-{ inputs, pkgs, lib, config, ... }:
-let
- inherit (builtins) readFile;
- inherit (config.users) users;
-in
+{ lib, config, ... }:
{
-imports = [
- ../../members/julm.nix
-];
+ imports = [
+ users/julm.nix
+ ];
-nix.settings.trusted-users = [
- users."julm".name
-];
-
-users = {
- mutableUsers = false;
- users = {
- root = {
- openssh.authorizedKeys.keys =
- users."julm".openssh.authorizedKeys.keys ++
- [ (readFile (inputs.secrets + "/hosts/losurdo/ssh/root.ssh-ed25519.pub")) ];
- hashedPassword = "!";
- };
- };
- groups = {
- wheel.members = [
- users."julm".name
- ];
+ users.mutableUsers = false;
+ users.users.root = {
+ hashedPassword = "!";
+ openssh.authorizedKeys.keys =
+ map lib.readFile [
+ ../../users/root/ssh/losurdo.pub
+ ../../users/julm/ssh/oignon.pub
+ ];
};
-};
-services.sanoid.datasets."rpool/home/julm/mail" = {
- use_template = [ "snap" ];
- # Not until https://github.com/jimsalterjrs/sanoid/pull/342#issuecomment-980494511 has been fixed
- #hourly = 12;
- daily = 7;
-};
-services.sanoid.datasets."rpool/home/julm/log" = {
- use_template = [ "snap" ];
- # Not until https://github.com/jimsalterjrs/sanoid/pull/342#issuecomment-980494511 has been fixed
- #hourly = 12;
- daily = 7;
- monthly = 1;
-};
-services.sanoid.datasets."rpool/backup/losurdo/home/julm/work" = {
- use_template = [ "prune" ];
- daily = 31;
-};
-networking.nftables.ruleset = ''
- add rule inet filter fw2net tcp dport {25,465} skuid ${users.julm.name} counter accept comment "SMTP"
- add rule inet filter fw2net tcp dport 43 skuid ${users.julm.name} counter accept comment "Whois"
- add rule inet filter fw2net tcp dport 563 skuid ${users.julm.name} counter accept comment "NNTPS"
- add rule inet filter fw2net tcp dport 6697 skuid ${users.julm.name} counter accept comment "IRCS"
- add rule inet filter fw2net tcp dport 11371 skuid ${users.julm.name} counter accept comment "HKP"
-'';
}
sourcephile / git / sourcephile-nix.git / blobdiff