mermet: nebula: sourcephile.fr: adapt to new conventions

[sourcephile-nix.git] / hosts / mermet / users.nix

diff --git a/hosts/mermet/users.nix b/hosts/mermet/users.nix
index f3eb61c7a0f95ee7bb5ced5a17fe8bb9a259462a..3c4f9a373a9b7231f1f8cf43cc86d993d3735910 100644 (file)
--- a/hosts/mermet/users.nix
+++ b/hosts/mermet/users.nix
@@ -1,39 +1,16 @@
-{ inputs, pkgs, lib, config, ... }:
-let
-  inherit (builtins) readFile;
-  inherit (config.users) users;
-in
+{ lib, config, ... }:
 {
-imports = [
-  ../../members/julm.nix
-];
+  imports = [
+    users/julm.nix
+  ];
 
-nix.trustedUsers = [
-  users."julm".name
-];
-
-users = {
-  mutableUsers = false;
-  users = {
-    root = {
-      openssh.authorizedKeys.keys =
-        users."julm".openssh.authorizedKeys.keys ++
-        [ (readFile (inputs.secrets + "/hosts/losurdo/ssh/root.ssh-ed25519.pub")) ];
-      hashedPassword = "!";
-    };
-  };
-  groups = {
-    wheel.members = [
-      users."julm".name
-    ];
+  users.mutableUsers = false;
+  users.users.root = {
+    hashedPassword = "!";
+    openssh.authorizedKeys.keys =
+      map lib.readFile [
+        ../../users/root/ssh/losurdo.pub
+        ../../users/julm/ssh/oignon.pub
+      ];
   };
-};
-
-networking.nftables.ruleset = ''
-  add rule inet filter fw2net tcp dport {25,465} skuid ${users.julm.name} counter accept comment "SMTP"
-  add rule inet filter fw2net tcp dport 43 skuid ${users.julm.name} counter accept comment "Whois"
-  add rule inet filter fw2net tcp dport 563 skuid ${users.julm.name} counter accept comment "NNTPS"
-  add rule inet filter fw2net tcp dport 6697 skuid ${users.julm.name} counter accept comment "IRCS"
-  add rule inet filter fw2net tcp dport 11371 skuid ${users.julm.name} counter accept comment "HKP"
-'';
 }