-{ inputs, pkgs, lib, config, machineName, ... }:
+{ inputs, pkgs, lib, config, ... }:
let
inherit (config.security) gnupg;
inherit (config.users) users;
users."julm".name
];
-networking.nftables.ruleset = lib.concatMapStringsSep "\n"
- (rule: "add rule inet filter fw2net meta skuid ${users.julm.name} " + rule) [
- ''tcp dport {25,465} counter accept comment "SMTP"''
- ''tcp dport 43 counter accept comment "Whois"''
- ''tcp dport 993 counter accept comment "IMAPS"''
- ''tcp dport 6697 counter accept comment "IRCS"''
- ''tcp dport 5222 counter accept comment "XMPP"''
- ''tcp dport 11371 counter accept comment "HKP"''
- ''tcp dport {9009,9010,9011,9012,9013} counter accept comment "croc"''
- ''udp dport 33434-33523 counter accept comment "traceroute"''
- #''ip protocol tcp counter accept comment "all"''
-];
-
users = {
mutableUsers = false;
users = {
};
};
groups = {
- wheel = {
- members = [ users."julm".name ];
- };
- tor = {
- members = [ users."julm".name ];
- };
- adbusers = {
- members = [ users."julm".name ];
- };
+ adbusers.members = [
+ users."julm".name
+ ];
+ dialout.members = [
+ users."julm".name
+ ];
+ tor.members = [
+ users."julm".name
+ ];
+ wheel.members = [
+ users."julm".name
+ ];
};
};
security.gnupg.secrets."/root/.ssh/id_ed25519" = {
gpg = "${gnupg.store}/ssh/root.ssh-ed25519.gpg";
};
+
+networking.nftables.ruleset = lib.concatMapStringsSep "\n"
+ (rule: "add rule inet filter fw2net meta skuid ${users.julm.name} " + rule) [
+ ''tcp dport {25,465} counter accept comment "SMTP"''
+ ''tcp dport 43 counter accept comment "Whois"''
+ ''tcp dport 993 counter accept comment "IMAPS"''
+ ''tcp dport 6697 counter accept comment "IRCS"''
+ ''tcp dport 5222 counter accept comment "XMPP"''
+ ''tcp dport 11371 counter accept comment "HKP"''
+ ''tcp dport {9009,9010,9011,9012,9013} counter accept comment "croc"''
+ ''udp dport 33434-33523 counter accept comment "traceroute"''
+ #''ip protocol tcp counter accept comment "all"''
+];
}
../../members/julm.nix
];
-networking.nftables.ruleset = ''
- add rule inet filter fw2net tcp dport {25,465} skuid ${users.julm.name} counter accept comment "SMTP"
- add rule inet filter fw2net tcp dport 43 skuid ${users.julm.name} counter accept comment "Whois"
- add rule inet filter fw2net tcp dport 563 skuid ${users.julm.name} counter accept comment "NNTPS"
- add rule inet filter fw2net tcp dport 6697 skuid ${users.julm.name} counter accept comment "IRCS"
- add rule inet filter fw2net tcp dport 11371 skuid ${users.julm.name} counter accept comment "HKP"
-'';
+nix.trustedUsers = [
+ users."julm".name
+];
+
users = {
mutableUsers = false;
users = {
root = {
- openssh.authorizedKeys.keys = [
- (readFile (inputs.secrets + "/machines/losurdo/ssh/root.ssh-ed25519.pub"))
- ];
+ openssh.authorizedKeys.keys =
+ users."julm".openssh.authorizedKeys.keys ++
+ [ (readFile (inputs.secrets + "/machines/losurdo/ssh/root.ssh-ed25519.pub")) ];
+ hashedPassword = "!";
};
};
+ groups = {
+ wheel.members = [
+ users."julm".name
+ ];
+ };
};
+
+networking.nftables.ruleset = ''
+ add rule inet filter fw2net tcp dport {25,465} skuid ${users.julm.name} counter accept comment "SMTP"
+ add rule inet filter fw2net tcp dport 43 skuid ${users.julm.name} counter accept comment "Whois"
+ add rule inet filter fw2net tcp dport 563 skuid ${users.julm.name} counter accept comment "NNTPS"
+ add rule inet filter fw2net tcp dport 6697 skuid ${users.julm.name} counter accept comment "IRCS"
+ add rule inet filter fw2net tcp dport 11371 skuid ${users.julm.name} counter accept comment "HKP"
+'';
}
sourcephile / git / sourcephile-nix.git / commitdiff