nix/machines
1
0
Fork 0
Code Issues Releases Packages Activity Actions

Attempt to fix some random bugs
All checks were successful
/ dev-shell (push) Successful in 30s
Details
/ rust-packages (push) Successful in 37s
Details
/ check (push) Successful in 1m13s
Details
/ terraform-providers (push) Successful in 1m1s
Details
/ systems (push) Successful in 3m34s
Details

Browse source
This commit is contained in:
Kaare Hoff Skovgaard 2025-07-19 22:46:51 +02:00
parent 293dbdab94
commit ac1c6adc75
Signed by: khs
GPG key ID: C7D890804F01E9F0
1 changed files with 9 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

11
nix/modules/nixos/infrastructure/vault-server-approle/unix-user.nix
View file

@ -15,14 +15,21 @@ let
pkgs.uutils-coreutils-noprefix pkgs.uutils-coreutils-noprefix
]; ];
text = '' text = ''
owner_id="$(stat -c "%u" /run/unix-users/khs)"
group_id="$(stat -c "%g" /run/unix-users/khs)"
if [[ "$owner_id" != "0" || "$group_id" != "0" ]]; then
>&2 echo "Not setting password due to bad ownership"
exit 1
fi
hashed_passwd="$(cat /run/unix-users/khs)" hashed_passwd="$(cat /run/unix-users/khs)"
usermod --password "$hashed_passwd" khs usermod --password "$hashed_passwd" khs
''; '';
}; };
in in
{ {
config = lib.mkIf cfg.enable { config = lib.mkIf (cfg.enable && (userExists "khs")) {
khscodes.infrastructure.vault-server-approle.policy = lib.mkIf (userExists "khs") { khscodes.infrastructure.vault-server-approle.policy = {
"unix-users/data/khs/password" = { "unix-users/data/khs/password" = {
capabilities = [ "read" ]; capabilities = [ "read" ];
}; };