diff options
37 files changed, 394 insertions, 1516 deletions
diff --git a/default.nix b/default.nix index ac748c286..1637aa464 100644 --- a/default.nix +++ b/default.nix @@ -13,40 +13,36 @@ let stockholm = { krebs = import ./krebs (args // { inherit lib stockholm; }); - lib = - let - lib = import <nixpkgs/lib>; - klib = import ./krebs/4lib { inherit lib; }; - #ulib = import (./. + "/${current-user-name}/4lib") { lib = lib // klib; }; - ulib = {}; # TODO - in - builtins // lib // klib // ulib // rec { - # TODO move this stuff + lib = let + nlib = import <nixpkgs/lib>; + klib = import (slib.kpath "4lib") { lib = nlib; }; + slib = rec { stockholm-path = ./.; nspath = ns: p: stockholm-path + "/${ns}/${p}"; + kpath = nspath "krebs"; + upath = nspath current-user-name; }; + ulib = let p = slib.upath "4lib"; in + nlib.optionalAttrs (klib.dir.has-default-nix p) + (import p { lib = nlib // klib; }); + in nlib // klib // slib // ulib // builtins; inherit (eval {}) pkgs; - kpath = lib.nspath "krebs"; - upath = lib.nspath current-user-name; - base-module = { config, ... }: { - imports = builtins.filter builtins.pathExists (lib.concatLists [ - (map (f: f "2configs") [ upath ]) - (map (f: f "3modules") [ kpath upath ]) + imports = builtins.filter lib.dir.has-default-nix (lib.concatLists [ + (map (f: f "2configs") [ lib.upath ]) + (map (f: f "3modules") [ lib.kpath lib.upath ]) ]); krebs.current.enable = true; krebs.current.host = config.krebs.hosts.${current-host-name}; krebs.current.user = config.krebs.users.${current-user-name}; - nixpkgs.config.packageOverrides = pkgs: - let - kpkgs = import (kpath "5pkgs") { inherit lib pkgs; }; - upkgs = import (upath "5pkgs") { inherit lib; pkgs = pkgs // kpkgs; }; - in - kpkgs // upkgs; + nixpkgs.config.packageOverrides = pkgs: let + kpkgs = import (lib.kpath "5pkgs") { inherit lib pkgs; }; + upkgs = import (lib.upath "5pkgs") { inherit lib; pkgs = pkgs // kpkgs; }; + in kpkgs // upkgs; }; eval = config: import <nixpkgs/nixos/lib/eval-config.nix> { diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 0be166255..2ad4353bd 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -96,8 +96,8 @@ in { ''; }; }; - ssh.privkey.path = <secrets/ssh.id_ed25519>; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINKVjJrM7fHfHpvZXEA3hmX4JliHl6h6Q8AGOPcu+9fF"; + ssh.privkey.path = <secrets/ssh.id_rsa>; + ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQChm4sqQ2bUZj+2YnTf6G5HHRTpSe1jTUhJRnwcYPYZKF+CBqBncipRpuGlGXEsptNa+7ZMcQC0ySsz5SUOMt3Ih+NehVe/qt3VtRz0l0MgOWmH2qBwKK9Y4IuxrJQzUmP4UGlOGlFj9DORssSMOyFIG4eZ9k2qMn3xal0NVRfGTShKlouWsiUILZ8I+sDNE00z8DAYesgc1yazvRnjzvLkRxdNdpYiAFBbmXMpPKK95McRJaWsuNSeal9kd5p5PagWcgN4DZ6+ebzz3NKnmzk4j+vuHX0U9lTXBqKMlzzmM2YNLRtDPfrtJNyHqLpZUpFhJKqZCD+4/0zdrzRfC7Th+5czzUCSvHiKPVsqw5eOdiQX6EyzNAF5zpkpRp//QdUNNXC5/Ku6GKCO491+TuA8VCha0fOwBONccTLUI/hGNmCh88mLbukVoeGJrbYNCOA/6kEz7ZLEveU4i+TT7okhDElMsNk+AWCZ8/NdJQNX3/K6+JJ9qAn+/yC8LdjgYYJ2oU/aw5/HyOgiQ0z4n9UfQ7j+nHysY9CQb1b3guX7yjJoc3KpNXCXEztuIRHjFD1EP8NRTSmGjsa/VjLmTLSsqjD+7IE5mT0tO5RJvmagDgdJSr/iR5D9zjW7hx7ttvektrlp9g0v3CiCFVaW4l95hGYT0HaNBLJ5R0YHm0lD+Q=="; }; fastpoke = { dc = "lass"; diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix index 6c943de8f..6fd1c4224 100644 --- a/krebs/3modules/tv/default.nix +++ b/krebs/3modules/tv/default.nix @@ -159,7 +159,7 @@ with lib; }; secure = true; ssh.privkey.path = <secrets/ssh.id_ed25519>; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILMPMh3nHxVcPqM+LrkK7eYxNJY1ShBXOTg1vlSR45wx"; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMIHmwXHV7E9UGuk4voVCADjlLkyygqNw054jvrsPn5t root@nomic"; }; ok = { nets = { @@ -277,7 +277,8 @@ with lib; }; }; secure = true; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID554niVFWomJjuSuQoiCdMUYrCFPpPzQuaoXXYYDxlw"; + ssh.privkey.path = <secrets/ssh.id_ed25519>; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPnjfceKuHNQu7S4eYFN1FqgzMqiL7haNZMh2ZLhvuhK root@xu"; }; }; users = addNames rec { diff --git a/krebs/4lib/default.nix b/krebs/4lib/default.nix index 396307c22..1cabeae27 100644 --- a/krebs/4lib/default.nix +++ b/krebs/4lib/default.nix @@ -3,7 +3,7 @@ with builtins; with lib; -rec { +let out = rec { eq = x: y: x == y; @@ -14,7 +14,10 @@ rec { types = import ./types.nix { inherit lib; }; + dir.has-default-nix = path: pathExists (path + "/default.nix"); + dns = import ./dns.nix { inherit lib; }; + git = import ./git.nix { lib = lib // out; }; listset = import ./listset.nix { inherit lib; }; shell = import ./shell.nix { inherit lib; }; tree = import ./tree.nix { inherit lib; }; @@ -28,4 +31,8 @@ rec { subdirsOf = path: mapAttrs (name: _: path + "/${name}") (filterAttrs (_: eq "directory") (readDir path)); -} + + mapAttrValues = f: mapAttrs (_: f); + setAttr = name: value: set: set // { ${name} = value; }; + +}; in out diff --git a/krebs/4lib/git.nix b/krebs/4lib/git.nix new file mode 100644 index 000000000..d50ba2018 --- /dev/null +++ b/krebs/4lib/git.nix @@ -0,0 +1,42 @@ +{ lib, ... }: + +let + inherit (lib) addNames escapeShellArg makeSearchPath optionalString; + + commands = addNames { + git-receive-pack = {}; + git-upload-pack = {}; + }; + + receive-modes = addNames { + fast-forward = {}; + non-fast-forward = {}; + create = {}; + delete = {}; + merge = {}; # TODO implement in git.nix + }; + + permissions = { + fetch = { + allow-commands = [ + commands.git-upload-pack + ]; + }; + + push = ref: extra-modes: { + allow-commands = [ + commands.git-receive-pack + commands.git-upload-pack + ]; + allow-receive-ref = ref; + allow-receive-modes = [ receive-modes.fast-forward ] ++ extra-modes; + }; + }; + + refs = { + master = "refs/heads/master"; + all-heads = "refs/heads/*"; + }; + +in +commands // receive-modes // permissions // refs diff --git a/krebs/5pkgs/git-hooks/default.nix b/krebs/5pkgs/git-hooks/default.nix new file mode 100644 index 000000000..5697c31be --- /dev/null +++ b/krebs/5pkgs/git-hooks/default.nix @@ -0,0 +1,168 @@ +{ lib, pkgs, ... }: + +with lib; + +let + out = { + inherit irc-announce; + }; + + # TODO irc-announce should return a derivation + irc-announce = { nick, channel, server, port ? 6667, verbose ? false }: '' + #! /bin/sh + set -euf + + export PATH=${makeSearchPath "bin" (with pkgs; [ + coreutils + git + gnused + ])} + + green() { printf '\x0303,99%s\x0F' "$1"; } + red() { printf '\x0304,99%s\x0F' "$1"; } + orange() { printf '\x0307,99%s\x0F' "$1"; } + pink() { printf '\x0313,99%s\x0F' "$1"; } + gray() { printf '\x0314,99%s\x0F' "$1"; } + + unset message + add_message() { + message="''${message+$message + }$*" + } + + nick=${escapeShellArg nick} + channel=${escapeShellArg channel} + server=${escapeShellArg server} + port=${toString port} + + host=$nick + cgit_endpoint=http://cgit.$host + + empty=0000000000000000000000000000000000000000 + + while read oldrev newrev ref; do + + if [ $oldrev = $empty ]; then + receive_mode=create + elif [ $newrev = $empty ]; then + receive_mode=delete + elif [ "$(git merge-base $oldrev $newrev)" = $oldrev ]; then + receive_mode=fast-forward + else + receive_mode=non-fast-forward + fi + + h=$(echo $ref | sed 's:^refs/heads/::') + + # empty_tree=$(git hash-object -t tree /dev/null) + empty_tree=4b825dc6 + + id=$(echo $newrev | cut -b-7) + id2=$(echo $oldrev | cut -b-7) + if [ $newrev = $empty ]; then id=$empty_tree; fi + if [ $oldrev = $empty ]; then id2=$empty_tree; fi + + case $receive_mode in + create) + link="$cgit_endpoint/$GIT_SSH_REPO/?h=$h" + ;; + delete) + link="$cgit_endpoint/$GIT_SSH_REPO/ ($h)" + ;; + fast-forward|non-fast-forward) + link="$cgit_endpoint/$GIT_SSH_REPO/diff/?h=$h&id=$id&id2=$id2" + ;; + esac + + #$host $GIT_SSH_REPO $ref $link + add_message $(pink push) $link $(gray "($receive_mode)") + + ${optionalString verbose '' + add_message "$( + git log \ + --format="$(orange %h) %s $(gray '(%ar)')" \ + --reverse \ + $id2..$id + + git diff --stat $id2..$id \ + | sed '$!s/\(+*\)\(-*\)$/'$(green '\1')$(red '\2')'/' + )" + ''} + + done + + if test -n "''${message-}"; then + exec ${irc-announce-script} \ + "$server" \ + "$port" \ + "$nick" \ + "$channel" \ + "$message" + fi + ''; + + irc-announce-script = pkgs.writeScript "irc-announce-script" '' + #! /bin/sh + set -euf + + export PATH=${makeSearchPath "bin" (with pkgs; [ + coreutils + gawk + gnused + netcat + nettools + ])} + + IRC_SERVER=$1 + IRC_PORT=$2 + IRC_NICK=$3$$ + IRC_CHANNEL=$4 + message=$5 + + export IRC_CHANNEL # for privmsg_cat + + # echo2 and cat2 are used output to both, stdout and stderr + # This is used to see what we send to the irc server. (debug output) + echo2() { echo "$*"; echo "$*" >&2; } + cat2() { tee /dev/stderr; } + + # privmsg_cat transforms stdin to a privmsg + privmsg_cat() { awk '{ print "PRIVMSG "ENVIRON["IRC_CHANNEL"]" :"$0 }'; } + + # ircin is used to feed the output of netcat back to the "irc client" + # so we can implement expect-like behavior with sed^_^ + # XXX mkselfdestructingtmpfifo would be nice instead of this cruft + tmpdir="$(mktemp -d irc-announce_XXXXXXXX)" + cd "$tmpdir" + mkfifo ircin + trap " + rm ircin + cd '$OLDPWD' + rmdir '$tmpdir' + trap - EXIT INT QUIT + " EXIT INT QUIT + + { + echo2 "USER $LOGNAME 0 * :$LOGNAME@$(hostname)" + echo2 "NICK $IRC_NICK" + + # wait for MODE message + sed -n '/^:[^ ]* MODE /q' + + echo2 "JOIN $IRC_CHANNEL" + + printf '%s' "$message" \ + | privmsg_cat \ + | cat2 + + echo2 "PART $IRC_CHANNEL" + + # wait for PART confirmation + sed -n '/:'"$IRC_NICK"'![^ ]* PART /q' + + echo2 'QUIT :Gone to have lunch' + } < ircin \ + | nc "$IRC_SERVER" "$IRC_PORT" | tee -a ircin + ''; + +in out diff --git a/krebs/5pkgs/haskell-overrides/xmonad-stockholm.nix b/krebs/5pkgs/haskell-overrides/xmonad-stockholm.nix new file mode 100644 index 000000000..5c6f068e7 --- /dev/null +++ b/krebs/5pkgs/haskell-overrides/xmonad-stockholm.nix @@ -0,0 +1,16 @@ +{ mkDerivation, base, containers, fetchgit, stdenv, X11, X11-xshape +, xmonad, xmonad-contrib +}: +mkDerivation { + pname = "xmonad-stockholm"; + version = "1.0.0"; + src = fetchgit { + url = "http://cgit.cd/xmonad-stockholm"; + sha256 = "35dda5d16acc90af94ae2fae10ab5cc2d5b450c3f1ff2e7f515ac53877269abf"; + rev = "2dbefe42fc5cfe9093465bf3e22ba8f82feeef6e"; + }; + libraryHaskellDepends = [ + base containers X11 X11-xshape xmonad xmonad-contrib + ]; + license = stdenv.lib.licenses.mit; +} diff --git a/krebs/5pkgs/push/default.nix b/krebs/5pkgs/push/default.nix index 410b43465..bc5c030a0 100644 --- a/krebs/5pkgs/push/default.nix +++ b/krebs/5pkgs/push/default.nix @@ -9,12 +9,12 @@ , ... }: stdenv.mkDerivation { - name = "push-1.1.0"; + name = "push-1.1.1"; src = fetchgit { url = http://cgit.cd.retiolum/push; - rev = "c5f4bda5bd00bad7778bbd5a9af8d476de0de920"; - sha256 = "d335b644b791214263cee5c6659538c8e45326531b0588e5e7eb3bd9ef969800"; + rev = "ea8b76569c6b226fe148e559477669b095408472"; + sha256 = "c305a1515d30603f6ed825d44487e863fdc7d90400620ceaf2c335a3b5d1e221"; }; phases = [ @@ -45,4 +45,3 @@ stdenv.mkDerivation { chmod +x $out/bin/push ''; } - diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index b0b8ff573..7db3f8333 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -156,6 +156,7 @@ get genid teamspeak_client + hashPassword ]; #TODO: fix this shit diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index 570cdfb7c..87334c3c2 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -8,6 +8,8 @@ in { imports = [ ../2configs/base.nix ../2configs/downloading.nix + ../2configs/git.nix + ../2configs/ts3.nix { users.extraGroups = { # ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories @@ -82,6 +84,9 @@ in { #workaround for server dying after 6-7h boot.kernelPackages = pkgs.linuxPackages_4_2; } + { + nixpkgs.config.allowUnfree = true; + } ]; krebs.build.host = config.krebs.hosts.prism; diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix index 057af7bc4..11bc4f089 100644 --- a/lass/2configs/base.nix +++ b/lass/2configs/base.nix @@ -15,8 +15,8 @@ with lib; { users.extraUsers = { root = { - openssh.authorizedKeys.keys = map readFile [ - ../../krebs/Zpubkeys/lass.ssh.pub + openssh.authorizedKeys.keys = [ + config.krebs.users.lass.pubkey ]; }; mainUser = { @@ -28,8 +28,8 @@ with lib; useDefaultShell = true; extraGroups = [ ]; - openssh.authorizedKeys.keys = map readFile [ - ../../krebs/Zpubkeys/lass.ssh.pub + openssh.authorizedKeys.keys = [ + config.krebs.users.lass.pubkey ]; }; }; diff --git a/lass/2configs/downloading.nix b/lass/2configs/downloading.nix index 553a3a557..e80b74007 100644 --- a/lass/2configs/downloading.nix +++ b/lass/2configs/downloading.nix @@ -1,7 +1,10 @@ { config, lib, pkgs, ... }: with lib; -{ + +let + rpc-password = import <secrets/transmission-pw.nix>; +in { imports = [ ../3modules/folderPerms.nix ]; @@ -15,8 +18,8 @@ with lib; extraGroups = [ "download" ]; - openssh.authorizedKeys.keys = map readFile [ - ../../krebs/Zpubkeys/lass.ssh.pub + openssh.authorizedKeys.keys = [ + config.krebs.users.lass.pubkey ]; }; @@ -46,8 +49,7 @@ with lib; rpc-authentication-required = true; rpc-whitelist-enabled = false; rpc-username = "download"; - #add rpc-password in secrets - rpc-password = "test123"; + inherit rpc-password; peer-port = 51413; }; }; diff --git a/lass/2configs/ts3.nix b/lass/2configs/ts3.nix new file mode 100644 index 000000000..5b92d0919 --- /dev/null +++ b/lass/2configs/ts3.nix @@ -0,0 +1,19 @@ +{ config, ... }: + +{ + services.teamspeak3 = { + enable = true; + }; + + krebs.iptables.tables.filter.INPUT.rules = [ + #voice port + { predicate = "-p tcp --dport 9987"; target = "ACCEPT"; } + { predicate = "-p udp --dport 9987"; target = "ACCEPT"; } + ##file transfer port + #{ predicate = "-p tcp --dport 30033"; target = "ACCEPT"; } + #{ predicate = "-p udp --dport 30033"; target = "ACCEPT"; } + ##query port + #{ predicate = "-p tcp --dport 10011"; target = "ACCEPT"; } + #{ predicate = "-p udp --dport 10011"; target = "ACCEPT"; } + ]; +} diff --git a/null/default.nix b/null/default.nix new file mode 100644 index 000000000..2eb33a153 --- /dev/null +++ b/null/default.nix @@ -0,0 +1 @@ +_:{} diff --git a/tv/1systems/cd.nix b/tv/1systems/cd.nix index 126c6feb5..8c2a9ae43 100644 --- a/tv/1systems/cd.nix +++ b/tv/1systems/cd.nix @@ -4,23 +4,8 @@ with lib; { krebs.build.host = config.krebs.hosts.cd; - krebs.build.user = config.krebs.users.tv; - krebs.build.target = "root@cd.internet"; - krebs.build.source = { - git.nixpkgs = { - url = https://github.com/NixOS/nixpkgs; - rev = "c44a593aa43bba6a0708f6f36065a514a5110613"; - }; - dir.secrets = { - path = "/home/tv/secrets/cd"; - }; - dir.stockholm = { - path = "/home/tv/stockholm"; - }; - }; - imports = [ ../2configs/hw/CAC-Developer-2.nix ../2configs/fs/CAC-CentOS-7-64bit.nix @@ -115,7 +100,6 @@ with lib; iftop iotop iptables - mutt # for mv nethogs ntp # ntpate rxvt_unicode.terminfo @@ -126,17 +110,4 @@ with lib; SystemMaxUse=1G RuntimeMaxUse=128M ''; - - users.extraUsers = { - mv = { - uid = 1338; - group = "users"; - home = "/home/mv"; - createHome = true; - useDefaultShell = true; - openssh.authorizedKeys.keys = [ - config.krebs.users.mv.pubkey - ]; - }; - }; } diff --git a/tv/1systems/mkdir.nix b/tv/1systems/mkdir.nix index 55d83f8f3..9d8a0bcfa 100644 --- a/tv/1systems/mkdir.nix +++ b/tv/1systems/mkdir.nix @@ -17,23 +17,8 @@ in { krebs.build.host = config.krebs.hosts.mkdir; - krebs.build.user = config.krebs.users.tv; - krebs.build.target = "root@${primary-addr4}"; - krebs.build.source = { - git.nixpkgs = { - url = https://github.com/NixOS/nixpkgs; - rev = "c44a593aa43bba6a0708f6f36065a514a5110613"; - }; - dir.secrets = { - path = "/home/tv/secrets/mkdir"; - }; - dir.stockholm = { - path = "/home/tv/stockholm"; - }; - }; - imports = [ ../2configs/hw/CAC-Developer-1.nix ../2configs/fs/CAC-CentOS-7-64bit.nix diff --git a/tv/1systems/nomic.nix b/tv/1systems/nomic.nix index c2bb4dc78..0c6c935a3 100644 --- a/tv/1systems/nomic.nix +++ b/tv/1systems/nomic.nix @@ -4,23 +4,9 @@ with lib; { krebs.build.host = config.krebs.hosts.nomic; - krebs.build.user = config.krebs.users.tv; krebs.build.target = "root@nomic.gg23"; - krebs.build.source = { - git.nixpkgs = { - url = https://github.com/NixOS/nixpkgs; - rev = "c44a593aa43bba6a0708f6f36065a514a5110613"; - }; - dir.secrets = { - path = "/home/tv/secrets/nomic"; - }; - dir.stockholm = { - path = "/home/tv/stockholm"; - }; - }; - imports = [ ../2configs/hw/AO753.nix #../2configs/consul-server.nix diff --git a/tv/1systems/rmdir.nix b/tv/1systems/rmdir.nix index 53f14d7df..1f1d975c9 100644 --- a/tv/1systems/rmdir.nix +++ b/tv/1systems/rmdir.nix @@ -17,23 +17,9 @@ in { krebs.build.host = config.krebs.hosts.rmdir; - krebs.build.user = config.krebs.users.tv; krebs.build.target = "root@rmdir.internet"; - krebs.build.source = { - git.nixpkgs = { - url = https://github.com/NixOS/nixpkgs; - rev = "c44a593aa43bba6a0708f6f36065a514a5110613"; - }; - dir.secrets = { - path = "/home/tv/secrets/rmdir"; - }; - dir.stockholm = { - path = "/home/tv/stockholm"; - }; - }; - imports = [ ../2configs/hw/CAC-Developer-1.nix ../2configs/fs/CAC-CentOS-7-64bit.nix diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix index 33292c608..3fa5481e2 100644 --- a/tv/1systems/wu.nix +++ b/tv/1systems/wu.nix @@ -4,24 +4,6 @@ with lib; { krebs.build.host = config.krebs.hosts.wu; - krebs.build.user = config.krebs.users.tv; - - krebs.build.target = "root@wu"; - - krebs.build.source = { - git.nixpkgs = { - url = https://github.com/NixOS/nixpkgs; - rev = "c44a593aa43bba6a0708f6f36065a514a5110613"; - target-path = "/var/src/nixpkgs"; - }; - dir.secrets = { - path = "/home/tv/secrets/wu"; - }; - dir.stockholm = { - path = "/home/tv/stockholm"; - target-path = "/var/src/stockholm"; - }; - }; imports = [ ../2configs/hw/w110er.nix @@ -29,7 +11,6 @@ with lib; ../2configs/git.nix ../2configs/mail-client.nix ../2configs/xserver - ../2configs/z.nix { environment.systemPackages = with pkgs; [ @@ -62,31 +43,24 @@ with lib; bind # dig cac dic - ff file get - gitAndTools.qgit gnupg21 haskellPackages.hledger htop jq manpages mkpasswd - mpv netcat nix-repl nmap nq p7zip - pavucontrol posix_man_pages - pssh push qrencode - sxiv texLive tmux - zathura #ack #apache-httpd @@ -145,6 +119,8 @@ with lib; #xkill #xl2tpd #xsel + + unison ]; } { @@ -180,122 +156,6 @@ with lib; ]; }; } - { - users.extraGroups = { - tv.gid = 1337; - slaves.gid = 3799582008; # genid slaves - }; - - users.extraUsers = - mapAttrs (name: user@{ extraGroups ? [], ... }: user // { - inherit name; - home = "/home/${name}"; - createHome = true; - useDefaultShell = true; - group = "tv"; - extraGroups = ["slaves"] ++ extraGroups; - }) { - ff = { - uid = 13378001; - extraGroups = [ - "audio" - "video" - ]; - }; - - cr = { - uid = 13378002; - extraGroups = [ - "audio" - "video" - ]; - }; - - fa = { - uid = 2300001; - }; - - rl = { - uid = 2 |