]> Git — Sourcephile - sourcephile-nix.git/blob - machines/losurdo/users.nix
sourcephile / git / sourcephile-nix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
ssh: add reverse ssh giving access to losurdo from mermet
[sourcephile-nix.git] / machines / losurdo / users.nix
1 { pkgs, lib, config, ... }:
2 let
3 inherit (builtins.extraBuiltins) pass-chomp;
4 inherit (config.users) users;
5 in
6 {
7 imports = [
8 ../../members/julm.nix
9 ];
10
11 nix.trustedUsers = [
12 users."julm".name
13 ];
14
15 networking.nftables.ruleset = ''
16 add rule inet filter fw2net tcp dport {25,465} skuid ${users.julm.name} counter accept comment "SMTP"
17 add rule inet filter fw2net tcp dport 43 skuid ${users.julm.name} counter accept comment "Whois"
18 add rule inet filter fw2net tcp dport 6697 skuid ${users.julm.name} counter accept comment "IRCS"
19 add rule inet filter fw2net tcp dport 11371 skuid ${users.julm.name} counter accept comment "HKP"
20 add rule inet filter fw2net tcp dport {9009,9010,9011,9012,9013} skuid ${users.julm.name} counter accept comment "croc"
21 '';
22
23 users = {
24 mutableUsers = false;
25 users = {
26 root = {
27 openssh.authorizedKeys.keys =
28 users."julm".openssh.authorizedKeys.keys;
29 hashedPassword = "!";
30 };
31 julm = {
32 hashedPassword = pass-chomp "machines/losurdo/login/julm/hashedPassword";
33 };
34 };
35 groups = {
36 wheel = {
37 members = [
38 users."julm".name
39 ];
40 };
41 };
42 };
43
44 security.gnupg.secrets."/root/.ssh/id_ed25519" = {};
45 }
NixOS configurations for Sourcephile's infrastructure