Align Burrow operator access on forge

2026-04-18 17:09:20 -07:00 · 2026-04-18 17:09:20 -07:00 · 4f88f0b1e0
commit 4f88f0b1e0
parent abd5a35970
2 changed files with 13 additions and 0 deletions
--- a/contributors.nix
+++ b/contributors.nix
@ -38,6 +38,8 @@
      bootstrapAuthentik = true;
      roles = [
        "member"
+        "operator"
+        "forge-admin"
      ];
    };

@ -50,6 +52,7 @@
      roles = [
        "member"
        "operator"
+        "forge-admin"
      ];
    };

--- a/nixos/hosts/burrow-forge/default.nix
+++ b/nixos/hosts/burrow-forge/default.nix
@ -18,6 +18,15 @@ let
      }
    )
    (lib.filterAttrs (_: identity: identity.bootstrapAuthentik or false) identities);
+  headscaleBootstrapUsers = lib.mapAttrsToList
+    (
+      username: identity: {
+        name = username;
+        displayName = identity.displayName;
+        email = identity.canonicalEmail;
+      }
+    )
+    (lib.filterAttrs (_: identity: identity.bootstrapAuthentik or false) identities);
  forgeAuthorizedKeys = map
    (username: builtins.readFile identities.${username}.sshPublicKeyPath)
    (builtins.attrNames (lib.filterAttrs (_: identity: identity.forgeAuthorized or false) identities));
@ -173,5 +182,6 @@ in
  services.burrow.headscale = {
    enable = true;
    oidcClientSecretFile = config.age.secrets.burrowHeadscaleOidcClientSecret.path;
+    bootstrapUsers = headscaleBootstrapUsers;
  };
 }