mirror of
https://github.com/kittywitch/nixfiles.git
synced 2026-02-09 20:39:18 -08:00
40 lines
730 B
Nix
40 lines
730 B
Nix
{
|
|
config,
|
|
lib,
|
|
...
|
|
}: let
|
|
# TODO: solve lib usage
|
|
inherit (lib.lists) concatLists elem;
|
|
inherit (lib.attrsets) mapAttrsToList;
|
|
commonUser = {
|
|
openssh.authorizedKeys.keys = concatLists (mapAttrsToList
|
|
(_: user:
|
|
if elem "wheel" user.extraGroups
|
|
then user.openssh.authorizedKeys.keys
|
|
else [])
|
|
config.users.users);
|
|
};
|
|
in {
|
|
security.sudo.extraRules = [
|
|
{
|
|
users = ["deploy"];
|
|
commands = [
|
|
{
|
|
command = "ALL";
|
|
options = [
|
|
"NOPASSWD"
|
|
"SETENV"
|
|
];
|
|
}
|
|
];
|
|
}
|
|
];
|
|
users.users = {
|
|
root = commonUser;
|
|
deploy =
|
|
commonUser
|
|
// {
|
|
isNormalUser = true;
|
|
};
|
|
};
|
|
}
|