From bad79f7f1270c01343b3c308f5a2cf390dac014c Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Fri, 6 Nov 2015 21:53:21 +0100
Subject: [PATCH] tv: init user z
---
tv/1systems/wu.nix | 11 +--------
tv/1systems/xu.nix | 11 +--------
tv/2configs/base.nix | 3 +++
tv/2configs/xserver/default.nix | 8 -------
tv/2configs/z.nix | 40 +++++++++++++++++++++++++++++++++
5 files changed, 45 insertions(+), 28 deletions(-)
create mode 100644 tv/2configs/z.nix
diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix
index b12e7df93..fe6a5f303 100644
--- a/tv/1systems/wu.nix
+++ b/tv/1systems/wu.nix
@@ -32,6 +32,7 @@ with lib;
../2configs/git.nix
../2configs/mail-client.nix
../2configs/xserver
+ ../2configs/z.nix
{
environment.systemPackages = with pkgs; [
@@ -287,16 +288,6 @@ with lib;
onion = {
uid = 6660010;
};
-
- zalora = {
- uid = 1000301;
- extraGroups = [
- "audio"
- # TODO remove vboxusers when hardening is active
- "vboxusers"
- "video"
- ];
- };
};
security.sudo.extraConfig =
diff --git a/tv/1systems/xu.nix b/tv/1systems/xu.nix
index e2cc2c06a..eb8c7c784 100644
--- a/tv/1systems/xu.nix
+++ b/tv/1systems/xu.nix
@@ -30,6 +30,7 @@ with lib;
../2configs/git.nix
../2configs/mail-client.nix
../2configs/xserver
+ ../2configs/z.nix
{
environment.systemPackages = with pkgs; [
@@ -286,16 +287,6 @@ with lib;
onion = {
uid = 6660010;
};
-
- zalora = {
- uid = 1000301;
- extraGroups = [
- "audio"
- # TODO remove vboxusers when hardening is active
- "vboxusers"
- "video"
- ];
- };
};
security.sudo.extraConfig =
diff --git a/tv/2configs/base.nix b/tv/2configs/base.nix
index a74ce3297..4beece5ef 100644
--- a/tv/2configs/base.nix
+++ b/tv/2configs/base.nix
@@ -22,6 +22,9 @@ with lib;
mapAttrs (_: h: { hashedPassword = h; })
(import <secrets/hashedPasswords.nix>);
}
+ {
+ users.groups.subusers.gid = 1093178926; # genid subusers
+ }
{
users.defaultUserShell = "/run/current-system/sw/bin/bash";
users.mutableUsers = false;
diff --git a/tv/2configs/xserver/default.nix b/tv/2configs/xserver/default.nix
index 4d2fe9e45..df00203be 100644
--- a/tv/2configs/xserver/default.nix
+++ b/tv/2configs/xserver/default.nix
@@ -70,14 +70,6 @@ let
ExecStart = "${xserver}/bin/xserver";
};
};
-
- programs.bash.interactiveShellInit = ''
- case ''${XMONAD_SPAWN_WORKSPACE-} in
- za|zh|zj|zs)
- exec sudo -u zalora -i
- ;;
- esac
- '';
};
xmonad-environment = {
diff --git a/tv/2configs/z.nix b/tv/2configs/z.nix
new file mode 100644
index 000000000..e5494ecc9
--- /dev/null
+++ b/tv/2configs/z.nix
@@ -0,0 +1,40 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+{
+ krebs.per-user.z.packages = [
+ (pkgs.writeScriptBin "cr" ''
+ #! /bin/sh
+ set -efu
+ export LC_TIME=de_DE.utf8
+ exec ${pkgs.chromium}/bin/chromium \
+ --ssl-version-min=tls1 \
+ --disk-cache-dir=/tmp/chromium-disk-cache_"$LOGNAME" \
+ --disk-cache-size=50000000 \
+ "%@"
+ '')
+ ];
+
+ programs.bash.interactiveShellInit = ''
+ case ''${XMONAD_SPAWN_WORKSPACE-} in
+ za|zh|zj|zs)
+ exec sudo -u z -i
+ ;;
+ esac
+ '';
+
+ security.sudo.extraConfig = "tv ALL=(z) NOPASSWD: ALL";
+
+ users.users.z = {
+ extraGroups = [
+ "audio"
+ "vboxusers"
+ "video"
+ ];
+ group = "subusers";
+ home = "/home/z";
+ uid = 3043726074; # genid z
+ useDefaultShell = true;
+ };
+}