kalipso/infrastructure
1
1
Fork 1
Code Issues 43 Pull Requests 2 Actions Projects 2 Releases Wiki Activity

[user module] add backup usr
All checks were successful
Check flake syntax / flake-check (push) Successful in 5m57s
Details

Browse Source
This commit is contained in:
ahtlon
2025-03-11 18:14:00 +01:00
committed by ahtlon
parent 413202e940
commit 1083949c87
2 changed files with 31 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
machines/modules/malobeo/users.nix
View File

@@ -9,12 +9,17 @@ in
malobeo = lib.mkOption { malobeo = lib.mkOption {
type = lib.types.bool; type = lib.types.bool;
default = true; default = true;
description = "enable malobeo user, defaults to on"; description = "enable malobeo user, defaults to on, ";
}; };
admin = lib.mkOption { admin = lib.mkOption {
type = lib.types.bool; type = lib.types.bool;
default = true; default = true;
description = "enable admin user, defaults to on to prevent lockouts"; description = "enable admin user, defaults to on to prevent lockouts, passwordless sudo access";
};
backup = lib.mkOption {
type = lib.types.bool;
default = false;
description = "enable backup user, ";
}; };
}; };
config = lib.mkMerge [ config = lib.mkMerge [
@@ -50,6 +55,26 @@ in
} }
]; ];
}) })
(lib.mkIf cfg.backup {
users.users.backup = {
isNormalUser = true;
hashedPassword = null;
openssh.authorizedKeys.keys = sshKeys.backup;
description = "backup user for pull style backups, can only use zfs commands";
};
environment.systemPackages = with pkgs; [];
security.sudo.extraRules = [
{
users = [ "backup" ];
commands = [
{
command = "${pkgs.zfs-user}/bin/zfs";
options = [ "NOPASSWD" ];
}
];
}
];
})
{ {
users.mutableUsers = false; users.mutableUsers = false;
services.openssh.hostKeys = [ services.openssh.hostKeys = [

4
machines/ssh_keys.nix
View File

@@ -5,4 +5,8 @@
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINQg6a2EGmq+i9lfwU+SRMQ8MGN3is3VS6janzl9qOHo quaseb67@hzdr.de" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINQg6a2EGmq+i9lfwU+SRMQ8MGN3is3VS6janzl9qOHo quaseb67@hzdr.de"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICKaEcGaSKU0xC5qCwzj2oCLLG4PYjWHZ7/CXHw4urVk atlan@nixos" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICKaEcGaSKU0xC5qCwzj2oCLLG4PYjWHZ7/CXHw4urVk atlan@nixos"
]; ];
backup = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDIGryhnXdmbGObONG88K+c9zeduMrwtoLHwzMDZg3UXB+Cnq2FXWOrlLZxA+95VUgHpyGZiykJmzeWrKhldDlDeGGd8QCCLeuliiOgXADTYjWaVfhd+6arPZrK2VtqqsguvH40gW1xfoGAOmAT4WFnxWxIaEip0V2u6NOoKTiH9I3bz2Qe4lfJvPXig+XwCXcukXd6XUkDFYDpiw8XNV3X7pqTus5d2RYR97bAhIYZZQ6h50ZpTY8N0lFh4RY5yfx8BhxJW3tfoi9uZvVuPx7dGPsZsSniENFPMNz3UwHGitTJMr4088cJrAGgd5lyFuLouiHiM2JMGA0wx9wWTbWJEwTLaTVQK9gSJf857ndV2zCh9vKlfko4w9bQgqxKg4U/mY8dXX1E7D51nD2ci8Ed+ZG+NEneFLyZhLsD82GkBY+YovA+4xm/pcx+hBhlyqGNxI8v+Jh+JhEyD/ZLgJfq3ZMbGIGsTiDwZ2flLLxImHHEoDoT6PHU6hDhPDJu560="
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJKl5FWPskhlnzJs1+mMYrVTMNnRG92uFKUgGlteTPhL"
];
} }