servers/losurdo/users.nix

   1 { pkgs, lib, config, ... }:
   2 let
   3   inherit (builtins.extraBuiltins) pass-chomp;
   4   inherit (config.users) users;
   5 in
   6 {
   7 imports = [
   8   ../../members/julm.nix
   9 ];
  10
  11 nix.trustedUsers = [
  12   users."julm".name
  13 ];
  14
  15 networking.nftables.ruleset = ''
  16   add rule inet filter fw2net tcp dport {25,465} skuid ${users.julm.name} counter accept comment "SMTP"
  17   add rule inet filter fw2net tcp dport 43 skuid ${users.julm.name} counter accept comment "Whois"
  18   add rule inet filter fw2net tcp dport 6697 skuid ${users.julm.name} counter accept comment "IRCS"
  19   add rule inet filter fw2net tcp dport 11371 skuid ${users.julm.name} counter accept comment "HKP"
  20 '';
  21
  22 users = {
  23   mutableUsers = false;
  24   users = {
  25     root = {
  26       openssh.authorizedKeys.keys =
  27         users."julm".openssh.authorizedKeys.keys;
  28     };
  29     julm = {
  30       hashedPassword = pass-chomp "servers/losurdo/login/julm/hashedPassword";
  31     };
  32   };
  33   groups = {
  34     wheel = {
  35       members = [
  36         users."julm".name
  37       ];
  38     };
  39   };
  40 };
  41
  42 install.shellHook = ''
  43   pass "servers/losurdo/root/ssh/id_ed25519" |
  44   ssh "$target" install -m 0400 -o root -g root /dev/stdin \
  45    /root/.ssh/id_ed25519
  46 '';
  47 }