krebs: extract users into separate module

2 files changed, 21 insertions, 16 deletions

diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index 70fc05813..6c76b48e3 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -56,6 +56,7 @@ let
       ./tinc_graphs.nix
       ./upstream
       ./urlwatch.nix
+      ./users.nix
       ./xresources.nix
       ./zones.nix
     ];
@@ -66,10 +67,6 @@ let
   api = {
     enable = mkEnableOption "krebs";
 
-    users = mkOption {
-      type = with types; attrsOf user;
-    };
-
     sitemap = mkOption {
       default = {};
       type = types.attrsOf types.sitemap.entry;
@@ -112,18 +109,6 @@ let
 
       krebs.dns.search-domain = mkDefault "r";
 
-      krebs.users = {
-        krebs = {
-          home = "/krebs";
-          mail = "spam@krebsco.de";
-        };
-        root = {
-          home = "/root";
-          pubkey = config.krebs.build.host.ssh.pubkey;
-          uid = 0;
-        };
-      };
-
       services.openssh.hostKeys =
         let inherit (config.krebs.build.host.ssh) privkey; in
         mkIf (privkey != null) [privkey];
diff --git a/krebs/3modules/users.nix b/krebs/3modules/users.nix
new file mode 100644
index 000000000..c1ad4b44b
--- /dev/null
+++ b/krebs/3modules/users.nix
@@ -0,0 +1,20 @@
+{ config, ... }: let
+  lib = import ../../lib;
+in {
+  options.krebs.users = lib.mkOption {
+    type = with lib.types; attrsOf user;
+  };
+  config = lib.mkIf config.krebs.enable {
+    krebs.users = {
+      krebs = {
+        home = "/krebs";
+        mail = "spam@krebsco.de";
+      };
+      root = {
+        home = "/root";
+        pubkey = config.krebs.build.host.ssh.pubkey;
+        uid = 0;
+      };
+    };
+  };
+}