user: 整理

2026-01-12 04:39:23 +08:00 · 2024-03-20 09:08:20 +08:00
parent d804019b54
commit 6380195afe
9 changed files with 45 additions and 63 deletions
--- a/modules/user/chn/default.nix
+++ b/modules/user/chn/default.nix
@@ -15,19 +15,7 @@ inputs:
          (builtins.attrNames inputs.config.users.groups);
        autoSubUidGidRange = true;
        hashedPassword = "$y$j9T$xJwVBoGENJEDSesJ0LfkU1$VEExaw7UZtFyB4VY1yirJvl7qS7oiF49KbEBrV0.hhC";
-        openssh.authorizedKeys.keys =
-        [
-          # ykman fido credentials list
-          # ykman fido credentials delete f2c1ca2d
-          # ssh-keygen -t ed25519-sk -O resident
-          # ssh-keygen -K
-          (builtins.concatStringsSep " "
-          [
-            "sk-ssh-ed25519@openssh.com"
-            "AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEU/JPpLxsk8UWXiZr8CPNG+4WKFB92o1Ep9OEstmPLzAAAABHNzaDo="
-            "chn@pc"
-          ])
-        ];
+        openssh.authorizedKeys.keys = [(builtins.readFile ./id_ed25519_sk.pub)];
      };
      home-manager.users.chn =
      {
--- a/modules/user/chn/id_ed25519_sk.pub
+++ b/modules/user/chn/id_ed25519_sk.pub
@@ -0,0 +1 @@
+sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEU/JPpLxsk8UWXiZr8CPNG+4WKFB92o1Ep9OEstmPLzAAAABHNzaDo= chn@pc
--- a/modules/user/chn/id_rsa.pub
+++ b/modules/user/chn/id_rsa.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDXlhoouWG+arWJz02vBP/lxpG2tUjx8jhGBnDeNyMu0OtGcnHMAWcb3YDP0A2XJIVFBCCZMM2REwnSNbHRSCl1mTdRbelfjA+7Jqn1wnrDXkAOG3S8WYXryPGpvavu6lgW7p+dIhGiTLWwRbFH+epFTn1hZ3A1UofVIWTOPdoOnx6k7DpQtIVMWiIXLg0jIkOZiTMr3jKfzLMBAqQ1xbCV2tVwbEY02yxxyxIznbpSPReyn1RDLWyqqLRd/oqGPzzhEXNGNAZWnSoItkYq9Bxh2AvMBihiTir3FEVPDgDLtS5LUpM93PV1yTr6JyCPAod9UAxpfBYzHKse0KCQFoZH chn@chn-PC
--- a/modules/user/default.nix
+++ b/modules/user/default.nix
@@ -4,12 +4,6 @@ inputs:
  options.nixos.user = let inherit (inputs.lib) mkOption types; in
  {
    users = mkOption { type = types.listOf types.nonEmptyStr; default = [ "chn" ]; };
-    normalUsers = mkOption
-    {
-      type = types.listOf types.nonEmptyStr;
-      readOnly = true;
-      default = [ "chn" "gb" "test" "xll" "yjq" "zem" ];
-    };
    sharedModules = mkOption { type = types.listOf types.anything; default = []; };
    uid = mkOption
    {
@@ -47,34 +41,48 @@ inputs:
      };
    };
  };
-  config = let inherit (inputs.config.nixos) user; in
-  {
-    assertions = builtins.map
-      (user:
+  config = let inherit (inputs.config.nixos) user; in inputs.lib.mkMerge
+  [
+    {
+      users =
      {
-        assertion = builtins.elem user user.normalUsers; 
-        message = "user ${user} is not a normal user";
-      })
-      user.users;
-    users = inputs.lib.mkMerge (builtins.map
-      (name:
-      {
-        users.${name} =
-        {
-          uid = user.uid.${name};
-          group = name;
-          isNormalUser = true;
-          shell = inputs.pkgs.zsh;
-          extraGroups = inputs.lib.intersectLists [ "users" "video" "audio" ]
-            (builtins.attrNames inputs.config.users.groups);
-        };
-        groups.${name}.gid = user.gid.${name};
-      })
-      user.users);
-    home-manager.users = inputs.lib.mkMerge (builtins.map
-      (name: { ${name}.imports = user.sharedModules; })
-      user.users);
-  };
+        users = builtins.listToAttrs (builtins.map
+          (userName:
+          {
+            name = userName;
+            value =
+            {
+              uid = user.uid.${userName};
+              group = userName;
+              isNormalUser = true;
+              shell = inputs.pkgs.zsh;
+              extraGroups = inputs.lib.intersectLists [ "users" "video" "audio" ]
+                (builtins.attrNames inputs.config.users.groups);
+              # ykman fido credentials list
+              # ykman fido credentials delete f2c1ca2d
+              # ssh-keygen -t ed25519-sk -O resident
+              # ssh-keygen -K
+              openssh.authorizedKeys.keys =
+                let
+                  keys = [ "rsa" "ed25519" "ed25519_sk" ];
+                  getKey = user: key: inputs.lib.optional (builtins.pathExists ./${user}/id_${key}.pub)
+                    (builtins.readFile ./${user}/id_${key}.pub);
+                in inputs.lib.mkDefault (builtins.concatLists (builtins.map (key: getKey userName key) keys));
+            };
+          })
+          user.users);
+        groups = builtins.listToAttrs (builtins.map
+          (name: { inherit name; value.gid = user.gid.${name}; })
+          user.users);
+      };
+      home-manager.users = builtins.listToAttrs (builtins.map
+        (name: { inherit name; value.imports = user.sharedModules; })
+        user.users);
+    }
+    {
+      users.users.root.openssh.authorizedKeys.keys = [(builtins.readFile ./chn/id_ed25519_sk.pub)];
+    }
+  ];
 }

 # environment.persistence."/impermanence".users.chn =
--- a/modules/user/gb/default.nix
+++ b/modules/user/gb/default.nix
@@ -12,7 +12,6 @@ inputs:
          [ "groupshare" ]
          (builtins.attrNames inputs.config.users.groups);
        hashedPasswordFile = inputs.config.sops.secrets."users/gb".path;
-        openssh.authorizedKeys.keys = [ (builtins.readFile ./id_rsa.pub) ];
      };
      home-manager.users.gb = homeInputs:
      {
--- a/modules/user/root/default.nix
+++ b/modules/user/root/default.nix
@@ -6,19 +6,7 @@ inputs:
      inherit (inputs.config.nixos) user;
    in
    {
-      users.users.root =
-      {
-        hashedPassword = "$y$j9T$.UyKKvDnmlJaYZAh6./rf/$65dRqishAiqxCE6LEMjqruwJPZte7uiyYLVKpzdZNH5";
-        openssh.authorizedKeys.keys =
-        [
-          (builtins.concatStringsSep ""
-          [
-            "sk-ssh-ed25519@openssh.com "
-            "AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEU/JPpLxsk8UWXiZr8CPNG+4WKFB92o1Ep9OEstmPLzAAAABHNzaDo= "
-            "chn@pc"
-          ])
-        ];
-      };
+      users.users.root.hashedPassword = "$y$j9T$.UyKKvDnmlJaYZAh6./rf/$65dRqishAiqxCE6LEMjqruwJPZte7uiyYLVKpzdZNH5";
      home-manager.users.root =
      {
        config.programs.git =
--- a/modules/user/xll/default.nix
+++ b/modules/user/xll/default.nix
@@ -12,7 +12,6 @@ inputs:
          [ "groupshare" ]
          (builtins.attrNames inputs.config.users.groups);
        hashedPasswordFile = inputs.config.sops.secrets."users/xll".path;
-        openssh.authorizedKeys.keys = [ (builtins.readFile ./id_rsa.pub) ];
      };
      home-manager.users.xll = homeInputs:
      {
--- a/modules/user/yjq/default.nix
+++ b/modules/user/yjq/default.nix
@@ -12,7 +12,6 @@ inputs:
          [ "groupshare" ]
          (builtins.attrNames inputs.config.users.groups);
        hashedPasswordFile = inputs.config.sops.secrets."users/yjq".path;
-        openssh.authorizedKeys.keys = [ (builtins.readFile ./id_rsa.pub) ];
      };
      home-manager.users.yjq = homeInputs:
      {
--- a/modules/user/zem/default.nix
+++ b/modules/user/zem/default.nix
@@ -12,7 +12,6 @@ inputs:
          [ "groupshare" ]
          (builtins.attrNames inputs.config.users.groups);
        hashedPasswordFile = inputs.config.sops.secrets."users/zem".path;
-        openssh.authorizedKeys.keys = [ (builtins.readFile ./id_rsa.pub) ];
      };
      home-manager.users.zem = homeInputs:
      {
				`@@ -0,0 +1 @@`
				`sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEU/JPpLxsk8UWXiZr8CPNG+4WKFB92o1Ep9OEstmPLzAAAABHNzaDo= chn@pc`
				`@@ -0,0 +1 @@`
				`ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDXlhoouWG+arWJz02vBP/lxpG2tUjx8jhGBnDeNyMu0OtGcnHMAWcb3YDP0A2XJIVFBCCZMM2REwnSNbHRSCl1mTdRbelfjA+7Jqn1wnrDXkAOG3S8WYXryPGpvavu6lgW7p+dIhGiTLWwRbFH+epFTn1hZ3A1UofVIWTOPdoOnx6k7DpQtIVMWiIXLg0jIkOZiTMr3jKfzLMBAqQ1xbCV2tVwbEY02yxxyxIznbpSPReyn1RDLWyqqLRd/oqGPzzhEXNGNAZWnSoItkYq9Bxh2AvMBihiTir3FEVPDgDLtS5LUpM93PV1yTr6JyCPAod9UAxpfBYzHKse0KCQFoZH chn@chn-PC`