selfprivacy-nixos-config/users.nix

{ pkgs, config, ... }:
let
  cfg = config.services.userdata;
in
{
  users.mutableUsers = false;
  users = {
    users = {
      "${cfg.username}" = {
        isNormalUser = true;
        hashedPassword = cfg.hashedMasterPassword;
        openssh.authorizedKeys.keys = cfg.sshKeys;
      };
    } // builtins.listToAttrs (builtins.map
      (user: {
        name = "${user.username}";
        value = {
          isNormalUser = true;
          hashedPassword = user.hashedPassword;
          openssh.authorizedKeys.keys = (if user ? sshKeys then user.sshKeys else [ ]);
        };
      })
      cfg.users);
  };
  selfprivacy.ldap = {
    enable = true;
    domain = "${cfg.domain}";
    rootUser = "${cfg.username}";
    rootHashedPassword = cfg.hashedMasterPassword;
    users = [
      (builtins.map
        (user: {
          username = "${user.username}";
          email = "${user.username}@${cfg.domain}";
          hashedPassword = user.hashedPassword;
          groups = [ "gitea" "nextcloud" "pleroma" ];
        })
        cfg.users)
    ];
  };
}
Initial commit 2021-11-15 10:02:05 +00:00			`{ pkgs, config, ... }:`
It builds! 2021-11-15 10:29:20 +00:00			`let`
			`cfg = config.services.userdata;`
			`in`
Initial commit 2021-11-15 10:02:05 +00:00			`{`
			`users.mutableUsers = false;`
			`users = {`
			`users = {`
It builds! 2021-11-15 10:29:20 +00:00			`"${cfg.username}" = {`
Initial commit 2021-11-15 10:02:05 +00:00			`isNormalUser = true;`
It builds! 2021-11-15 10:29:20 +00:00			`hashedPassword = cfg.hashedMasterPassword;`
API controlled timezone, autoupgrades and SSH keys 2021-11-22 16:53:43 +00:00			`openssh.authorizedKeys.keys = cfg.sshKeys;`
Initial commit 2021-11-15 10:02:05 +00:00			`};`
It builds! 2021-11-15 10:29:20 +00:00			`} // builtins.listToAttrs (builtins.map`
			`(user: {`
			`name = "${user.username}";`
			`value = {`
			`isNormalUser = true;`
			`hashedPassword = user.hashedPassword;`
Move secrets out of Nix Store (#19) Nix store is world-readable, and while nix repl fails to get the secret due to file permissions, we should still set up secrets without getting them in Nix store. In the past tmpfiles.d was used, but its entire contents get to the nix store. Now, all files with secrets are generated in activation scripts, with the help of jq and sed. Also dead Pleroma code was deleted, but CAPTCHA is still broken. Co-authored-by: inexcode <inex.code@selfprivacy.org> Reviewed-on: https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-config/pulls/19 Co-authored-by: Inex Code <inex.code@selfprivacy.org> Co-committed-by: Inex Code <inex.code@selfprivacy.org> 2022-07-19 12:18:46 +00:00			`openssh.authorizedKeys.keys = (if user ? sshKeys then user.sshKeys else [ ]);`
It builds! 2021-11-15 10:29:20 +00:00			`};`
			`})`
			`cfg.users);`
Initial commit 2021-11-15 10:02:05 +00:00			`};`
feat(ldap): Add LDAP support Co-authored-by: misuzu <bakalolka@gmail.com> 2023-03-28 16:31:02 +00:00			`selfprivacy.ldap = {`
			`enable = true;`
			`domain = "${cfg.domain}";`
			`rootUser = "${cfg.username}";`
			`rootHashedPassword = cfg.hashedMasterPassword;`
			`users = [`
			`(builtins.map`
			`(user: {`
			`username = "${user.username}";`
			`email = "${user.username}@${cfg.domain}";`
			`hashedPassword = user.hashedPassword;`
			`groups = [ "gitea" "nextcloud" "pleroma" ];`
			`})`
			`cfg.users)`
			`];`
			`};`
Initial commit 2021-11-15 10:02:05 +00:00			`}`