Merge pull request 'editorconfig' (!55) from editorconfig into main

Reviewed-on: https://git.pvv.ntnu.no/Drift/pvv-nixos-config/pulls/55
Reviewed-by: Oystein Kristoffer Tveit <oysteikt@pvv.ntnu.no>
This commit is contained in:
Peder Bergebakken Sundt 2024-08-04 16:20:23 +02:00
commit 41e94695f0
28 changed files with 143 additions and 131 deletions

10
.editorconfig Normal file
View File

@ -0,0 +1,10 @@
root = true
[*]
end_of_line = lf
insert_final_newline = true
trim_trailing_whitespace = true
[*.nix]
indent_style = space
indent_size = 2

1
.git-blame-ignore-revs Normal file
View File

@ -0,0 +1 @@
e00008da1afe0d760badd34bbeddff36bb08c475

View File

@ -30,7 +30,7 @@ creation_rules:
- *user_oysteikt - *user_oysteikt
# Host specific secrets # Host specific secrets
- path_regex: secrets/bekkalokk/[^/]+\.yaml$ - path_regex: secrets/bekkalokk/[^/]+\.yaml$
key_groups: key_groups:
- age: - age:
@ -66,7 +66,7 @@ creation_rules:
- *user_pederbs_bjarte - *user_pederbs_bjarte
pgp: pgp:
- *user_oysteikt - *user_oysteikt
- path_regex: secrets/bicep/[^/]+\.yaml$ - path_regex: secrets/bicep/[^/]+\.yaml$
key_groups: key_groups:
- age: - age:

View File

@ -15,9 +15,9 @@ let
enable = true; enable = true;
name = "git-runner-${name}"; url = "https://git.pvv.ntnu.no"; name = "git-runner-${name}"; url = "https://git.pvv.ntnu.no";
labels = [ labels = [
"debian-latest:docker://node:18-bullseye" "debian-latest:docker://node:18-bullseye"
"ubuntu-latest:docker://node:18-bullseye" "ubuntu-latest:docker://node:18-bullseye"
]; ];
tokenFile = config.sops.secrets."gitea/runners/${name}".path; tokenFile = config.sops.secrets."gitea/runners/${name}".path;
}; };
}; };

View File

@ -112,7 +112,7 @@ class PwAuth extends \SimpleSAML\Module\core\Auth\UserPassBase
array_shift($groups); array_shift($groups);
array_shift($groups); array_shift($groups);
array_pop($groups); array_pop($groups);
$info = posix_getpwnam($uid); $info = posix_getpwnam($uid);
$group = $info['gid']; $group = $info['gid'];
if (!in_array($group, $groups)) { if (!in_array($group, $groups)) {

View File

@ -58,7 +58,7 @@ $config = [
/* /*
* The following settings are *filesystem paths* which define where * The following settings are *filesystem paths* which define where
* SimpleSAMLphp can find or write the following things: * SimpleSAMLphp can find or write the following things:
* - 'cachedir': Where SimpleSAMLphp can write its cache. * - 'cachedir': Where SimpleSAMLphp can write its cache.
* - 'loggingdir': Where to write logs. MUST be set to NULL when using a logging * - 'loggingdir': Where to write logs. MUST be set to NULL when using a logging
* handler other than `file`. * handler other than `file`.
* - 'datadir': Storage of general data. * - 'datadir': Storage of general data.

View File

@ -22,62 +22,62 @@ let
# openssl req -newkey rsa:4096 -new -x509 -days 365 -nodes -out idp.crt -keyout idp.pem # openssl req -newkey rsa:4096 -new -x509 -days 365 -nodes -out idp.crt -keyout idp.pem
"metadata/saml20-idp-hosted.php" = pkgs.writeText "saml20-idp-remote.php" '' "metadata/saml20-idp-hosted.php" = pkgs.writeText "saml20-idp-remote.php" ''
<?php <?php
$metadata['https://idp.pvv.ntnu.no/'] = array( $metadata['https://idp.pvv.ntnu.no/'] = array(
'host' => '__DEFAULT__', 'host' => '__DEFAULT__',
'privatekey' => '${config.sops.secrets."idp/privatekey".path}', 'privatekey' => '${config.sops.secrets."idp/privatekey".path}',
'certificate' => '${./idp.crt}', 'certificate' => '${./idp.crt}',
'auth' => 'pwauth', 'auth' => 'pwauth',
); );
?> ?>
''; '';
"metadata/saml20-sp-remote.php" = pkgs.writeText "saml20-sp-remote.php" '' "metadata/saml20-sp-remote.php" = pkgs.writeText "saml20-sp-remote.php" ''
<?php <?php
${ lib.pipe config.services.idp.sp-remote-metadata [ ${ lib.pipe config.services.idp.sp-remote-metadata [
(map (url: '' (map (url: ''
$metadata['${url}'] = [ $metadata['${url}'] = [
'SingleLogoutService' => [ 'SingleLogoutService' => [
[ [
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect', 'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
'Location' => '${url}module.php/saml/sp/saml2-logout.php/default-sp', 'Location' => '${url}module.php/saml/sp/saml2-logout.php/default-sp',
], ],
[ [
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP', 'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP',
'Location' => '${url}module.php/saml/sp/saml2-logout.php/default-sp', 'Location' => '${url}module.php/saml/sp/saml2-logout.php/default-sp',
], ],
], ],
'AssertionConsumerService' => [ 'AssertionConsumerService' => [
[ [
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST', 'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
'Location' => '${url}module.php/saml/sp/saml2-acs.php/default-sp', 'Location' => '${url}module.php/saml/sp/saml2-acs.php/default-sp',
'index' => 0, 'index' => 0,
], ],
[ [
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact', 'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact',
'Location' => '${url}module.php/saml/sp/saml2-acs.php/default-sp', 'Location' => '${url}module.php/saml/sp/saml2-acs.php/default-sp',
'index' => 1, 'index' => 1,
], ],
], ],
]; ];
'')) ''))
(lib.concatStringsSep "\n") (lib.concatStringsSep "\n")
]} ]}
?> ?>
''; '';
"config/authsources.php" = pkgs.writeText "idp-authsources.php" '' "config/authsources.php" = pkgs.writeText "idp-authsources.php" ''
<?php <?php
$config = array( $config = array(
'admin' => array( 'admin' => array(
'core:AdminPassword' 'core:AdminPassword'
), ),
'pwauth' => array( 'pwauth' => array(
'authpwauth:PwAuth', 'authpwauth:PwAuth',
'pwauth_bin_path' => '${lib.getExe pwAuthScript}', 'pwauth_bin_path' => '${lib.getExe pwAuthScript}',
'mail_domain' => '@pvv.ntnu.no', 'mail_domain' => '@pvv.ntnu.no',
), ),
); );
?> ?>
''; '';
"config/config.php" = pkgs.runCommandLocal "simplesamlphp-config.php" { } '' "config/config.php" = pkgs.runCommandLocal "simplesamlphp-config.php" { } ''
@ -108,7 +108,7 @@ in
List of urls point to (simplesamlphp) service profiders, which the idp should trust. List of urls point to (simplesamlphp) service profiders, which the idp should trust.
:::{.note} :::{.note}
Make sure the url ends with a `/` Make sure the url ends with a `/`
::: :::
''; '';
}; };
@ -132,7 +132,7 @@ in
owner = "idp"; owner = "idp";
group = "idp"; group = "idp";
}; };
}; };
users.groups."idp" = { }; users.groups."idp" = { };
users.users."idp" = { users.users."idp" = {
@ -199,9 +199,9 @@ in
''; '';
}; };
"^~ /simplesaml/".extraConfig = '' "^~ /simplesaml/".extraConfig = ''
rewrite ^/simplesaml/(.*)$ /$1 redirect; rewrite ^/simplesaml/(.*)$ /$1 redirect;
return 404; return 404;
''; '';
}; };
}; };
}; };

View File

@ -885,9 +885,9 @@ let
# Create a limits.conf(5) file. # Create a limits.conf(5) file.
makeLimitsConf = limits: makeLimitsConf = limits:
pkgs.writeText "limits.conf" pkgs.writeText "limits.conf"
(concatMapStrings ({ domain, type, item, value }: (concatMapStrings ({ domain, type, item, value }:
"${domain} ${type} ${item} ${toString value}\n") "${domain} ${type} ${item} ${toString value}\n")
limits); limits);
limitsType = with lib.types; listOf (submodule ({ ... }: { limitsType = with lib.types; listOf (submodule ({ ... }: {
options = { options = {
@ -935,8 +935,8 @@ let
})); }));
motd = if config.users.motdFile == null motd = if config.users.motdFile == null
then pkgs.writeText "motd" config.users.motd then pkgs.writeText "motd" config.users.motd
else config.users.motdFile; else config.users.motdFile;
makePAMService = name: service: makePAMService = name: service:
{ name = "pam.d/${name}"; { name = "pam.d/${name}";
@ -976,20 +976,20 @@ in
item = "maxlogins"; item = "maxlogins";
value = "4"; value = "4";
} }
]; ];
description = lib.mdDoc '' description = lib.mdDoc ''
Define resource limits that should apply to users or groups. Define resource limits that should apply to users or groups.
Each item in the list should be an attribute set with a Each item in the list should be an attribute set with a
{var}`domain`, {var}`type`, {var}`domain`, {var}`type`,
{var}`item`, and {var}`value` {var}`item`, and {var}`value`
attribute. The syntax and semantics of these attributes attribute. The syntax and semantics of these attributes
must be that described in {manpage}`limits.conf(5)`. must be that described in {manpage}`limits.conf(5)`.
Note that these limits do not apply to systemd services, Note that these limits do not apply to systemd services,
whose limits can be changed via {option}`systemd.extraConfig` whose limits can be changed via {option}`systemd.extraConfig`
instead. instead.
''; '';
}; };
security.pam.services = mkOption { security.pam.services = mkOption {
@ -1507,8 +1507,8 @@ in
runuser = { rootOK = true; unixAuth = false; setEnvironment = false; }; runuser = { rootOK = true; unixAuth = false; setEnvironment = false; };
/* FIXME: should runuser -l start a systemd session? Currently /* FIXME: should runuser -l start a systemd session? Currently
it complains "Cannot create session: Already running in a it complains "Cannot create session: Already running in a
session". */ session". */
runuser-l = { rootOK = true; unixAuth = false; }; runuser-l = { rootOK = true; unixAuth = false; };
} // optionalAttrs config.security.pam.enableFscrypt { } // optionalAttrs config.security.pam.enableFscrypt {
# Allow fscrypt to verify login passphrase # Allow fscrypt to verify login passphrase

View File

@ -199,7 +199,7 @@ in {
extraConfig = '' extraConfig = ''
location ~ ^/simplesaml/(?<phpfile>.+?\.php)(?<pathinfo>/.*)?$ { location ~ ^/simplesaml/(?<phpfile>.+?\.php)(?<pathinfo>/.*)?$ {
include ${pkgs.nginx}/conf/fastcgi_params; include ${pkgs.nginx}/conf/fastcgi_params;
fastcgi_pass unix:${config.services.phpfpm.pools.mediawiki.socket}; fastcgi_pass unix:${config.services.phpfpm.pools.mediawiki.socket};
fastcgi_param SCRIPT_FILENAME ${simplesamlphp}/share/php/simplesamlphp/public/$phpfile; fastcgi_param SCRIPT_FILENAME ${simplesamlphp}/share/php/simplesamlphp/public/$phpfile;
# Must be prepended with the baseurlpath # Must be prepended with the baseurlpath

View File

@ -58,7 +58,7 @@ $config = [
/* /*
* The following settings are *filesystem paths* which define where * The following settings are *filesystem paths* which define where
* SimpleSAMLphp can find or write the following things: * SimpleSAMLphp can find or write the following things:
* - 'cachedir': Where SimpleSAMLphp can write its cache. * - 'cachedir': Where SimpleSAMLphp can write its cache.
* - 'loggingdir': Where to write logs. MUST be set to NULL when using a logging * - 'loggingdir': Where to write logs. MUST be set to NULL when using a logging
* handler other than `file`. * handler other than `file`.
* - 'datadir': Storage of general data. * - 'datadir': Storage of general data.

View File

@ -4,7 +4,7 @@ with lib;
let let
cfg = config.services.roundcube; cfg = config.services.roundcube;
domain = "webmail.pvv.ntnu.no"; domain = "webmail.pvv.ntnu.no";
in in
{ {
services.roundcube = { services.roundcube = {
enable = true; enable = true;

View File

@ -21,8 +21,8 @@ in {
services.idp.sp-remote-metadata = [ services.idp.sp-remote-metadata = [
"https://www.pvv.ntnu.no/simplesaml/" "https://www.pvv.ntnu.no/simplesaml/"
"https://pvv.ntnu.no/simplesaml/" "https://pvv.ntnu.no/simplesaml/"
"https://www.pvv.org/simplesaml/" "https://www.pvv.org/simplesaml/"
"https://pvv.org/simplesaml/" "https://pvv.org/simplesaml/"
]; ];
services.pvv-nettsiden = { services.pvv-nettsiden = {
@ -43,7 +43,7 @@ in {
'idp' => 'https://idp.pvv.ntnu.no/', 'idp' => 'https://idp.pvv.ntnu.no/',
), ),
); );
''; '';
}; };
}; };

View File

@ -46,7 +46,7 @@ in {
while IFS= read fname; do while IFS= read fname; do
# Skip this file if an up-to-date thumbnail already exists # Skip this file if an up-to-date thumbnail already exists
if [ -f ".thumbnails/$fname.png" ] && \ if [ -f ".thumbnails/$fname.png" ] && \
[ "$(date -R -r "$fname")" == "$(date -R -r ".thumbnails/$fname.png")" ] [ "$(date -R -r "$fname")" == "$(date -R -r ".thumbnails/$fname.png")" ]
then then
continue continue
fi fi
@ -54,7 +54,7 @@ in {
echo "Creating thumbnail for $fname" echo "Creating thumbnail for $fname"
mkdir -p $(dirname ".thumbnails/$fname") mkdir -p $(dirname ".thumbnails/$fname")
convert -define jpeg:size=200x200 "$fname" -thumbnail 300 -auto-orient ".thumbnails/$fname.png" ||: convert -define jpeg:size=200x200 "$fname" -thumbnail 300 -auto-orient ".thumbnails/$fname.png" ||:
touch -m -d "$(date -R -r "$fname")" ".thumbnails/$fname.png" touch -m -d "$(date -R -r "$fname")" ".thumbnails/$fname.png"
done <<< "$images" done <<< "$images"
''; '';

View File

@ -26,7 +26,7 @@
"turns:turn.pvv.ntnu.no:5349?transport=tcp" "turns:turn.pvv.ntnu.no:5349?transport=tcp"
"turns:turn.pvv.ntnu.no:5349?transport=udp" "turns:turn.pvv.ntnu.no:5349?transport=udp"
"turns:turn.pvv.ntnu.no:3478?transport=udp" "turns:turn.pvv.ntnu.no:3478?transport=udp"
"turns:turn.pvv.ntnu.no:3478?transport=tcp" "turns:turn.pvv.ntnu.no:3478?transport=tcp"
"turn:turn.pvv.ntnu.no:3478?transport=udp" "turn:turn.pvv.ntnu.no:3478?transport=udp"
@ -69,7 +69,7 @@
tls-listening-port = 443; tls-listening-port = 443;
alt-tls-listening-port = 5349; alt-tls-listening-port = 5349;
listening-port = 3478; listening-port = 3478;
min-port = 49000; min-port = 49000;
@ -116,7 +116,7 @@
#total-quota=1200 #total-quota=1200
''; '';
}; };
networking.firewall = { networking.firewall = {
interfaces.enp6s0f0 = let interfaces.enp6s0f0 = let
range = with config.services.coturn; [ { range = with config.services.coturn; [ {

View File

@ -12,6 +12,6 @@
./discord.nix ./discord.nix
]; ];
} }

View File

@ -141,7 +141,7 @@ in {
services.redis.servers."".enable = true; services.redis.servers."".enable = true;
services.nginx.virtualHosts."matrix.pvv.ntnu.no" = lib.mkMerge [ services.nginx.virtualHosts."matrix.pvv.ntnu.no" = lib.mkMerge [
{ {
kTLS = true; kTLS = true;

View File

@ -15,12 +15,12 @@
mysqld = { mysqld = {
# PVV allows a lot of connections at the same time # PVV allows a lot of connections at the same time
max_connect_errors = 10000; max_connect_errors = 10000;
bind-address = values.services.mysql.ipv4; bind-address = values.services.mysql.ipv4;
skip-networking = 0; skip-networking = 0;
# This was needed in order to be able to use all of the old users # This was needed in order to be able to use all of the old users
# during migration from knakelibrak to bicep in Sep. 2023 # during migration from knakelibrak to bicep in Sep. 2023
secure_auth = 0; secure_auth = 0;
}; };
}; };

View File

@ -35,10 +35,10 @@
# Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686 # Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686
useHostResolvConf = mkForce false; useHostResolvConf = mkForce false;
}; };
system.stateVersion = "23.11"; system.stateVersion = "23.11";
services.resolved.enable = true; services.resolved.enable = true;
}; };
}; };
}; };

View File

@ -23187,4 +23187,4 @@
"uid": "rYdddlPWk", "uid": "rYdddlPWk",
"version": 9, "version": 9,
"weekStart": "" "weekStart": ""
} }

View File

@ -3164,4 +3164,4 @@
"title": "PostgreSQL Database", "title": "PostgreSQL Database",
"uid": "000000039", "uid": "000000039",
"version": 1 "version": 1
} }

View File

@ -35,7 +35,7 @@ in {
name = "Ildkule Prometheus"; name = "Ildkule Prometheus";
type = "prometheus"; type = "prometheus";
url = "http://${config.services.prometheus.listenAddress}:${toString config.services.prometheus.port}"; url = "http://${config.services.prometheus.listenAddress}:${toString config.services.prometheus.port}";
isDefault = true; isDefault = true;
} }
{ {
name = "Ildkule loki"; name = "Ildkule loki";
@ -56,13 +56,13 @@ in {
url = "https://raw.githubusercontent.com/matrix-org/synapse/develop/contrib/grafana/synapse.json"; url = "https://raw.githubusercontent.com/matrix-org/synapse/develop/contrib/grafana/synapse.json";
options.path = dashboards/synapse.json; options.path = dashboards/synapse.json;
} }
# TODO: enable once https://github.com/NixOS/nixpkgs/pull/242365 gets merged # TODO: enable once https://github.com/NixOS/nixpkgs/pull/242365 gets merged
# { # {
# name = "MySQL"; # name = "MySQL";
# type = "file"; # type = "file";
# url = "https://raw.githubusercontent.com/prometheus/mysqld_exporter/main/mysqld-mixin/dashboards/mysql-overview.json"; # url = "https://raw.githubusercontent.com/prometheus/mysqld_exporter/main/mysqld-mixin/dashboards/mysql-overview.json";
# options.path = dashboards/mysql.json; # options.path = dashboards/mysql.json;
# } # }
{ {
name = "Postgresql"; name = "Postgresql";
type = "file"; type = "file";

View File

@ -58,7 +58,7 @@ in {
}; };
limits_config = { limits_config = {
allow_structured_metadata = false; allow_structured_metadata = false;
reject_old_samples = true; reject_old_samples = true;
reject_old_samples_max_age = "72h"; reject_old_samples_max_age = "72h";
}; };

View File

@ -38,7 +38,7 @@ in {
}; };
systemd.services.prometheus-postgres-exporter-knakelibrak.serviceConfig = let systemd.services.prometheus-postgres-exporter-knakelibrak.serviceConfig = let
localCfg = config.services.prometheus.exporters.postgres; localCfg = config.services.prometheus.exporters.postgres;
in lib.recursiveUpdate config.systemd.services.prometheus-postgres-exporter.serviceConfig { in lib.recursiveUpdate config.systemd.services.prometheus-postgres-exporter.serviceConfig {
EnvironmentFile = config.sops.secrets."keys/postgres/postgres_exporter_knakelibrak_env".path; EnvironmentFile = config.sops.secrets."keys/postgres/postgres_exporter_knakelibrak_env".path;
ExecStart = '' ExecStart = ''

View File

@ -32,7 +32,7 @@
color = "red"; color = "red";
command = "hostname | ${pkgs.toilet}/bin/toilet -f mono9"; command = "hostname | ${pkgs.toilet}/bin/toilet -f mono9";
}; };
service_status = { service_status = {
Accounts = "accounts-daemon"; Accounts = "accounts-daemon";
Cron = "cron"; Cron = "cron";
@ -40,16 +40,16 @@
Matrix = "matrix-synapse"; Matrix = "matrix-synapse";
sshd = "sshd"; sshd = "sshd";
}; };
uptime = { uptime = {
prefix = "Uptime: "; prefix = "Uptime: ";
}; };
# Not relevant for server # Not relevant for server
# user_service_status = { # user_service_status = {
# Gpg-agent = "gpg-agent"; # Gpg-agent = "gpg-agent";
# }; # };
filesystems = let filesystems = let
inherit (lib.attrsets) attrNames listToAttrs nameValuePair; inherit (lib.attrsets) attrNames listToAttrs nameValuePair;
inherit (lib.lists) imap1; inherit (lib.lists) imap1;
@ -61,7 +61,7 @@
getName = i: v: if (v.label != null) then v.label else "<? ${toString i}>"; getName = i: v: if (v.label != null) then v.label else "<? ${toString i}>";
in in
imap1Attrs' (i: n: v: nameValuePair (getName i v) n) fileSystems; imap1Attrs' (i: n: v: nameValuePair (getName i v) n) fileSystems;
memory = { memory = {
swap_pos = "beside"; # or "below" or "none" swap_pos = "beside"; # or "below" or "none"
}; };
@ -70,14 +70,14 @@
inherit (lib.lists) imap1; inherit (lib.lists) imap1;
inherit (lib.attrsets) filterAttrs nameValuePair attrValues listToAttrs; inherit (lib.attrsets) filterAttrs nameValuePair attrValues listToAttrs;
inherit (config.users) users; inherit (config.users) users;
normalUsers = filterAttrs (n: v: v.isNormalUser || n == "root") users; normalUsers = filterAttrs (n: v: v.isNormalUser || n == "root") users;
userNPVs = imap1 (index: user: nameValuePair user.name index) (attrValues normalUsers); userNPVs = imap1 (index: user: nameValuePair user.name index) (attrValues normalUsers);
in listToAttrs userNPVs; in listToAttrs userNPVs;
last_run = {}; last_run = {};
}; };
toml = pkgs.formats.toml {}; toml = pkgs.formats.toml {};
in toml.generate "rust-motd.toml" cfg; in toml.generate "rust-motd.toml" cfg;

View File

@ -36,10 +36,10 @@ in
type = lib.types.str; type = lib.types.str;
default = "${name}.key"; default = "${name}.key";
}; };
subject = lib.mkOption { subject = lib.mkOption {
type = lib.types.str; type = lib.types.str;
default = "/C=NO/O=Programvareverkstedet/CN=*.pvv.ntnu.no/emailAddress=drift@pvv.ntnu.no"; default = "/C=NO/O=Programvareverkstedet/CN=*.pvv.ntnu.no/emailAddress=drift@pvv.ntnu.no";
}; };
}; };
})); }));
}; };
@ -54,16 +54,16 @@ in
mkdir -p $(dirname "${value.certificate}") $(dirname "${value.certificateKey}") mkdir -p $(dirname "${value.certificate}") $(dirname "${value.certificateKey}")
if ! ${openssl} x509 -checkend 86400 -noout -in ${value.certificate} if ! ${openssl} x509 -checkend 86400 -noout -in ${value.certificate}
then then
echo "Regenerating '${value.certificate}'" echo "Regenerating '${value.certificate}'"
${openssl} req \ ${openssl} req \
-newkey rsa:4096 \ -newkey rsa:4096 \
-new -x509 \ -new -x509 \
-days "${toString value.daysValid}" \ -days "${toString value.daysValid}" \
-nodes \ -nodes \
-subj "${value.subject}" \ -subj "${value.subject}" \
-out "${value.certificate}" \ -out "${value.certificate}" \
-keyout "${value.certificateKey}" \ -keyout "${value.certificateKey}" \
${lib.escapeShellArgs value.extraOpenSSLArgs} ${lib.escapeShellArgs value.extraOpenSSLArgs}
fi fi
chown "${value.owner}:${value.group}" "${value.certificate}" chown "${value.owner}:${value.group}" "${value.certificate}"
chown "${value.owner}:${value.group}" "${value.certificateKey}" chown "${value.owner}:${value.group}" "${value.certificateKey}"

View File

@ -5,6 +5,7 @@ pkgs.mkShellNoCC {
gnupg gnupg
statix statix
openstackclient openstackclient
editorconfig-checker
]; ];
shellHook = '' shellHook = ''

View File

@ -3,10 +3,10 @@
{ {
users.users.amalieem = { users.users.amalieem = {
isNormalUser = true; isNormalUser = true;
extraGroups = [ "wheel" ]; extraGroups = [ "wheel" ];
shell = pkgs.zsh; shell = pkgs.zsh;
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPsMtFIj4Dem/onwMoWYbosOcU4y7A5nTjVwqWaU33E1 amalieem@matey-aug22" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPsMtFIj4Dem/onwMoWYbosOcU4y7A5nTjVwqWaU33E1 amalieem@matey-aug22"
]; ];
}; };
} }

View File

@ -3,7 +3,7 @@
{ {
users.users.jonmro = { users.users.jonmro = {
isNormalUser = true; isNormalUser = true;
extraGroups = [ "wheel" "drift" "nix-builder-users" ]; extraGroups = [ "wheel" "drift" "nix-builder-users" ];
shell = pkgs.zsh; shell = pkgs.zsh;
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEm5PfYmfl/0fnAP/3coVlvTw3/TYNLT6r/NwJHZbLAK jonrodtang@gmail.com" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEm5PfYmfl/0fnAP/3coVlvTw3/TYNLT6r/NwJHZbLAK jonrodtang@gmail.com"