1 files changed, 44 insertions, 0 deletions
diff --git a/nixops/modules/pub/default.nix b/nixops/modules/pub/default.nix
new file mode 100644
index 0000000..59263ad
--- /dev/null
+++ b/nixops/modules/pub/default.nix
@@ -0,0 +1,44 @@
+{ lib, pkgs, config, myconfig, mylibs, ... }:
+{
+  options = {
+    services.pub.enable = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      description = ''
+        Whether to enable pub user.
+      '';
+    };
+  };
+  config = lib.mkIf config.services.pub.enable {
+    users.users.pub = let
+      restrict = pkgs.runCommand "restrict" { 
+        file = ./restrict;
+        buildInputs = [ pkgs.makeWrapper ];
+      } ''
+        mkdir -p $out/bin
+        cp $file $out/bin/restrict
+        chmod a+x $out/bin/restrict
+        patchShebangs $out/bin/restrict
+        wrapProgram $out/bin/restrict \
+          --prefix PATH : ${lib.makeBinPath [ pkgs.bubblewrap pkgs.rrsync ]} \
+          --set TMUX_RESTRICT ${./tmux.restrict.conf}
+      '';
+    in {
+      createHome = true;
+      description = "Restricted shell user";
+      home = "/var/lib/pub";
+      uid = myconfig.env.users.pub.uid;
+      useDefaultShell = true;
+      packages = [
+        restrict
+        pkgs.tmux
+        (pkgs.pidgin.override { plugins = [
+          pkgs.purple-plugin-pack pkgs.purple-hangouts
+          pkgs.purple-discord pkgs.purple-facebook
+          pkgs.telegram-purple
+        ]; })
+        ];
+    };
+  };
+}

diff --git a/nixops/modules/pub/default.nix b/nixops/modules/pub/default.nix new file mode 100644 index 0000000..59263ad --- /dev/null +++ b/nixops/modules/pub/default.nix
@@ -0,0 +1,44 @@
	1	{ lib, pkgs, config, myconfig, mylibs, ... }:
	2	{
	3	options = {
	4	services.pub.enable = lib.mkOption {
	5	type = lib.types.bool;
	6	default = false;
	7	description = ''
	8	Whether to enable pub user.
	9	'';
	10	};
	11	};
	12
	13	config = lib.mkIf config.services.pub.enable {
	14	users.users.pub = let
	15	restrict = pkgs.runCommand "restrict" {
	16	file = ./restrict;
	17	buildInputs = [ pkgs.makeWrapper ];
	18	} ''
	19	mkdir -p $out/bin
	20	cp $file $out/bin/restrict
	21	chmod a+x $out/bin/restrict
	22	patchShebangs $out/bin/restrict
	23	wrapProgram $out/bin/restrict \
	24	--prefix PATH : ${lib.makeBinPath [ pkgs.bubblewrap pkgs.rrsync ]} \
	25	--set TMUX_RESTRICT ${./tmux.restrict.conf}
	26	'';
	27	in {
	28	createHome = true;
	29	description = "Restricted shell user";
	30	home = "/var/lib/pub";
	31	uid = myconfig.env.users.pub.uid;
	32	useDefaultShell = true;
	33	packages = [
	34	restrict
	35	pkgs.tmux
	36	(pkgs.pidgin.override { plugins = [
	37	pkgs.purple-plugin-pack pkgs.purple-hangouts
	38	pkgs.purple-discord pkgs.purple-facebook
	39	pkgs.telegram-purple
	40	]; })
	41	];
	42	};
	43	};
	44	}