]> Git — Sourcephile - sourcephile-nix.git/blob - machines/losurdo/users.nix
zfs: increase zfs_arc_max to 1.5G
[sourcephile-nix.git] / machines / losurdo / users.nix
1 { flakes, pkgs, lib, config, machineName, ... }:
2 let
3 inherit (config.security) gnupg;
4 inherit (config.users) users;
5 in
6 {
7 imports = [
8 ../../members/julm.nix
9 ];
10
11 nix.trustedUsers = [
12 users."julm".name
13 ];
14
15 networking.nftables.ruleset = lib.concatMapStringsSep "\n"
16 (rule: "add rule inet filter fw2net meta skuid ${users.julm.name} " + rule) [
17 ''tcp dport {25,465} counter accept comment "SMTP"''
18 ''tcp dport 43 counter accept comment "Whois"''
19 ''tcp dport 6697 counter accept comment "IRCS"''
20 ''tcp dport 5222 counter accept comment "XMPP"''
21 ''tcp dport 11371 counter accept comment "HKP"''
22 ''tcp dport {9009,9010,9011,9012,9013} counter accept comment "croc"''
23 ];
24
25 users = {
26 mutableUsers = false;
27 users = {
28 root = {
29 openssh.authorizedKeys.keys =
30 users."julm".openssh.authorizedKeys.keys;
31 hashedPassword = "!";
32 };
33 };
34 groups = {
35 wheel = {
36 members = [ users."julm".name ];
37 };
38 };
39 };
40
41 security.gnupg.secrets."ssh/backup.ssh-ed25519" = {};
42 security.gnupg.secrets."/root/.ssh/id_ed25519" = {
43 gpg = "${gnupg.store}/ssh/root.ssh-ed25519.gpg";
44 };
45 }