-{ inputs, pkgs, lib, config, ... }:
+{ inputs, pkgs, lib, config, hostName, ... }:
let
inherit (config.security) gnupg;
inherit (config.users) users;
../../members/julm.nix
];
-nix.trustedUsers = [
+nixpkgs.config.allowUnfree = true; # for hplip
+nix.settings.trusted-users = [
users."julm".name
];
openssh.authorizedKeys.keys =
users."root".openssh.authorizedKeys.keys;
};
+ julm = {
+ openssh.authorizedKeys.keys = [
+ ];
+ };
+ sevy = {
+ openssh.authorizedKeys.keys = [
+ (lib.readFile (inputs.secrets + "/members/ssh/sevy-patate.pub"))
+ (lib.readFile (inputs.secrets + "/members/ssh/julm-carotte.pub"))
+ ];
+ isNormalUser = true;
+ uid = 1001;
+ };
};
groups = {
adbusers.members = [
};
};
-security.gnupg.secrets."/root/.ssh/id_ed25519" = {
- gpg = "${gnupg.store}/ssh/root.ssh-ed25519.gpg";
-};
+#security.gnupg.secrets."/root/.ssh/id_ed25519" = {
+# gpg = "${gnupg.store}/ssh/root.ssh-ed25519.gpg";
+#};
networking.nftables.ruleset = lib.concatMapStringsSep "\n"
(rule: "add rule inet filter fw2net meta skuid ${users.julm.name} " + rule) [
''tcp dport 43 counter accept comment "Whois"''
''tcp dport 993 counter accept comment "IMAPS"''
''tcp dport 6697 counter accept comment "IRCS"''
+ ''tcp dport 2222 counter accept comment "SSH(boot)"''
''tcp dport 5222 counter accept comment "XMPP"''
''tcp dport 11371 counter accept comment "HKP"''
''tcp dport {9009,9010,9011,9012,9013} counter accept comment "croc"''
''udp dport 33434-33523 counter accept comment "traceroute"''
+ ''udp dport 60000-61000 counter accept comment "Mosh"''
#''ip protocol tcp counter accept comment "all"''
];
}
sourcephile / git / sourcephile-nix.git / blobdiff