feat: static UIDs

2026-02-09 12:29:19 -08:00 · 2024-02-09 06:22:32 -08:00 · 2024-02-09 06:22:32 -08:00 · 602eda1012
commit 602eda1012
parent 6671103eba
13 changed files with 102 additions and 34 deletions
--- a/nixos/arc.nix
+++ b/nixos/arc.nix
@ -1,17 +0,0 @@
-{ ... }: {
-  imports = [
-    ({ config, pkgs, ... }:
-
-      {
-        users.users.arc = {
-          uid = 1001;
-          isNormalUser = true;
-          extraGroups = [ "wheel" ];
-          openssh.authorizedKeys.keys = [
-            "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ8Z6briIboxIdedPGObEWB6QEQkvxKvnMW/UVU9t/ac mew-pgp"
-          ];
-          shell = pkgs.zsh;
-        };
-      })
-  ];
-}
--- a/nixos/base/access.nix
+++ b/nixos/base/access.nix
@ -1,11 +1,10 @@
 {
  config,
-  lib,
  pkgs,
  meta,
  ...
 }: {
-  security.sudo.wheelNeedsPassword = lib.mkForce false;
+  security.sudo.wheelNeedsPassword = false;

  security.polkit.extraConfig = ''
    polkit.addRule(function(action, subject) {
@ -15,22 +14,22 @@
    });
  '';

-  imports = with meta; [
-    nixos.kat
-    nixos.arc
+  imports = let
+    inherit (meta) nixos;
+  in [
+    nixos.users
  ];

  users.motd = ''
    [0m[1;35m${config.networking.hostName}.${config.networking.domain}[0m

  '';
+  users.defaultUserShell = pkgs.zsh;

  users.users.root = {
-    shell = pkgs.zsh;
    hashedPassword = "$6$i28yOXoo$/WokLdKds5ZHtJHcuyGrH2WaDQQk/2Pj0xRGLgS8UcmY2oMv3fw2j/85PRpsJJwCB2GBRYRK5LlvdTleHd3mB.";
    openssh.authorizedKeys.keys = with pkgs.lib;
-      ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDkeBFF4xxZgeURLzNHcvUFxImmkQ3pxXtpj3mtSyHXB kat@koishi"]
-      ++ (concatLists (mapAttrsToList
+      (concatLists (mapAttrsToList
        (name: user:
          if elem "wheel" user.extraGroups
          then user.openssh.authorizedKeys.keys
--- a/nixos/users/arc.nix
+++ b/nixos/users/arc.nix
@ -0,0 +1,17 @@
+{ config, ... }:
+
+{
+  users.users.arc = { name, ... }: {
+    uid = 8001;
+    isNormalUser = true;
+    autoSubUidGidRange = false;
+    group = name;
+    extraGroups = [ "users" "peeps" "kyuuto" "wheel" ];
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ8Z6briIboxIdedPGObEWB6QEQkvxKvnMW/UVU9t/ac mew-pgp"
+    ];
+  };
+  users.groups.arc = { name, ... }: {
+    gid = config.users.users.${name}.uid;
+  };
+}
--- a/nixos/users/groups.nix
+++ b/nixos/users/groups.nix
@ -0,0 +1,11 @@
+{ ... }:
+{
+  users.groups = {
+    peeps = {
+      gid = 8128;
+    };
+    kyuuto = {
+      gid = 8129;
+    };
+  };
+}
--- a/nixos/users/kat.nix
+++ b/nixos/users/kat.nix
@ -1,19 +1,20 @@
-{ meta, config, pkgs, lib, ... }: with lib;
+{ config, ... }:

 {
-  users.users.kat = {
-    uid = 1000;
+  users.users.kat = { name, ... }: {
+    uid = 8000;
    isNormalUser = true;
+    autoSubUidGidRange = false;
+    group = name;
+    extraGroups = [ "users" "peeps" "kyuuto" "wheel" ];
    openssh.authorizedKeys.keys = [
      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCocjQqiDIvzq+Qu3jkf7FXw5piwtvZ1Mihw9cVjdVcsra3U2c9WYtYrA3rS50N3p00oUqQm9z1KUrvHzdE+03ZCrvaGdrtYVsaeoCuuvw7qxTQRbItTAEsfRcZLQ5c1v/57HNYNEsjVrt8VukMPRXWgl+lmzh37dd9w45cCY1QPi+JXQQ/4i9Vc3aWSe4X6PHOEMSBHxepnxm5VNHm4PObGcVbjBf0OkunMeztd1YYA9sEPyEK3b8IHxDl34e5t6NDLCIDz0N/UgzCxSxoz+YJ0feQuZtud/YLkuQcMxW2dSGvnJ0nYy7SA5DkW1oqcy6CGDndHl5StOlJ1IF9aGh0gGkx5SRrV7HOGvapR60RphKrR5zQbFFka99kvSQgOZqSB3CGDEQGHv8dXKXIFlzX78jjWDOBT67vA/M9BK9FS2iNnBF5x6shJ9SU5IK4ySxq8qvN7Us8emkN3pyO8yqgsSOzzJT1JmWUAx0tZWG/BwKcFBHfceAPQl6pwxx28TM3BTBRYdzPJLTkAy48y6iXW6UYdfAPlShy79IYjQtEThTuIiEzdzgYdros0x3PDniuAP0KOKMgbikr0gRa6zahPjf0qqBnHeLB6nHAfaVzI0aNbhOg2bdOueE1FX0x48sjKqjOpjlIfq4WeZp9REr2YHEsoLFOBfgId5P3BPtpBQ== yubikey5"
 "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDPsu3vNsvBb/G+wALpstD/DnoRZ3fipAs00jtl8rzDuv96RlS7AJr4aNvG6Pt2D9SYn2wVLaiw+76mz2gOycH9/N+VCvL4/0MN9uqj+7XIcxNRo0gHVOblmi2bOXcmGKh3eRwHj1xyDwRxo9WIuBEP2bPpDPz75OXRtEdlTgvky7siSguQxJu03cb0p9hNAYhUoohNXyWW2CjDCLUQVE1+QRVUzsKq3KkPy0cHYgmZC1gRSMQyKpMt72L5tayLz3Tp/zrshucc+QO5IJeZdqMxsNAcvALsysT1J5EqxZoYH9VpWLRhSgVD6Nvn853pycJAlXQxgOCpSD3/v/JbgUe5NE+ci0o7NMy5IiHUv2gQMRIEhwBHlRGwokUPL9upx0lsjaEiPya5xQqqDKRom87xytM778ANS5CuMdQMWg9qVbpHZUHMjA0QmNkjPgq71pUDXHk5L4mZuS8wVjyjnvlw68yIJuHEc8P7QiLcjvRHFS2L9Ck8NRmPDTQXlQi9kk6LmMyu6fdevR/kZL21b+xO1e2DMyxBbNDTot8luppiiL8adgUDMwptpIne7JCWB1o9NFCbXUVgwuCCYBif6pOGSc6bGo1JTAKMflRlcy6Mi3t5H0mR2lj/sCSTWwTlP5FM4aPIq08NvW6PeuK1bFJY9fIgTwVsUnbAKOhmsMt62w== cardno:12 078 454"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII74JrgGsDQ6r7tD7+k3ykxXV7DpeeFRscPMxrBsDPhz kat@goliath"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDkeBFF4xxZgeURLzNHcvUFxImmkQ3pxXtpj3mtSyHXB kat@koishi"
    ];
-    shell = pkgs.zsh;
-    extraGroups = [ "wheel" "video" "systemd-journal" "plugdev" "bird2" "vfio" "input" "uinput" ];
  };
-
-  systemd.tmpfiles.rules = [
-    "f /var/lib/systemd/linger/kat"
-  ];
+  users.groups.kat = { name, ... }: {
+    gid = config.users.users.${name}.uid;
+  };
 }