos/server-security.nix
+++ b/nixos/server-security.nix
@ -29,8 +29,13 @@ in {
    openssh.authorizedKeys.keys = authorizedKeys;
  };

+  users.users.cyryl = {
+    isNormalUser = true;
+    openssh.authorizedKeys.keys = authorizedKeys;
+  };
+
  nix = {
-    settings.trusted-users = ["root" "nix-builder"];
+    settings.trusted-users = ["root" "nix-builder" "cyryl"];
    sshServe.enable = true;
    sshServe.keys = authorizedKeys;
  };