options/machine: allow to define users without wheel

2025-07-04 16:52:46 +02:00 · 2025-07-04 16:52:46 +02:00 · 88a6a90ab2
commit 88a6a90ab2
parent 87e83f336f
10 changed files with 26 additions and 25 deletions
--- a/services/impermanence.nix
+++ b/services/impermanence.nix
@ -76,7 +76,7 @@ in
        "/etc/ssh/ssh_host_rsa_key"
        "/etc/ssh/ssh_host_rsa_key.pub"
      ];
-    users = listToAttrs (map persistUser config.machine.administrators);
+    users = listToAttrs (map persistUser config.machine.users);
  };

  # link current home manager profile if it exists
@ -91,6 +91,6 @@ in
          ln -sfn /home/${name}/.local/state/nix/profiles/profile /home/${name}/.nix-profile
        fi
      ''
-    ) config.machine.administrators
+    ) config.machine.users
  );
 }
--- a/services/nextcloud.nix
+++ b/services/nextcloud.nix
@ -21,7 +21,7 @@ mkIf (elem "nextcloud" config.machine.services) {
        maxUploadSize = "1024M";
        package = pkgs.nextcloud30;
        config = {
-          adminuser = mkDefault (elemAt cfg.administrators 0).name;
+          adminuser = mkDefault (findFirst (user: user.isAdmin) { name = "admin"; } cfg.users).name;
          adminpassFile = config.sops.secrets."services/nextcloud/adminPass".path;
          dbtype = "mysql";
          dbhost = "localhost:3306";
--- a/services/openssh.nix
+++ b/services/openssh.nix
@ -25,7 +25,7 @@ mkIf (elem "openssh" config.machine.services) {
    extraConfig =
      let
        users =
-          concatMapStrings (user: "${user.name} ") config.machine.administrators
+          concatMapStrings (user: "${user.name} ") config.machine.users
          + (optionalString config.services.forgejo.enable (config.services.forgejo.user + " "));
      in
      ''
@ -36,10 +36,8 @@ mkIf (elem "openssh" config.machine.services) {
  };
  # Add public keys to /etc/ssh/authorized_keys.d
  # This replaces users.users.*.openssh.authorizedKeys.*
-  sops.secrets =
-    fn.sopsHelper (user: "users/${user.name}/publicKey") config.machine.administrators
-      (user: {
-        path = "/etc/ssh/authorized_keys.d/${user.name}";
-        mode = "444";
-      });
+  sops.secrets = fn.sopsHelper (user: "users/${user.name}/publicKey") config.machine.users (user: {
+    path = "/etc/ssh/authorized_keys.d/${user.name}";
+    mode = "444";
+  });
 }