nix/os/devices/steveej-t480s-work/user: experiment with podman login shell

2019-11-27 18:54:18 +01:00 · 2019-11-27 18:54:18 +01:00 · 7ac2f2dc32
commit 7ac2f2dc32
parent 352a0ed5e1
4 changed files with 31 additions and 7 deletions
--- a/nix/os/devices/steveej-t480s-work/configuration.nix
+++ b/nix/os/devices/steveej-t480s-work/configuration.nix
@ -15,6 +15,7 @@
    ./system.nix
    ./hw.nix
    ./pkg.nix
+    ./user.nix

    ../../profiles/podman/configuration.nix
  ];
--- a/nix/os/devices/steveej-t480s-work/user.nix
+++ b/nix/os/devices/steveej-t480s-work/user.nix
@ -0,0 +1,27 @@
+{ config
+, pkgs
+, ... }:
+
+let
+  passwords = import ../../../variables/passwords.crypt.nix;
+  keys = import ../../../variables/keys.nix;
+  inherit (import ../../lib/default.nix { }) mkUser;
+
+in {
+  users.extraUsers.steveej2 = mkUser {
+    uid = 1001;
+    openssh.authorizedKeys.keys = keys.users.steveej.openssh;
+
+    subUidRanges = [{ startUid = 200000; count = 100000; }];
+    subGidRanges = [{ startGid = 200000; count = 100000; }];
+  };
+
+  users.extraUsers.steveej3 = mkUser {
+    uid = 1002;
+    openssh.authorizedKeys.keys = keys.users.steveej.openssh;
+    shell = pkgs.posh { image = "quay.io/enarx/fedora"; };
+
+    subUidRanges = [{ startUid = 300000; count = 100000; }];
+    subGidRanges = [{ startGid = 300000; count = 100000; }];
+  };
+}
--- a/nix/os/profiles/common/user.nix
+++ b/nix/os/profiles/common/user.nix
@ -11,6 +11,9 @@ in {
  users.extraUsers.root = mkRoot { };
  users.extraUsers.steveej = mkUser {
    uid = 1000;
+
+    subUidRanges = [{ startUid = 100000; count = 100000; }];
+    subGidRanges = [{ startGid = 100000; count = 100000; }];
  };

  security.pam.u2f.enable = true;
--- a/nix/os/profiles/podman/configuration.nix
+++ b/nix/os/profiles/podman/configuration.nix
@ -177,11 +177,4 @@
      "${pkgs.runc}/bin/runc"
    ]
 '';
-
-  environment.etc."subuid".text = ''
-    steveej:10000:65536
-  '';
-  environment.etc."subgid".text = ''
-    steveej:10000:65536
-  '';
 }