From b55e007a15bf251156a59d7c5eaa9fc54dcd6cd8 Mon Sep 17 00:00:00 2001 From: Alexander Foremny Date: Mon, 8 Sep 2025 11:06:49 +0200 Subject: add `declarativeUsers` contract - example consumer `users.declarativeUsers` (creates users as Linux users) - example provider `hardcodedUsers.` (static configuration of user groups (each group is a `declarativeUsers` provider) --- default.nix | 12 ++++++++++++ modules/contracts/declarativeUsers.nix | 14 ++++++++++++++ modules/hardcodedUsers.nix | 20 ++++++++++++++++++++ modules/usersDeclarativeUsers.nix | 17 +++++++++++++++++ 4 files changed, 63 insertions(+) create mode 100644 modules/contracts/declarativeUsers.nix create mode 100644 modules/hardcodedUsers.nix create mode 100644 modules/usersDeclarativeUsers.nix diff --git a/default.nix b/default.nix index cf5673c..a28f7da 100644 --- a/default.nix +++ b/default.nix @@ -7,6 +7,9 @@ eval { ({ config, pkgs, self, ... }: { imports = [ ./modules/asecret.nix + ./modules/contracts/declarativeUsers.nix + ./modules/hardcodedUsers.nix + ./modules/usersDeclarativeUsers.nix ./modules/userSecret.nix self.config.outputs.nixosModules.asecret ]; @@ -14,6 +17,15 @@ eval { asecret.rootPassword.secret.consumer = config.users.users.root.passwordSecret; users.users.root.passwordSecret.provider = config.asecret.rootPassword.secret; + + hardcodedUsers.default.users = { + root = {}; + aforemny = {}; + kirchner = {}; + }; + + users.declarativeUsers.provider = config.hardcodedUsers.default.declarativeUsers; + hardcodedUsers.declarativeUsers.default.consumer = config.users.declarativeUsers; }) ]; machines.alice = { diff --git a/modules/contracts/declarativeUsers.nix b/modules/contracts/declarativeUsers.nix new file mode 100644 index 0000000..79ba00f --- /dev/null +++ b/modules/contracts/declarativeUsers.nix @@ -0,0 +1,14 @@ +{ lib, ... }: +{ + contracts.declarativeUsers = { + meta = { + maintainers = []; + description = ""; + }; + input = {}; + output.options.users = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule {}); + default = {}; + }; + }; +} diff --git a/modules/hardcodedUsers.nix b/modules/hardcodedUsers.nix new file mode 100644 index 0000000..344daf2 --- /dev/null +++ b/modules/hardcodedUsers.nix @@ -0,0 +1,20 @@ +{ config, lib, ... }: { + options.hardcodedUsers = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule (mod: { + options = { + users = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule {}); + default = {}; + }; + declarativeUsers = lib.mkOption { + type = config.contracts.declarativeUsers.provider; + default = null; + }; + }; + })); + default = {}; + }; + config.hardcodedUsers.default.declarativeUsers.output = { + inherit (config.hardcodedUsers.default) users; + }; +} diff --git a/modules/usersDeclarativeUsers.nix b/modules/usersDeclarativeUsers.nix new file mode 100644 index 0000000..2b5e2fc --- /dev/null +++ b/modules/usersDeclarativeUsers.nix @@ -0,0 +1,17 @@ +{ config, lib, ... }: +{ + options.users.declarativeUsers = lib.mkOption { + type = lib.types.nullOr config.contracts.declarativeUsers.consumer; + default = null; + }; + config = lib.mkIf (config.users.declarativeUsers != null) { + users = { + users = lib.mapAttrs (name: _: { + isNormalUser = lib.mkIf (name != "root") (lib.mkDefault true); + }) + config.users.declarativeUsers.output.users; + groups = lib.mapAttrs (_: _: {}) + config.users.declarativeUsers.output.users; + }; + }; +} -- cgit v1.2.3