-{ inputs, pkgs, lib, config, hostName, ... }:
-let
- inherit (config.users) users;
-in
+{ pkgs, lib, config, ... }:
{
-imports = [
- ../../members/julm.nix
-];
+ imports = [
+ users/julm.nix
+ users/sevy.nix
+ ];
-nixpkgs.config.allowUnfree = true; # for hplip
-nix.settings.trusted-users = [
- users."julm".name
-];
-
-users = {
- mutableUsers = false;
- users = {
- root = {
- openssh.authorizedKeys.keys =
- users."julm".openssh.authorizedKeys.keys;
- hashedPassword = "!";
- };
- julm = {
- openssh.authorizedKeys.keys = [
- ];
- };
- sevy = {
- openssh.authorizedKeys.keys = [
- (lib.readFile ../../users/sevy/ssh/patate.pub)
- (lib.readFile ../../users/julm/ssh/carotte.pub)
- ];
- isNormalUser = true;
- uid = 1001;
- };
- };
- groups = {
- adbusers.members = [
- users."julm".name
- ];
- dialout.members = [
- users."julm".name
- ];
- tor.members = [
- users."julm".name
- ];
- wheel.members = [
- users."julm".name
- ];
- gpg-agent.members = [
- users."julm".name
- ];
- };
-};
-
-networking.nftables.ruleset = ''
- table inet filter {
- chain output-net-julm {
- tcp dport {smtp, submissions} counter accept comment "SMTP"
- tcp dport nicname counter accept comment "Whois"
- tcp dport imaps counter accept comment "IMAPS"
- tcp dport ircs-u counter accept comment "IRCS"
- tcp dport 2222 counter accept comment "SSH(boot)"
- tcp dport xmpp-client counter accept comment "XMPP"
- tcp dport hkp counter accept comment "HKP"
- tcp dport {9009,9010,9011,9012,9013} counter accept comment "croc"
- udp dport 33434-33523 counter accept comment "traceroute"
- udp dport 60000-61000 counter accept comment "Mosh"
- }
- chain output-net {
- skuid ${users.julm.name} jump output-net-julm
- }
- }
-'';
+ users.mutableUsers = false;
+ users.users.root.hashedPassword = "!";
}
sourcephile / git / sourcephile-nix.git / blobdiff