25 lines
626 B
Nix
25 lines
626 B
Nix
{ config, lib, ... }:
|
|
with lib;
|
|
let
|
|
cfg = config.eboskma.users.builder;
|
|
authorizedKeys = builtins.map (key: (builtins.readFile (./keys/${key})))
|
|
(builtins.attrNames (builtins.readDir ./keys));
|
|
in
|
|
{
|
|
options.eboskma.users.builder = { enable = mkEnableOption "builder"; };
|
|
|
|
config = mkIf cfg.enable {
|
|
users.users.builder = {
|
|
isSystemUser = true;
|
|
group = "builder";
|
|
useDefaultShell = true;
|
|
home = "/var/lib/builder";
|
|
createHome = true;
|
|
openssh.authorizedKeys.keys = authorizedKeys;
|
|
};
|
|
|
|
users.groups.builder = { };
|
|
|
|
nix.settings.trusted-users = [ "builder" ];
|
|
};
|
|
}
|