]> Git — Sourcephile - sourcephile-nix.git/blob - hosts/losurdo/users/julm.nix
knot: sourcephile.fr: setup lebureau as a secondary NS
[sourcephile-nix.git] / hosts / losurdo / users / julm.nix
1 { lib, config, ... }:
2 let
3 inherit (config.users) users;
4 in
5 {
6 imports = [
7 ../../../users/julm.nix
8 ];
9
10 users.users.julm = {
11 hashedPassword = lib.readFile julm/hashedPassword.clear;
12 openssh.authorizedKeys.keys = map lib.readFile [
13 ../../../users/julm/ssh/mob.pub
14 ../../../users/julm/ssh/losurdo.pub
15 ];
16 extraGroups = [
17 "adbusers"
18 "dialout"
19 "lp"
20 "networkmanager"
21 "scanner"
22 "tor"
23 "wheel"
24 ];
25 };
26
27 users.users.root.openssh.authorizedKeys.keys =
28 users."julm".openssh.authorizedKeys.keys;
29
30 nix.settings.trusted-users = [
31 users."julm".name
32 ];
33
34 services.sanoid.datasets = {
35 "das1/julm/backup" = {
36 use_template = [ "prune" ];
37 recursive = true;
38 };
39 "das1/julm/perso" = {
40 use_template = [ "snap" ];
41 recursive = true;
42 };
43 "das1/julm/public" = {
44 use_template = [ "snap" ];
45 recursive = true;
46 };
47 };
48
49 networking.nftables.ruleset = ''
50 table inet filter {
51 chain output-net-julm {
52 tcp dport {smtp, submissions} counter accept comment "SMTP"
53 tcp dport nicname counter accept comment "Whois"
54 tcp dport imaps counter accept comment "IMAPS"
55 tcp dport ircs-u counter accept comment "IRCS"
56 tcp dport 2222 counter accept comment "SSH(boot)"
57 tcp dport xmpp-client counter accept comment "XMPP"
58 tcp dport hkp counter accept comment "HKP"
59 tcp dport {9009,9010,9011,9012,9013} counter accept comment "croc"
60 udp dport 33434-33523 counter accept comment "traceroute"
61 udp dport 60000-61000 counter accept comment "Mosh"
62 }
63 chain output-net {
64 skuid ${users.julm.name} jump output-net-julm
65 }
66 }
67 '';
68 }