From ed35c0547b9ece821e126cf7edafed3e5c3442e4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Cyryl=20P=C5=82otnicki?= <cyplo@cyplo.dev>
Date: Sat, 24 Aug 2024 21:49:15 +0100
Subject: [PATCH] add local user on bolty to allow for normal dotfile builds on
 bolty as it was a workstation

---
 flake.nix                     | 25 ++++++++++++++++++++++++-
 nixos/boxes/bolty/default.nix |  5 +++++
 nixos/server-security.nix     |  7 ++++++-
 3 files changed, 35 insertions(+), 2 deletions(-)

diff --git a/flake.nix b/flake.nix
index a60a78c0..c55d6733 100644
--- a/flake.nix
+++ b/flake.nix
@@ -37,6 +37,29 @@
         ];
         specialArgs = {inherit inputs system;};
       };
+    mkPrivateServer = pkgs: system: hostname:
+      pkgs.lib.nixosSystem {
+        inherit system;
+        modules = [
+          (./. + "/nixos/boxes/${hostname}")
+          (import ./nixos/server-common.nix)
+          sops.nixosModules.sops
+          disko.nixosModules.disko
+          home-manager.nixosModules.home-manager
+          {
+            home-manager = {
+              useGlobalPkgs = true;
+              useUserPackages = true;
+              users.cyryl = {
+                imports = [./nixos/home-manager ./nixos/home-manager/linux.nix];
+                _module.args.inputs = inputs;
+                _module.args.system = system;
+              };
+            };
+          }
+        ];
+        specialArgs = {inherit inputs system;};
+      };
     mkRaspi = pkgs: hostname: let
       system = "aarch64-linux";
     in
@@ -173,7 +196,7 @@
     nixosConfigurations = {
       foryog = mkWorkstation nixpkgs-nixos-unstable "x86_64-linux" "foryog";
       thinky = mkWorkstation nixpkgs-stable "x86_64-linux" "thinky";
-      bolty = mkServer nixpkgs-stable "x86_64-linux" "bolty";
+      bolty = mkPrivateServer nixpkgs-stable "x86_64-linux" "bolty";
       cupsnet = mkServer nixpkgs-stable "aarch64-linux" "cupsnet";
       mb1 = mkServer nixpkgs-stable "x86_64-linux" "mb1";
       airnix = mkServer nixpkgs-stable "aarch64-linux" "airnix";
diff --git a/nixos/boxes/bolty/default.nix b/nixos/boxes/bolty/default.nix
index 3c46eff0..b97fc668 100644
--- a/nixos/boxes/bolty/default.nix
+++ b/nixos/boxes/bolty/default.nix
@@ -29,4 +29,9 @@
   powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
 
   time.timeZone = "Europe/London";
+  users.extraUsers.root.openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPbJNY48F1Vn11aDX5hJSj4oS2NIKEH2busqoyQTLIvk cyryl@bolty"];
+  users.users.cyryl = {
+    home = "/data/home/cyryl";
+    createHome = true;
+  };
 }
diff --git a/nixos/server-security.nix b/nixos/server-security.nix
index c57660ff..17125752 100644
--- a/nixos/server-security.nix
+++ b/nixos/server-security.nix
@@ -29,8 +29,13 @@ in {
     openssh.authorizedKeys.keys = authorizedKeys;
   };
 
+  users.users.cyryl = {
+    isNormalUser = true;
+    openssh.authorizedKeys.keys = authorizedKeys;
+  };
+
   nix = {
-    settings.trusted-users = ["root" "nix-builder"];
+    settings.trusted-users = ["root" "nix-builder" "cyryl"];
     sshServe.enable = true;
     sshServe.keys = authorizedKeys;
   };