no wheel for thy
This commit is contained in:
parent
aa52db52e3
commit
c94f8ff0fa
6
base.nix
6
base.nix
@ -52,9 +52,9 @@
|
||||
"nix-command"
|
||||
"flakes"
|
||||
];
|
||||
nix.settings.allowed-users = [ "*" ]; # default
|
||||
#nix.settings.allowed-users = [ "@nixbld" "@builders" ]; # TODO: this
|
||||
nix.settings.trusted-users = [ "root" "@wheel" ];
|
||||
#nix.settings.allowed-users = [ "@builders" ]; # TODO: this
|
||||
nix.settings.allowed-users = [ "root" "pbsds" "@wheel" ]; # default is [ "*" ]
|
||||
nix.settings.trusted-users = [ "root" "pbsds" "@wheel" ];
|
||||
nix.settings.keep-derivations = true; # great with nix-diff
|
||||
nix.settings.auto-optimise-store = true; # deduplicate with hardlinks, expensive. Alternative: nix-store --optimise
|
||||
nix.settings.max-silent-time = 3600;
|
||||
|
@ -2,11 +2,14 @@
|
||||
{
|
||||
/* programs.zsh.enable = true; */
|
||||
|
||||
nix.settings.allowed-users = [ "adrlau" ];
|
||||
nix.settings.trusted-users = [ "adrlau" ];
|
||||
|
||||
users.users.adrlau = {
|
||||
isNormalUser = true;
|
||||
uid = 1007;
|
||||
description = "Adrian";
|
||||
extraGroups = [ "wheel" ]; # TODO: NAS stuff
|
||||
extraGroups = [ "users" ];
|
||||
/* shell = pkgs.zsh; */
|
||||
|
||||
openssh.authorizedKeys.keys = [
|
||||
|
@ -1,11 +1,14 @@
|
||||
{ config, pkgs, lib, ... }:
|
||||
{
|
||||
|
||||
nix.settings.allowed-users = [ "bartvbl" ];
|
||||
nix.settings.trusted-users = [ "bartvbl" ];
|
||||
|
||||
users.users.bartvbl = {
|
||||
isNormalUser = true;
|
||||
uid = 1004;
|
||||
description = "Bart Iver van Blokland";
|
||||
extraGroups = [ "networkmanager" "wheel" ]; # TODO: NAS stuff
|
||||
extraGroups = [ "users" ];
|
||||
shell = pkgs.bashInteractive;
|
||||
packages = with pkgs; [
|
||||
rsync
|
||||
|
@ -2,11 +2,14 @@
|
||||
{
|
||||
programs.zsh.enable = true;
|
||||
|
||||
nix.settings.allowed-users = [ "daniel" ];
|
||||
nix.settings.trusted-users = [ "daniel" ];
|
||||
|
||||
users.users.daniel = {
|
||||
isNormalUser = true;
|
||||
uid = 1003;
|
||||
description = "daniel";
|
||||
extraGroups = [ "wheel" ]; # TODO: NAS stuff
|
||||
extraGroups = [ "users" ];
|
||||
shell = pkgs.zsh;
|
||||
packages = with pkgs; [
|
||||
kitty.terminfo
|
||||
|
@ -2,11 +2,14 @@
|
||||
{
|
||||
programs.zsh.enable = true;
|
||||
|
||||
nix.settings.allowed-users = [ "eirikwit" ];
|
||||
nix.settings.trusted-users = [ "eirikwit" ];
|
||||
|
||||
users.users.eirikwit = {
|
||||
isNormalUser = true;
|
||||
uid = 1005;
|
||||
description = "eirik";
|
||||
extraGroups = [ "wheel" ]; # TODO: NAS stuff
|
||||
extraGroups = [ "users" ];
|
||||
shell = pkgs.zsh;
|
||||
|
||||
openssh.authorizedKeys.keys = [
|
||||
|
@ -2,11 +2,14 @@
|
||||
{
|
||||
programs.zsh.enable = true;
|
||||
|
||||
nix.settings.allowed-users = [ "h7x4" ];
|
||||
nix.settings.trusted-users = [ "h7x4" ];
|
||||
|
||||
users.users.h7x4 = {
|
||||
isNormalUser = true;
|
||||
uid = 1006;
|
||||
description = "Øystein";
|
||||
extraGroups = [ "wheel" ]; # TODO: NAS stuff
|
||||
extraGroups = [ "users" ];
|
||||
shell = pkgs.zsh;
|
||||
|
||||
openssh.authorizedKeys.keys = [
|
||||
|
@ -2,11 +2,14 @@
|
||||
{
|
||||
programs.zsh.enable = true;
|
||||
|
||||
nix.settings.allowed-users = [ "jornane" ];
|
||||
nix.settings.trusted-users = [ "jornane" ];
|
||||
|
||||
users.users.jornane = {
|
||||
isNormalUser = true;
|
||||
uid = 1002;
|
||||
description = "jornane";
|
||||
extraGroups = [ "networkmanager" "wheel" ]; # TODO: NAS stuff
|
||||
extraGroups = [ "users" ];
|
||||
shell = pkgs.zsh;
|
||||
|
||||
openssh.authorizedKeys.keys = [
|
||||
|
@ -30,6 +30,10 @@
|
||||
then import ./home/gnome.nix
|
||||
else import ./home;
|
||||
|
||||
|
||||
nix.settings.allowed-users = [ "pbsds" ];
|
||||
nix.settings.trusted-users = [ "pbsds" ];
|
||||
|
||||
users.groups.pbsds.gid = 1001; # TODO: remove this, add a uid map to NFS instead
|
||||
users.users.pbsds = {
|
||||
isNormalUser = true;
|
||||
@ -37,6 +41,7 @@
|
||||
description = "pbsds";
|
||||
extraGroups = [
|
||||
"pbsds"
|
||||
"users" # backward compat
|
||||
"networkmanager"
|
||||
"audio"
|
||||
"sound"
|
||||
@ -44,7 +49,6 @@
|
||||
"input"
|
||||
"tty"
|
||||
"wheel"
|
||||
"nixbld"
|
||||
# TODO: NAS stuff
|
||||
] ++ lib.optionals config.virtualisation.docker.enable [
|
||||
"docker"
|
||||
|
Loading…
Reference in New Issue
Block a user