refactor user keys, and add deploy user

author: Ben Sima <ben@bsima.me> 2019-07-05 18:26:10 -0700
committer: Ben Sima <ben@bsima.me> 2019-07-05 19:05:12 -0700
commit: fb86a62e4bee9ac7f8ff7bfc0a034793c87fd1cf (patch)
tree: d38a8a1c4cc80d75b2720db02559faaee56d0aa8 /depo/users.nix
parent: f00b77cdb5c46f4c95559539145d24392c1622f8 (diff)
1 files changed, 14 insertions, 2 deletions
diff --git a/depo/users.nix b/depo/users.nix
index 4d81ac8..9093566 100644
--- a/depo/users.nix
+++ b/depo/users.nix
@@ -1,18 +1,30 @@
 { ... }:
 
+let
+  key = f: builtins.readFile (../keys/. + ("/" + f));
+in
 {
   users = {
     users = {
+      # bots
+      deploy = {
+        isSystemUser = true;
+        openssh.authorizedKeys.keys = [ (key "deploy.pub") ];
+        extraGroups = [ "wheel" ];
+      };
+
+      # humans
+      root.openssh.authorizedKeys.keys = [ (key "ben.pub") ];
       ben = {
         isNormalUser = true;
         home = "/home/ben";
-        openssh.authorizedKeys.keys = [(builtins.readFile ../keys/ben.pub)];
+        openssh.authorizedKeys.keys = [ (key "ben.pub") ];
         extraGroups = [ "wheel" "networkmanager" "docker" ];
       };
       nick = {
         isNormalUser = true;
         home = "/home/nick";
-        openssh.authorizedKeys.keys = [(builtins.readFile ../keys/nick.pub)];
+        openssh.authorizedKeys.keys = [ (key "nick.pub") ];
         extraGroups = [ "docker" ];
       };
     };
author	Ben Sima <ben@bsima.me>	2019-07-05 18:26:10 -0700
committer	Ben Sima <ben@bsima.me>	2019-07-05 19:05:12 -0700
commit	fb86a62e4bee9ac7f8ff7bfc0a034793c87fd1cf (patch)
tree	d38a8a1c4cc80d75b2720db02559faaee56d0aa8 /depo/users.nix
parent	f00b77cdb5c46f4c95559539145d24392c1622f8 (diff)