summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authortv <tv@shackspace.de>2015-07-27 00:49:06 +0200
committertv <tv@shackspace.de>2015-07-27 01:09:25 +0200
commit0057d3a1916b2438ca7a113b9d2977ba0808054e (patch)
treea519ca085b54a045fde1a94d8f0807dbdc7eb8fc
parent557090b2a2d866b597592f2e486416526471ba74 (diff)
1 tv wu: simplify users
-rw-r--r--1systems/tv/wu.nix76
1 files changed, 10 insertions, 66 deletions
diff --git a/1systems/tv/wu.nix b/1systems/tv/wu.nix
index 192b65b9d..9228e65ca 100644
--- a/1systems/tv/wu.nix
+++ b/1systems/tv/wu.nix
@@ -169,19 +169,21 @@ in
}
{
users.extraGroups = {
- tv-sub.gid = 1337;
+ tv.gid = 1337;
+ slaves.gid = 3799582008; # genid slaves
};
users.extraUsers =
- mapAttrs (name: user: user // {
+ mapAttrs (name: user@{ extraGroups ? [], ... }: user // {
inherit name;
home = "/home/${name}";
createHome = true;
useDefaultShell = true;
+ group = "tv";
+ extraGroups = ["slaves"] ++ extraGroups;
}) {
ff = {
uid = 13378001;
- group = "tv-sub";
extraGroups = [
"audio"
"video"
@@ -190,17 +192,6 @@ in
cr = {
uid = 13378002;
- group = "tv-sub";
- extraGroups = [
- "audio"
- "video"
- "bumblebee"
- ];
- };
-
- vimb = {
- uid = 13378003;
- group = "tv-sub";
extraGroups = [
"audio"
"video"
@@ -210,47 +201,38 @@ in
fa = {
uid = 2300001;
- group = "tv-sub";
};
rl = {
uid = 2300002;
- group = "tv-sub";
};
tief = {
uid = 2300702;
- group = "tv-sub";
};
btc-bitcoind = {
uid = 2301001;
- group = "tv-sub";
};
btc-electrum = {
uid = 2301002;
- group = "tv-sub";
};
ltc-litecoind = {
uid = 2301101;
- group = "tv-sub";
};
eth = {
uid = 2302001;
- group = "tv-sub";
};
emse-hsdb = {
uid = 4200101;
- group = "tv-sub";
};
wine = {
uid = 13370400;
- group = "tv-sub";
extraGroups = [
"audio"
"video"
@@ -258,21 +240,8 @@ in
];
};
- # dwarffortress
df = {
uid = 13370401;
- group = "tv-sub";
- extraGroups = [
- "audio"
- "video"
- "bumblebee"
- ];
- };
-
- # XXX visudo: Warning: Runas_Alias `FTL' referenced but not defined
- FTL = {
- uid = 13370402;
- #group = "tv-sub";
extraGroups = [
"audio"
"video"
@@ -280,14 +249,8 @@ in
];
};
- freeciv = {
- uid = 13370403;
- group = "tv-sub";
- };
-
xr = {
uid = 13370061;
- group = "tv-sub";
extraGroups = [
"audio"
"video"
@@ -296,26 +259,14 @@ in
"23" = {
uid = 13370023;
- group = "tv-sub";
};
electrum = {
uid = 13370102;
- group = "tv-sub";
- };
-
- Reaktor = {
- uid = 4230010;
- group = "tv-sub";
- };
-
- gitolite = {
- uid = 7700;
};
skype = {
uid = 6660001;
- group = "tv-sub";
extraGroups = [
"audio"
];
@@ -323,12 +274,10 @@ in
onion = {
uid = 6660010;
- group = "tv-sub";
};
zalora = {
uid = 1000301;
- group = "tv-sub";
extraGroups = [
"audio"
# TODO remove vboxusers when hardening is active
@@ -340,17 +289,12 @@ in
security.sudo.extraConfig =
let
- inherit (import ../../4lib/tv { inherit lib pkgs; })
- isSuffixOf;
-
- hasMaster = { group ? "", ... }:
- isSuffixOf "-sub" group;
-
- masterOf = user : removeSuffix "-sub" user.group;
+ isSlave = u: elem "slaves" u.extraGroups;
+ masterOf = u: u.group;
+ slaves = filterAttrs (_: isSlave) config.users.extraUsers;
+ toSudoers = u: "${masterOf u} ALL=(${u.name}) NOPASSWD: ALL";
in
- concatStringsSep "\n"
- (map (u: "${masterOf u} ALL=(${u.name}) NOPASSWD: ALL")
- (filter hasMaster (attrValues config.users.extraUsers)));
+ concatMapStringsSep "\n" toSudoers (attrValues slaves);
}
];