Extract common server user accounts

3 files changed, 21 insertions, 23 deletions

diff --git a/tw/system/common.scm b/tw/system/common.scm
index 37dfe2dd..fb8c50f9 100644
--- a/tw/system/common.scm
+++ b/tw/system/common.scm
@@ -6,6 +6,7 @@
   #:use-module (gnu)
   #:use-module (gnu services)
   #:use-module (gnu services vpn)
+  #:use-module (gnu system)
   #:use-module (gnu system keyboard)
   #:use-module (guix gexp))
 
@@ -26,6 +27,23 @@
                     "keypad:oss"
                     "kpdl:kposs")))
 
+(define-public %server-base-user-accounts
+  (cons* (user-account
+          (name "timo")
+          (comment "Timo Wilken")
+          (group "users")
+          (home-directory "/home/timo")
+          (supplementary-groups '("wheel" "netdev" "audio" "video"))
+          (shell (file-append zsh "/bin/zsh")))
+         (user-account   ; needs a matching sudoers entry
+          (system? #t)
+          (name "guixdeploy")
+          (comment "Guix-deploy access")
+          (group "root")
+          (home-directory "/var/empty")
+          (create-home-directory? #f))
+         %base-user-accounts))
+
 (define %wireguard-peers
   `((lap . ,(wireguard-peer
              (name "lap.wg")
diff --git a/tw/system/lud.scm b/tw/system/lud.scm
index 775b3f83..fcf86279 100644
--- a/tw/system/lud.scm
+++ b/tw/system/lud.scm
@@ -357,25 +357,13 @@ innodb_io_capacity = 4000
 
   ;; The list of user accounts ('root' is implicit).
   (users
-   (cons* (user-account
-           (name "timo")
-           (comment "Timo Wilken")
-           (group "users")
-           (home-directory "/home/timo")
-           (supplementary-groups '("wheel" "netdev" "audio" "video"))
-           (shell (file-append zsh "/bin/zsh")))
-          (user-account   ; TODO: merge with "timo"?
+   (cons* (user-account   ; TODO: merge with "timo"?
            (name "timo-phone")
            (comment "Backups of Timo's phone")
            (group "users")
            (home-directory "/var/backups/timo-phone")
            (shell (file-append bash-minimal "/bin/sh")))
           (user-account
-           (name "robin")
-           (comment "Robin Wilken")
-           (group "users")
-           (home-directory "/home/robin"))
-          (user-account
            (name "ira")
            (comment "Ira Wilken")
            (group "users")
@@ -386,7 +374,7 @@ innodb_io_capacity = 4000
            (comment "Syncthing service")
            (group "syncthing")
            (home-directory "/var/data/syncthing"))
-          %base-user-accounts))
+          %server-base-user-accounts))
 
   (groups
    (cons* (user-group  ; This is NOT implict from the "syncthing" user.
diff --git a/tw/system/vin.scm b/tw/system/vin.scm
index 07fa3e05..c3e6ab16 100644
--- a/tw/system/vin.scm
+++ b/tw/system/vin.scm
@@ -85,15 +85,7 @@
           (allow-empty-passwords? #f))))))
 
     ;; The list of user accounts ('root' is implicit).
-    (users
-     (cons* (user-account
-             (name "timo")
-             (comment "Timo Wilken")
-             (group "users")
-             (home-directory "/home/timo")
-             (supplementary-groups '("wheel" "netdev" "audio" "video"))
-             (shell (file-append zsh "/bin/zsh")))
-            %base-user-accounts))
+    (users %server-base-user-accounts)
 
     ;; Use the non-UEFI/legacy BIOS variant of GRUB with the boot header
     ;; installed on the system/root disk.