[user module] add backup usr

Merge pull request 'More nextcloud fixes' (#90 ) from nextcloud_issue_2 into master
Reviewed-on: #90
2025-03-12 20:21:47 +01:00 · 2025-03-12 12:21:17 +01:00 · 2025-03-11 20:40:12 +01:00
3 changed files with 33 additions and 3 deletions
--- a/machines/modules/malobeo/users.nix
+++ b/machines/modules/malobeo/users.nix
@@ -9,12 +9,17 @@ in
    malobeo = lib.mkOption {
      type = lib.types.bool;
      default = true;
-      description = "enable malobeo user, defaults to on";
+      description = "enable malobeo user, defaults to on, ";
    };
    admin = lib.mkOption {
      type = lib.types.bool;
      default = true;
-      description = "enable admin user, defaults to on to prevent lockouts";
+      description = "enable admin user, defaults to on to prevent lockouts, passwordless sudo access";
    };
    backup = lib.mkOption {
      type = lib.types.bool;
      default = false;
      description = "enable backup user, ";
    };
  };
  config = lib.mkMerge [
@@ -50,6 +55,26 @@ in
        }
      ];
    })
    (lib.mkIf cfg.backup {
      users.users.backup = {
        isNormalUser = true;
        hashedPassword = null;
        openssh.authorizedKeys.keys = sshKeys.backup;
        description = "backup user for pull style backups, can only use zfs commands";
      };
      environment.systemPackages = with pkgs; [];
      security.sudo.extraRules = [
        {
          users = [ "backup" ];
          commands = [
            {
              command = "${pkgs.zfs-user}/bin/zfs";
              options = [ "NOPASSWD" ];
            }
          ];
        }
      ];
    })
    {
      users.mutableUsers = false;
      services.openssh.hostKeys = [
--- a/machines/nextcloud/configuration.nix
+++ b/machines/nextcloud/configuration.nix
@@ -47,7 +47,7 @@ with lib;
    };
    extraAppsEnable = true;
    extraApps = {
-      inherit (config.services.nextcloud.package.packages.apps) contacts calendar deck polls;
+      inherit (config.services.nextcloud.package.packages.apps) contacts calendar deck polls registration;
      collectives = pkgs.fetchNextcloudApp {
        sha256 = "sha256-cj/8FhzxOACJaUEu0eG9r7iAQmnOG62yFHeyUICalFY=";
        url = "https://github.com/nextcloud/collectives/releases/download/v2.15.2/collectives-2.15.2.tar.gz";
@@ -56,6 +56,7 @@ with lib;
    };
    settings = {
      trusted_domains = ["10.0.0.13"];
      trusted_proxies = [ "10.0.0.1" ];
      "maintenance_window_start" = "1";
      "default_phone_region" = "DE";
    };
--- a/machines/ssh_keys.nix
+++ b/machines/ssh_keys.nix
@@ -5,4 +5,8 @@
   "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINQg6a2EGmq+i9lfwU+SRMQ8MGN3is3VS6janzl9qOHo quaseb67@hzdr.de"
   "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICKaEcGaSKU0xC5qCwzj2oCLLG4PYjWHZ7/CXHw4urVk atlan@nixos"
 ];
 backup = [
  "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDIGryhnXdmbGObONG88K+c9zeduMrwtoLHwzMDZg3UXB+Cnq2FXWOrlLZxA+95VUgHpyGZiykJmzeWrKhldDlDeGGd8QCCLeuliiOgXADTYjWaVfhd+6arPZrK2VtqqsguvH40gW1xfoGAOmAT4WFnxWxIaEip0V2u6NOoKTiH9I3bz2Qe4lfJvPXig+XwCXcukXd6XUkDFYDpiw8XNV3X7pqTus5d2RYR97bAhIYZZQ6h50ZpTY8N0lFh4RY5yfx8BhxJW3tfoi9uZvVuPx7dGPsZsSniENFPMNz3UwHGitTJMr4088cJrAGgd5lyFuLouiHiM2JMGA0wx9wWTbWJEwTLaTVQK9gSJf857ndV2zCh9vKlfko4w9bQgqxKg4U/mY8dXX1E7D51nD2ci8Ed+ZG+NEneFLyZhLsD82GkBY+YovA+4xm/pcx+hBhlyqGNxI8v+Jh+JhEyD/ZLgJfq3ZMbGIGsTiDwZ2flLLxImHHEoDoT6PHU6hDhPDJu560="
  "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJKl5FWPskhlnzJs1+mMYrVTMNnRG92uFKUgGlteTPhL"
 ];
 }
Author	SHA1	Message	Date
ahtlon	1083949c87	[user module] add backup usr All checks were successful Check flake syntax / flake-check (push) Successful in 5m57s Details	2025-03-12 20:21:47 +01:00
kalipso	413202e940	Merge pull request 'More nextcloud fixes' (#90 ) from nextcloud_issue_2 into master All checks were successful Check flake syntax / flake-check (push) Successful in 4m38s Details Reviewed-on: #90	2025-03-12 12:21:17 +01:00
ahtlon	ec20c80251	add proxy to trusted_proxies All checks were successful Check flake syntax / flake-check (push) Successful in 5m47s Details	2025-03-11 20:40:12 +01:00