From fb86a62e4bee9ac7f8ff7bfc0a034793c87fd1cf Mon Sep 17 00:00:00 2001
From: Ben Sima <ben@bsima.me>
Date: Fri, 5 Jul 2019 18:26:10 -0700
Subject: refactor user keys, and add deploy user

---
 depo/users.nix | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

(limited to 'depo/users.nix')

diff --git a/depo/users.nix b/depo/users.nix
index 4d81ac8..9093566 100644
--- a/depo/users.nix
+++ b/depo/users.nix
@@ -1,18 +1,30 @@
 { ... }:
 
+let
+  key = f: builtins.readFile (../keys/. + ("/" + f));
+in
 {
   users = {
     users = {
+      # bots
+      deploy = {
+        isSystemUser = true;
+        openssh.authorizedKeys.keys = [ (key "deploy.pub") ];
+        extraGroups = [ "wheel" ];
+      };
+
+      # humans
+      root.openssh.authorizedKeys.keys = [ (key "ben.pub") ];
       ben = {
         isNormalUser = true;
         home = "/home/ben";
-        openssh.authorizedKeys.keys = [(builtins.readFile ../keys/ben.pub)];
+        openssh.authorizedKeys.keys = [ (key "ben.pub") ];
         extraGroups = [ "wheel" "networkmanager" "docker" ];
       };
       nick = {
         isNormalUser = true;
         home = "/home/nick";
-        openssh.authorizedKeys.keys = [(builtins.readFile ../keys/nick.pub)];
+        openssh.authorizedKeys.keys = [ (key "nick.pub") ];
         extraGroups = [ "docker" ];
       };
     };
-- 
cgit v1.2.3