]> Git — Sourcephile - sourcephile-nix.git/blob - hosts/mermet/users.nix
nix: update input secrets
[sourcephile-nix.git] / hosts / mermet / users.nix
1 { inputs, pkgs, lib, config, ... }:
2 let
3 inherit (builtins) readFile;
4 inherit (config.users) users;
5 in
6 {
7 imports = [
8 ../../members/julm.nix
9 ];
10
11 nix.settings.trusted-users = [
12 users."julm".name
13 ];
14
15 users = {
16 mutableUsers = false;
17 users = {
18 root = {
19 openssh.authorizedKeys.keys =
20 users."julm".openssh.authorizedKeys.keys ++
21 [ (readFile (inputs.secrets + "/hosts/losurdo/ssh/root.ssh-ed25519.pub")) ];
22 hashedPassword = "!";
23 };
24 };
25 groups = {
26 wheel.members = [
27 users."julm".name
28 ];
29 };
30 };
31 services.sanoid.datasets."rpool/home/julm/mail" = {
32 use_template = [ "snap" ];
33 # Not until https://github.com/jimsalterjrs/sanoid/pull/342#issuecomment-980494511 has been fixed
34 #hourly = 12;
35 daily = 7;
36 };
37 services.sanoid.datasets."rpool/home/julm/log" = {
38 use_template = [ "snap" ];
39 # Not until https://github.com/jimsalterjrs/sanoid/pull/342#issuecomment-980494511 has been fixed
40 #hourly = 12;
41 daily = 7;
42 monthly = 1;
43 };
44 services.sanoid.datasets."rpool/backup/losurdo/home/julm/work" = {
45 use_template = [ "prune" ];
46 daily = 31;
47 };
48 networking.nftables.ruleset = ''
49 table inet filter {
50 chain output-net-julm {
51 tcp dport { smtp, submissions } counter accept comment "SMTP"
52 tcp dport nicname counter accept comment "Whois"
53 tcp dport nntps counter accept comment "NNTPS"
54 tcp dport ircs-u counter accept comment "IRCS"
55 tcp dport hkp counter accept comment "HKP"
56 }
57 chain output-net {
58 meta skuid ${users.julm.name} jump output-net-julm
59 }
60 }
61 '';
62 }