[user module] add backup usr
All checks were successful
Check flake syntax / flake-check (push) Successful in 5m57s
All checks were successful
Check flake syntax / flake-check (push) Successful in 5m57s
This commit is contained in:
@@ -9,12 +9,17 @@ in
|
||||
malobeo = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
default = true;
|
||||
description = "enable malobeo user, defaults to on";
|
||||
description = "enable malobeo user, defaults to on, ";
|
||||
};
|
||||
admin = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
default = true;
|
||||
description = "enable admin user, defaults to on to prevent lockouts";
|
||||
description = "enable admin user, defaults to on to prevent lockouts, passwordless sudo access";
|
||||
};
|
||||
backup = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
default = false;
|
||||
description = "enable backup user, ";
|
||||
};
|
||||
};
|
||||
config = lib.mkMerge [
|
||||
@@ -50,6 +55,26 @@ in
|
||||
}
|
||||
];
|
||||
})
|
||||
(lib.mkIf cfg.backup {
|
||||
users.users.backup = {
|
||||
isNormalUser = true;
|
||||
hashedPassword = null;
|
||||
openssh.authorizedKeys.keys = sshKeys.backup;
|
||||
description = "backup user for pull style backups, can only use zfs commands";
|
||||
};
|
||||
environment.systemPackages = with pkgs; [];
|
||||
security.sudo.extraRules = [
|
||||
{
|
||||
users = [ "backup" ];
|
||||
commands = [
|
||||
{
|
||||
command = "${pkgs.zfs-user}/bin/zfs";
|
||||
options = [ "NOPASSWD" ];
|
||||
}
|
||||
];
|
||||
}
|
||||
];
|
||||
})
|
||||
{
|
||||
users.mutableUsers = false;
|
||||
services.openssh.hostKeys = [
|
||||
|
||||
Reference in New Issue
Block a user