]> Git — Sourcephile - sourcephile-nix.git/blob - machines/mermet/users.nix
nftables: specify wg-intra public IPv4 in fw2net
[sourcephile-nix.git] / machines / mermet / users.nix
1 { inputs, pkgs, lib, config, ... }:
2 let
3 inherit (builtins) readFile;
4 inherit (config.users) users;
5 in
6 {
7 imports = [
8 ../../members/julm.nix
9 ];
10
11 networking.nftables.ruleset = ''
12 add rule inet filter fw2net tcp dport {25,465} skuid ${users.julm.name} counter accept comment "SMTP"
13 add rule inet filter fw2net tcp dport 43 skuid ${users.julm.name} counter accept comment "Whois"
14 add rule inet filter fw2net tcp dport 563 skuid ${users.julm.name} counter accept comment "NNTPS"
15 add rule inet filter fw2net tcp dport 6697 skuid ${users.julm.name} counter accept comment "IRCS"
16 add rule inet filter fw2net tcp dport 11371 skuid ${users.julm.name} counter accept comment "HKP"
17 '';
18 users = {
19 mutableUsers = false;
20 users = {
21 root = {
22 openssh.authorizedKeys.keys = [
23 (readFile (inputs.secrets + "/machines/losurdo/ssh/root.ssh-ed25519.pub"))
24 ];
25 };
26 };
27 };
28 }