change pub key management again, centralize users, start to modularize lenovo conf

2025-12-31 02:28:00 +01:00
parent 42a93f042e
commit 4b8882d82d
9 changed files with 114 additions and 82 deletions
--- a/users.nix
+++ b/users.nix
@@ -0,0 +1,39 @@
+{
+  config,
+  lib,
+  machine,
+  ...
+}: let
+  machines = import ./machines.nix;
+in {
+  users.users =
+    builtins.mapAttrs
+    (name: value: lib.mkIf (builtins.elem name machine.users) value)
+    {
+      "andromeda" = {
+        isNormalUser = true;
+        description = "andromeda";
+        hashedPasswordFile = builtins.toString config.age.secrets.secret0.path;
+        extraGroups = [
+          "networkmanager"
+          "wheel"
+        ];
+      };
+      "mtgmonkey" = {
+        isNormalUser = true;
+        description = "mtgmonkey";
+        hashedPasswordFile = builtins.toString config.age.secrets.secret1.path;
+        extraGroups = [
+          (lib.mkIf
+            (machine == machines.lenovo)
+            "networkmanager")
+          "wheel"
+        ];
+        openssh.authorizedKeys.keys = [
+          (lib.mkIf
+            (machine == machines._173-249-5-230)
+            config.pub-keys.ssh.andromeda)
+        ];
+      };
+    };
+}