[user module] add backup usr
Some checks failed
Check flake syntax / flake-check (push) Has been cancelled
Some checks failed
Check flake syntax / flake-check (push) Has been cancelled
This commit is contained in:
@@ -8,12 +8,17 @@ in
|
||||
malobeo = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
default = true;
|
||||
description = "enable malobeo user, defaults to on";
|
||||
description = "enable malobeo user, defaults to on, ";
|
||||
};
|
||||
admin = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
default = true;
|
||||
description = "enable admin user, defaults to on to prevent lockouts";
|
||||
description = "enable admin user, defaults to on to prevent lockouts, passwordless sudo access";
|
||||
};
|
||||
backup = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
default = false;
|
||||
description = "enable backup user, ";
|
||||
};
|
||||
};
|
||||
config = lib.mkMerge [
|
||||
@@ -48,6 +53,26 @@ in
|
||||
}
|
||||
];
|
||||
})
|
||||
(lib.mkIf cfg.backup {
|
||||
users.users.backup = {
|
||||
isNormalUser = true;
|
||||
hashedPassword = null;
|
||||
openssh.authorizedKeys.keys = sshKeys.backup;
|
||||
description = "backup user for pull style backups, can only use zfs commands";
|
||||
};
|
||||
environment.systemPackages = with pkgs; [];
|
||||
security.sudo.extraRules = [
|
||||
{
|
||||
users = [ "backup" ];
|
||||
commands = [
|
||||
{
|
||||
command = "${pkgs.zfs-user}/bin/zfs";
|
||||
options = [ "NOPASSWD" ];
|
||||
}
|
||||
];
|
||||
}
|
||||
];
|
||||
})
|
||||
{
|
||||
users.mutableUsers = false;
|
||||
environment.systemPackages = with pkgs; [
|
||||
|
||||
Reference in New Issue
Block a user