-{ inputs, pkgs, lib, config, hostName, ... }:
+{ lib, config, ... }:
let
inherit (config.users) users;
in
{
-imports = [
- ../../../users/julm.nix
-];
-
-users.users.julm = {
- hashedPassword = lib.readFile julm/hashedPassword.clear;
- openssh.authorizedKeys.keys = map lib.readFile [
- ../../../users/julm/ssh/gnupg.pub
- ../../../users/julm/ssh/oignon.pub
- ../../../users/julm/ssh/mob.pub
- ../../../users/julm/ssh/losurdo.pub
- ];
- extraGroups = [
- "adbusers"
- "dialout"
- "gpg-agent"
- "lp"
- "networkmanager"
- "scanner"
- "tor"
- "wheel"
+ imports = [
+ ../../../users/julm.nix
];
-};
-
-nix.settings.trusted-users = [
- users."julm".name
-];
-services.sanoid.datasets = {
- "das1/julm/backup" = {
- use_template = [ "prune" ];
- recursive = true;
+ users.users.julm = {
+ hashedPassword = lib.readFile julm/hashedPassword.clear;
+ openssh.authorizedKeys.keys = map lib.readFile [
+ ../../../users/julm/ssh/mob.pub
+ ../../../users/julm/ssh/losurdo.pub
+ ];
+ extraGroups = [
+ "adbusers"
+ "dialout"
+ "lp"
+ "networkmanager"
+ "scanner"
+ "tor"
+ "wheel"
+ ];
};
- "das1/julm/perso" = {
- use_template = [ "snap" ];
- recursive = true;
- };
- "das1/julm/public" = {
- use_template = [ "snap" ];
- recursive = true;
+
+ users.users.root.openssh.authorizedKeys.keys =
+ users."julm".openssh.authorizedKeys.keys;
+
+ nix.settings.trusted-users = [
+ users."julm".name
+ ];
+
+ services.sanoid.datasets = {
+ "das1/julm/backup" = {
+ use_template = [ "prune" ];
+ recursive = true;
+ };
+ "das1/julm/perso" = {
+ use_template = [ "snap" ];
+ recursive = true;
+ };
+ "das1/julm/public" = {
+ use_template = [ "snap" ];
+ recursive = true;
+ };
};
-};
-networking.nftables.ruleset = ''
- table inet filter {
- chain output-net-julm {
- tcp dport {smtp, submissions} counter accept comment "SMTP"
- tcp dport nicname counter accept comment "Whois"
- tcp dport imaps counter accept comment "IMAPS"
- tcp dport ircs-u counter accept comment "IRCS"
- tcp dport 2222 counter accept comment "SSH(boot)"
- tcp dport xmpp-client counter accept comment "XMPP"
- tcp dport hkp counter accept comment "HKP"
- tcp dport {9009,9010,9011,9012,9013} counter accept comment "croc"
- udp dport 33434-33523 counter accept comment "traceroute"
- udp dport 60000-61000 counter accept comment "Mosh"
- }
- chain output-net {
- skuid ${users.julm.name} jump output-net-julm
+ networking.nftables.ruleset = ''
+ table inet filter {
+ chain output-net-julm {
+ tcp dport {smtp, submissions} counter accept comment "SMTP"
+ tcp dport nicname counter accept comment "Whois"
+ tcp dport imaps counter accept comment "IMAPS"
+ tcp dport ircs-u counter accept comment "IRCS"
+ tcp dport 2222 counter accept comment "SSH(boot)"
+ tcp dport xmpp-client counter accept comment "XMPP"
+ tcp dport hkp counter accept comment "HKP"
+ tcp dport {9009,9010,9011,9012,9013} counter accept comment "croc"
+ udp dport 33434-33523 counter accept comment "traceroute"
+ udp dport 60000-61000 counter accept comment "Mosh"
+ }
+ chain output-net {
+ skuid ${users.julm.name} jump output-net-julm
+ }
}
- }
-'';
+ '';
}
sourcephile / git / sourcephile-nix.git / blobdiff