abonerib/jungle
1
0
Fork 0
forked from rarias/jungle
Code Pull Requests 2 Actions Activity
Files
4b3c5dde1151edc6f7cdb63e09bbaf5e2c0d9aac
jungle/m/module/jungle-users.nix

30 lines
1013 B
Nix
Raw Blame History

{ config, lib, ... }:
with lib;
{
options = {
users.jungleUsers = mkOption {
type = types.attrsOf (types.anything // { check = (x: x ? "hosts"); });
description = ''
Same as users.users but with the extra `hosts` attribute, which controls
access to the nodes by `networking.hostName`.
'';
};
};
config = let
allowedUser = host: userConf: builtins.elem host userConf.hosts;
filterUsers = host: users: filterAttrs (n: v: allowedUser host v) users;
removeHosts = users: mapAttrs (n: v: builtins.removeAttrs v [ "hosts" ]) users;
addExtraGroups = mapAttrs (_: user: user // {
extraGroups = (user.extraGroups or [ ])
++ (lib.optionals (allowedUser "fox" user) [ "fox" ])
++ (lib.optionals (allowedUser "owl1" user || allowedUser "owl2" user) [ "owl" ]);
});
currentHost = config.networking.hostName;
in {
users.users = removeHosts (addExtraGroups (filterUsers currentHost config.users.jungleUsers));
};
}
View Git Blame Copy Permalink