Add "pub" user

[perso/Immae/Config/Nix.git] / nixops / modules / pub / default.nix

diff --git a/nixops/modules/pub/default.nix b/nixops/modules/pub/default.nix
new file mode 100644 (file)
index 0000000..59263ad
--- /dev/null
+++ b/nixops/modules/pub/default.nix
@@ -0,0 +1,44 @@
+{ lib, pkgs, config, myconfig, mylibs, ... }:
+{
+  options = {
+    services.pub.enable = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      description = ''
+        Whether to enable pub user.
+      '';
+    };
+  };
+
+  config = lib.mkIf config.services.pub.enable {
+    users.users.pub = let
+      restrict = pkgs.runCommand "restrict" { 
+        file = ./restrict;
+        buildInputs = [ pkgs.makeWrapper ];
+      } ''
+        mkdir -p $out/bin
+        cp $file $out/bin/restrict
+        chmod a+x $out/bin/restrict
+        patchShebangs $out/bin/restrict
+        wrapProgram $out/bin/restrict \
+          --prefix PATH : ${lib.makeBinPath [ pkgs.bubblewrap pkgs.rrsync ]} \
+          --set TMUX_RESTRICT ${./tmux.restrict.conf}
+      '';
+    in {
+      createHome = true;
+      description = "Restricted shell user";
+      home = "/var/lib/pub";
+      uid = myconfig.env.users.pub.uid;
+      useDefaultShell = true;
+      packages = [
+        restrict
+        pkgs.tmux
+        (pkgs.pidgin.override { plugins = [
+          pkgs.purple-plugin-pack pkgs.purple-hangouts
+          pkgs.purple-discord pkgs.purple-facebook
+          pkgs.telegram-purple
+        ]; })
+        ];
+    };
+  };
+}