From 7ac2f2dc324bec0f080bd1fc42dabb4f573b3f6a Mon Sep 17 00:00:00 2001
From: Stefan Junker <mail@stefanjunker.de>
Date: Wed, 27 Nov 2019 18:54:18 +0100
Subject: [PATCH] nix/os/devices/steveej-t480s-work/user: experiment with
 podman login shell

---
 .../steveej-t480s-work/configuration.nix      |  1 +
 nix/os/devices/steveej-t480s-work/user.nix    | 27 +++++++++++++++++++
 nix/os/profiles/common/user.nix               |  3 +++
 nix/os/profiles/podman/configuration.nix      |  7 -----
 4 files changed, 31 insertions(+), 7 deletions(-)
 create mode 100644 nix/os/devices/steveej-t480s-work/user.nix

diff --git a/nix/os/devices/steveej-t480s-work/configuration.nix b/nix/os/devices/steveej-t480s-work/configuration.nix
index 17a021d..5b6e97a 100644
--- a/nix/os/devices/steveej-t480s-work/configuration.nix
+++ b/nix/os/devices/steveej-t480s-work/configuration.nix
@@ -15,6 +15,7 @@
     ./system.nix
     ./hw.nix
     ./pkg.nix
+    ./user.nix
 
     ../../profiles/podman/configuration.nix
   ];
diff --git a/nix/os/devices/steveej-t480s-work/user.nix b/nix/os/devices/steveej-t480s-work/user.nix
new file mode 100644
index 0000000..0defb97
--- /dev/null
+++ b/nix/os/devices/steveej-t480s-work/user.nix
@@ -0,0 +1,27 @@
+{ config
+, pkgs
+, ... }:
+
+let
+  passwords = import ../../../variables/passwords.crypt.nix;
+  keys = import ../../../variables/keys.nix;
+  inherit (import ../../lib/default.nix { }) mkUser;
+
+in {
+  users.extraUsers.steveej2 = mkUser {
+    uid = 1001;
+    openssh.authorizedKeys.keys = keys.users.steveej.openssh;
+
+    subUidRanges = [{ startUid = 200000; count = 100000; }];
+    subGidRanges = [{ startGid = 200000; count = 100000; }];
+  };
+
+  users.extraUsers.steveej3 = mkUser {
+    uid = 1002;
+    openssh.authorizedKeys.keys = keys.users.steveej.openssh;
+    shell = pkgs.posh { image = "quay.io/enarx/fedora"; };
+
+    subUidRanges = [{ startUid = 300000; count = 100000; }];
+    subGidRanges = [{ startGid = 300000; count = 100000; }];
+  };
+}
diff --git a/nix/os/profiles/common/user.nix b/nix/os/profiles/common/user.nix
index 673bc49..8b10967 100644
--- a/nix/os/profiles/common/user.nix
+++ b/nix/os/profiles/common/user.nix
@@ -11,6 +11,9 @@ in {
   users.extraUsers.root = mkRoot { };
   users.extraUsers.steveej = mkUser {
     uid = 1000;
+
+    subUidRanges = [{ startUid = 100000; count = 100000; }];
+    subGidRanges = [{ startGid = 100000; count = 100000; }];
   };
 
   security.pam.u2f.enable = true;
diff --git a/nix/os/profiles/podman/configuration.nix b/nix/os/profiles/podman/configuration.nix
index 3d2b3a7..d15563e 100644
--- a/nix/os/profiles/podman/configuration.nix
+++ b/nix/os/profiles/podman/configuration.nix
@@ -177,11 +177,4 @@
       "${pkgs.runc}/bin/runc"
     ]
 '';
-
-  environment.etc."subuid".text = ''
-    steveej:10000:65536
-  '';
-  environment.etc."subgid".text = ''
-    steveej:10000:65536
-  '';
 }