From 907f1e97d35614f7051cd045b8b976cb83896b13 Mon Sep 17 00:00:00 2001 From: Alejandro Soto Date: Tue, 10 Jan 2023 19:22:41 -0600 Subject: env/users: add virtual user support --- env/users/default.nix | 124 ++++++++++++++++++++++++++++++++++++++------------ env/users/virtual.nix | 1 + 2 files changed, 96 insertions(+), 29 deletions(-) create mode 100644 env/users/virtual.nix (limited to 'env/users') diff --git a/env/users/default.nix b/env/users/default.nix index 2eaf891..f3be85a 100644 --- a/env/users/default.nix +++ b/env/users/default.nix @@ -1,44 +1,110 @@ -{ lib, ... }: -with lib; { +{ config, lib, ... }: +with lib; let + cfg = config.local; + inherit (config.networking) domain; +in +{ imports = [ ./mailbox.nix ]; - options.local.users = with types; mkOption { - default = { }; + options.local = with types; { + sysadmin = mkOption { + type = str; + }; - type = attrsOf (submodule { - options = { - uid = mkOption { - type = int; - }; + users = mkOption { + default = { }; - gid = mkOption { - type = int; - }; + type = attrsOf (submodule ({ config, ... }: { + options = { + uid = mkOption { + type = int; + }; - gecos = mkOption { - type = str; - default = ""; - }; + gid = mkOption { + type = int; + }; - groups = mkOption { - type = listOf str; - default = [ ]; - }; + gecos = mkOption { + type = str; + default = ""; + }; - allowLogin = mkOption { - type = bool; - default = true; + sysadmin = mkOption { + type = bool; + default = false; + }; + + groups = mkOption { + type = listOf str; + default = [ ]; + }; + + allowLogin = mkOption { + type = bool; + default = true; + }; + + hardAliases = mkOption { + type = listOf str; + default = [ ]; + }; }; - hardAliases = mkOption { - type = listOf str; - default = [ ]; + config.groups = mkBefore (optional config.sysadmin "wheel"); + })); + }; + + virtual = mkOption { + default = { }; + + type = attrsOf (submodule ({ name, ... }: { + options = { + aliases = mkOption { + type = attrsOf (listOf str); + default = { }; + }; + + users = mkOption { + type = attrsOf (submodule { }); + default = { }; + }; }; - }; - }); + + config.aliases = + let + sysadmin = mkDefault [ "sysadmin@${name}" ]; + in + { + abuse = sysadmin; + security = sysadmin; + webmaster = sysadmin; + hostmaster = sysadmin; + postmaster = sysadmin; + + sysadmin = mkDefault [ "sysadmin@${domain}" ]; + }; + })); + }; }; - config.local.users = import ./users.nix; + config.local = mkMerge [ + { + users = import ./users.nix; + virtual = import ./virtual.nix; + + sysadmin = + (findSingle + (user: user.value.sysadmin) + (throw "no user is declared as sysadmin") + (throw "more than one user is declared as sysadmin") + (mapAttrsToList nameValuePair cfg.users) + ).name; + } + + { + virtual.${domain}.aliases.sysadmin = [ cfg.sysadmin ]; + } + ]; } diff --git a/env/users/virtual.nix b/env/users/virtual.nix new file mode 100644 index 0000000..1bb3788 --- /dev/null +++ b/env/users/virtual.nix @@ -0,0 +1 @@ +# This file has been lustrated. -- cgit v1.2.3