]> Git — Sourcephile - sourcephile-nix.git/blob - machines/mermet/users.nix
wireguard: setup intranet
[sourcephile-nix.git] / machines / mermet / users.nix
1 { pkgs, lib, config, ... }:
2 let
3 inherit (builtins) readFile;
4 inherit (builtins.extraBuiltins) pass-chomp;
5 inherit (config.users) users;
6 in
7 {
8 imports = [
9 ../../members/julm.nix
10 ];
11
12 nix.trustedUsers = [
13 users."julm".name
14 ];
15
16 networking.nftables.ruleset = ''
17 add rule inet filter fw2net tcp dport {25,465} skuid ${users.julm.name} counter accept comment "SMTP"
18 add rule inet filter fw2net tcp dport 43 skuid ${users.julm.name} counter accept comment "Whois"
19 add rule inet filter fw2net tcp dport 563 skuid ${users.julm.name} counter accept comment "NNTPS"
20 add rule inet filter fw2net tcp dport 6697 skuid ${users.julm.name} counter accept comment "IRCS"
21 add rule inet filter fw2net tcp dport 11371 skuid ${users.julm.name} counter accept comment "HKP"
22 '';
23
24 users = {
25 mutableUsers = false;
26 users = {
27 root = {
28 openssh.authorizedKeys.keys = [
29 (readFile ../../../sec/ssh/losurdo/root/ssh/id_ed25519.pub)
30 ] ++
31 users."julm".openssh.authorizedKeys.keys;
32 };
33 julm = {
34 hashedPassword = pass-chomp "machines/mermet/login/julm/hashedPassword";
35 };
36 };
37 groups = {
38 wheel = {
39 members = [
40 users."julm".name
41 ];
42 };
43 };
44 };
45 }