Add 1 git-crypt collaborator

[sourcephile-nix.git] / hosts / mermet / users.nix

{ inputs, pkgs, lib, config, ... }:
let
  inherit (builtins) readFile;
  inherit (config.users) users;
in
{
imports = [
  ../../members/julm.nix
];

nix.settings.trusted-users = [
  users."julm".name
];

users = {
  mutableUsers = false;
  users = {
    root = {
      openssh.authorizedKeys.keys =
        users."julm".openssh.authorizedKeys.keys ++
        [ (readFile (inputs.secrets + "/hosts/losurdo/ssh/root.ssh-ed25519.pub")) ];
      hashedPassword = "!";
    };
  };
  groups = {
    wheel.members = [
      users."julm".name
    ];
  };
};
services.sanoid.datasets."rpool/home/julm/mail" = {
  use_template = [ "snap" ];
  # Not until https://github.com/jimsalterjrs/sanoid/pull/342#issuecomment-980494511 has been fixed
  #hourly = 12;
  daily = 7;
};
services.sanoid.datasets."rpool/home/julm/log" = {
  use_template = [ "snap" ];
  # Not until https://github.com/jimsalterjrs/sanoid/pull/342#issuecomment-980494511 has been fixed
  #hourly = 12;
  daily = 7;
  monthly = 1;
};
services.sanoid.datasets."rpool/backup/losurdo/home/julm/work" = {
  use_template = [ "prune" ];
  daily = 31;
};
networking.nftables.ruleset = ''
  table inet filter {
    chain output-net-julm {
      tcp dport { smtp, submissions } counter accept comment "SMTP"
      tcp dport nicname counter accept comment "Whois"
      tcp dport nntps counter accept comment "NNTPS"
      tcp dport ircs-u counter accept comment "IRCS"
      tcp dport hkp counter accept comment "HKP"
    }
    chain output-net {
      meta skuid ${users.julm.name} jump output-net-julm
    }
  }
'';
}