machines/mermet/users.nix

   1 { pkgs, lib, config, ... }:
   2 let
   3   inherit (builtins) readFile;
   4   inherit (config.users) users;
   5 in
   6 {
   7 imports = [
   8   ../../members/julm.nix
   9   ../../../sec/machines/mermet/users.nix
  10 ];
  11
  12 nix.trustedUsers = [
  13   users."julm".name
  14 ];
  15
  16 networking.nftables.ruleset = ''
  17   add rule inet filter fw2net tcp dport {25,465} skuid ${users.julm.name} counter accept comment "SMTP"
  18   add rule inet filter fw2net tcp dport 43 skuid ${users.julm.name} counter accept comment "Whois"
  19   add rule inet filter fw2net tcp dport 563 skuid ${users.julm.name} counter accept comment "NNTPS"
  20   add rule inet filter fw2net tcp dport 6697 skuid ${users.julm.name} counter accept comment "IRCS"
  21   add rule inet filter fw2net tcp dport 11371 skuid ${users.julm.name} counter accept comment "HKP"
  22 '';
  23
  24 users = {
  25   mutableUsers = false;
  26   users = {
  27     root = {
  28       openssh.authorizedKeys.keys = [
  29         (readFile ../../../sec/ssh/losurdo/root/ssh/id_ed25519.pub)
  30         ] ++
  31         users."julm".openssh.authorizedKeys.keys;
  32     };
  33   };
  34   groups = {
  35     wheel = {
  36       members = [
  37         users."julm".name
  38       ];
  39     };
  40   };
  41 };
  42 }