Rodrigo Arias Mallo
0e22d6def8
The users.jungleUsers configuration option behaves like the users.users option, but defines the list attribute `hosts` for each user, which filters users so that only the user can only access those hosts. Reviewed-by: Aleix Roca Nonell <aleix.rocanonell@bsc.es>
25 lines
731 B
Nix
25 lines
731 B
Nix
{ config, lib, ... }:
|
|
|
|
with lib;
|
|
|
|
{
|
|
options = {
|
|
users.jungleUsers = mkOption {
|
|
type = types.attrsOf (types.anything // { check = (x: x ? "hosts"); });
|
|
description = ''
|
|
Same as users.users but with the extra `hosts` attribute, which controls
|
|
access to the nodes by `networking.hostName`.
|
|
'';
|
|
};
|
|
};
|
|
|
|
config = let
|
|
allowedUser = host: userConf: builtins.elem host userConf.hosts;
|
|
filterUsers = host: users: filterAttrs (n: v: allowedUser host v) users;
|
|
removeHosts = users: mapAttrs (n: v: builtins.removeAttrs v [ "hosts" ]) users;
|
|
currentHost = config.networking.hostName;
|
|
in {
|
|
users.users = removeHosts (filterUsers currentHost config.users.jungleUsers);
|
|
};
|
|
}
|