From c94f8ff0faf81b82b60b248356ea9d96a7892f33 Mon Sep 17 00:00:00 2001 From: Peder Bergebakken Sundt Date: Wed, 31 Jul 2024 21:47:36 +0200 Subject: [PATCH] no wheel for thy --- base.nix | 6 +++--- users/adrlau/default.nix | 5 ++++- users/bartvbl/default.nix | 5 ++++- users/daniel/default.nix | 5 ++++- users/eirikwit/default.nix | 5 ++++- users/h7x4/default.nix | 5 ++++- users/jornane/default.nix | 5 ++++- users/pbsds/default.nix | 6 +++++- 8 files changed, 32 insertions(+), 10 deletions(-) diff --git a/base.nix b/base.nix index f6b5b28..a42b99c 100644 --- a/base.nix +++ b/base.nix @@ -52,9 +52,9 @@ "nix-command" "flakes" ]; - nix.settings.allowed-users = [ "*" ]; # default - #nix.settings.allowed-users = [ "@nixbld" "@builders" ]; # TODO: this - nix.settings.trusted-users = [ "root" "@wheel" ]; + #nix.settings.allowed-users = [ "@builders" ]; # TODO: this + nix.settings.allowed-users = [ "root" "pbsds" "@wheel" ]; # default is [ "*" ] + nix.settings.trusted-users = [ "root" "pbsds" "@wheel" ]; nix.settings.keep-derivations = true; # great with nix-diff nix.settings.auto-optimise-store = true; # deduplicate with hardlinks, expensive. Alternative: nix-store --optimise nix.settings.max-silent-time = 3600; diff --git a/users/adrlau/default.nix b/users/adrlau/default.nix index 4a7aeab..06469df 100644 --- a/users/adrlau/default.nix +++ b/users/adrlau/default.nix @@ -2,11 +2,14 @@ { /* programs.zsh.enable = true; */ + nix.settings.allowed-users = [ "adrlau" ]; + nix.settings.trusted-users = [ "adrlau" ]; + users.users.adrlau = { isNormalUser = true; uid = 1007; description = "Adrian"; - extraGroups = [ "wheel" ]; # TODO: NAS stuff + extraGroups = [ "users" ]; /* shell = pkgs.zsh; */ openssh.authorizedKeys.keys = [ diff --git a/users/bartvbl/default.nix b/users/bartvbl/default.nix index 5be8b29..2f7e624 100644 --- a/users/bartvbl/default.nix +++ b/users/bartvbl/default.nix @@ -1,11 +1,14 @@ { config, pkgs, lib, ... }: { + nix.settings.allowed-users = [ "bartvbl" ]; + nix.settings.trusted-users = [ "bartvbl" ]; + users.users.bartvbl = { isNormalUser = true; uid = 1004; description = "Bart Iver van Blokland"; - extraGroups = [ "networkmanager" "wheel" ]; # TODO: NAS stuff + extraGroups = [ "users" ]; shell = pkgs.bashInteractive; packages = with pkgs; [ rsync diff --git a/users/daniel/default.nix b/users/daniel/default.nix index 3ac52a9..9d431f5 100644 --- a/users/daniel/default.nix +++ b/users/daniel/default.nix @@ -2,11 +2,14 @@ { programs.zsh.enable = true; + nix.settings.allowed-users = [ "daniel" ]; + nix.settings.trusted-users = [ "daniel" ]; + users.users.daniel = { isNormalUser = true; uid = 1003; description = "daniel"; - extraGroups = [ "wheel" ]; # TODO: NAS stuff + extraGroups = [ "users" ]; shell = pkgs.zsh; packages = with pkgs; [ kitty.terminfo diff --git a/users/eirikwit/default.nix b/users/eirikwit/default.nix index 36d0c8b..3420ea1 100644 --- a/users/eirikwit/default.nix +++ b/users/eirikwit/default.nix @@ -2,11 +2,14 @@ { programs.zsh.enable = true; + nix.settings.allowed-users = [ "eirikwit" ]; + nix.settings.trusted-users = [ "eirikwit" ]; + users.users.eirikwit = { isNormalUser = true; uid = 1005; description = "eirik"; - extraGroups = [ "wheel" ]; # TODO: NAS stuff + extraGroups = [ "users" ]; shell = pkgs.zsh; openssh.authorizedKeys.keys = [ diff --git a/users/h7x4/default.nix b/users/h7x4/default.nix index 7ec51e1..9ef290b 100644 --- a/users/h7x4/default.nix +++ b/users/h7x4/default.nix @@ -2,11 +2,14 @@ { programs.zsh.enable = true; + nix.settings.allowed-users = [ "h7x4" ]; + nix.settings.trusted-users = [ "h7x4" ]; + users.users.h7x4 = { isNormalUser = true; uid = 1006; description = "Øystein"; - extraGroups = [ "wheel" ]; # TODO: NAS stuff + extraGroups = [ "users" ]; shell = pkgs.zsh; openssh.authorizedKeys.keys = [ diff --git a/users/jornane/default.nix b/users/jornane/default.nix index ea54f9a..c37aa98 100644 --- a/users/jornane/default.nix +++ b/users/jornane/default.nix @@ -2,11 +2,14 @@ { programs.zsh.enable = true; + nix.settings.allowed-users = [ "jornane" ]; + nix.settings.trusted-users = [ "jornane" ]; + users.users.jornane = { isNormalUser = true; uid = 1002; description = "jornane"; - extraGroups = [ "networkmanager" "wheel" ]; # TODO: NAS stuff + extraGroups = [ "users" ]; shell = pkgs.zsh; openssh.authorizedKeys.keys = [ diff --git a/users/pbsds/default.nix b/users/pbsds/default.nix index cc66178..ff37c88 100644 --- a/users/pbsds/default.nix +++ b/users/pbsds/default.nix @@ -30,6 +30,10 @@ then import ./home/gnome.nix else import ./home; + + nix.settings.allowed-users = [ "pbsds" ]; + nix.settings.trusted-users = [ "pbsds" ]; + users.groups.pbsds.gid = 1001; # TODO: remove this, add a uid map to NFS instead users.users.pbsds = { isNormalUser = true; @@ -37,6 +41,7 @@ description = "pbsds"; extraGroups = [ "pbsds" + "users" # backward compat "networkmanager" "audio" "sound" @@ -44,7 +49,6 @@ "input" "tty" "wheel" - "nixbld" # TODO: NAS stuff ] ++ lib.optionals config.virtualisation.docker.enable [ "docker"