hosts/mermet/users/julm.nix

   1 { lib, config, ... }:
   2 let
   3   inherit (config.users) users;
   4 in
   5 {
   6   imports = [
   7     ../../../users/julm.nix
   8   ];
   9
  10   users.users.julm = {
  11     hashedPassword = lib.readFile julm/hashedPassword.clear;
  12     openssh.authorizedKeys.keys = map lib.readFile [
  13       ../../../users/julm/ssh/mob.pub
  14       ../../../users/julm/ssh/losurdo.pub
  15     ];
  16     extraGroups = [
  17       "tor"
  18       "wheel"
  19     ];
  20   };
  21
  22   users.users.root.openssh.authorizedKeys.keys =
  23     map lib.readFile [
  24       ../../../users/julm/ssh/gnupg.pub
  25       ../../../users/julm/ssh/losurdo.pub
  26       ../../../users/julm/ssh/oignon.pub
  27     ];
  28
  29   nix.settings.trusted-users = [
  30     users."julm".name
  31   ];
  32
  33   services.sanoid.datasets = {
  34     "rpool/home/julm/mail" = {
  35       use_template = [ "snap" ];
  36       # Not until https://github.com/jimsalterjrs/sanoid/pull/342#issuecomment-980494511 has been fixed
  37       #hourly = 12;
  38       daily = 7;
  39     };
  40     "rpool/home/julm/log" = {
  41       use_template = [ "snap" ];
  42       # Not until https://github.com/jimsalterjrs/sanoid/pull/342#issuecomment-980494511 has been fixed
  43       #hourly = 12;
  44       daily = 7;
  45       monthly = 1;
  46     };
  47     "rpool/backup/losurdo/home/julm/work" = {
  48       use_template = [ "prune" ];
  49       daily = 31;
  50     };
  51   };
  52
  53   networking.nftables.ruleset = ''
  54     table inet filter {
  55       chain output-net-julm {
  56         tcp dport {smtp, submissions} counter accept comment "SMTP"
  57         tcp dport nicname counter accept comment "Whois"
  58         tcp dport imaps counter accept comment "IMAPS"
  59         tcp dport ircs-u counter accept comment "IRCS"
  60         tcp dport 2222 counter accept comment "SSH(boot)"
  61         tcp dport xmpp-client counter accept comment "XMPP"
  62         tcp dport hkp counter accept comment "HKP"
  63         tcp dport {9009,9010,9011,9012,9013} counter accept comment "croc"
  64         udp dport 33434-33523 counter accept comment "traceroute"
  65         udp dport 60000-61000 counter accept comment "Mosh"
  66       }
  67       chain output-net {
  68         skuid ${users.julm.name} jump output-net-julm
  69       }
  70     }
  71   '';
  72 }