From ddbba31fe6f153b5341077a04feb3e125280eda5 Mon Sep 17 00:00:00 2001
From: tuxcoder <tuxcoder+git@o-g.at>
Date: Sun, 24 Dec 2023 11:09:41 +0100
Subject: [PATCH] add config for admins

---
 flake.nix                                | 9 ++++++---
 lenticular_cloud/config_development.toml | 3 +++
 lenticular_cloud/model.py                | 3 ++-
 module.nix                               | 5 +++++
 4 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/flake.nix b/flake.nix
index af509e3..e82be9f 100644
--- a/flake.nix
+++ b/flake.nix
@@ -53,9 +53,12 @@
               enable = true;
               domain = "example.com";
               service_domain = "account.example.com";
-              settings.HYDRA_ADMIN_URL = "http://127.0.0.1:8081";
-              settings.HYDRA_PUBLIC_URL = "http://127.0.0.1:8082";
-              settings.PUBLIC_URL = "http://127.0.0.1:5000";
+              settings = {
+                HYDRA_ADMIN_URL = "http://127.0.0.1:8081";
+                HYDRA_PUBLIC_URL = "http://127.0.0.1:8082";
+                PUBLIC_URL = "http://127.0.0.1:5000";
+                ADMINS = [ "tuxcoder" ];
+              };
             };
             services.ory-hydra = {
               enable = true;
diff --git a/lenticular_cloud/config_development.toml b/lenticular_cloud/config_development.toml
index 2b9e941..306e0d9 100644
--- a/lenticular_cloud/config_development.toml
+++ b/lenticular_cloud/config_development.toml
@@ -25,6 +25,9 @@ SUBJECT_PREFIX = 'something random'
 OAUTH_ID = 'identiy_provider'
 OAUTH_SECRET = 'thisIsNotSecure'
 
+ADMINS = [
+    'tuxcoder'
+]
 
 [LENTICULAR_CLOUD_SERVICES.jabber]
 app_token = true
diff --git a/lenticular_cloud/model.py b/lenticular_cloud/model.py
index 72fcb41..acfbf0f 100644
--- a/lenticular_cloud/model.py
+++ b/lenticular_cloud/model.py
@@ -185,7 +185,8 @@ class User(BaseModel, ModelUpdatedMixin):
 
     @property
     def groups(self) -> list['Group']:
-        if self.username == 'tuxcoder':
+        admins = current_app.config['ADMINS']
+        if self.username in admins:
             return [Group(name='admin')]
         else:
             return []
diff --git a/module.nix b/module.nix
index de49f57..947cbd5 100644
--- a/module.nix
+++ b/module.nix
@@ -43,6 +43,11 @@ in
               description = mdDoc "public service url";
               default = "https://${cfg.service_domain}";
             };
+            ADMINS = mkOption {
+              type = types.listOf types.str;
+              description = mdDoc "list of admin users";
+              example = [ "tuxcoder" ];
+            };
             DATA_FOLDER = mkOption {
               type = types.str;
               default = "/var/lib/${cfg.username}";