hosts/losurdo/users.nix

   1 { inputs, pkgs, lib, config, hostName, ... }:
   2 let
   3   inherit (config.users) users;
   4 in
   5 {
   6 imports = [
   7   ../../members/julm.nix
   8 ];
   9
  10 nixpkgs.config.allowUnfree = true; # for hplip
  11 nix.settings.trusted-users = [
  12   users."julm".name
  13 ];
  14
  15 users = {
  16   mutableUsers = false;
  17   users = {
  18     root = {
  19       openssh.authorizedKeys.keys =
  20         users."julm".openssh.authorizedKeys.keys;
  21       hashedPassword = "!";
  22     };
  23     gnupg = {
  24       openssh.authorizedKeys.keys =
  25         users."root".openssh.authorizedKeys.keys;
  26     };
  27     julm = {
  28       openssh.authorizedKeys.keys = [
  29       ];
  30     };
  31     sevy = {
  32       openssh.authorizedKeys.keys = [
  33         (lib.readFile (inputs.secrets + "/members/ssh/sevy-patate.pub"))
  34         (lib.readFile (inputs.secrets + "/members/ssh/julm-carotte.pub"))
  35       ];
  36       isNormalUser = true;
  37       uid = 1001;
  38     };
  39   };
  40   groups = {
  41     adbusers.members = [
  42       users."julm".name
  43     ];
  44     dialout.members = [
  45       users."julm".name
  46     ];
  47     tor.members = [
  48       users."julm".name
  49     ];
  50     wheel.members = [
  51       users."julm".name
  52     ];
  53     gpg-agent.members = [
  54       users."julm".name
  55     ];
  56   };
  57 };
  58
  59 #security.gnupg.secrets."/root/.ssh/id_ed25519" = {
  60 #  gpg = "${gnupg.store}/ssh/root.ssh-ed25519.gpg";
  61 #};
  62
  63 networking.nftables.ruleset = ''
  64   table inet filter {
  65     chain output-net-julm {
  66       tcp dport {smtp, submissions} counter accept comment "SMTP"
  67       tcp dport nicname counter accept comment "Whois"
  68       tcp dport imaps counter accept comment "IMAPS"
  69       tcp dport ircs-u counter accept comment "IRCS"
  70       tcp dport 2222 counter accept comment "SSH(boot)"
  71       tcp dport xmpp-client counter accept comment "XMPP"
  72       tcp dport hkp counter accept comment "HKP"
  73       tcp dport {9009,9010,9011,9012,9013} counter accept comment "croc"
  74       udp dport 33434-33523 counter accept comment "traceroute"
  75       udp dport 60000-61000 counter accept comment "Mosh"
  76     }
  77     chain output-net {
  78       skuid ${users.julm.name} jump output-net-julm
  79     }
  80   }
  81 '';
  82 }