From dcd75e0a4c93d6aa2d258f8572e21bbc8f77dbaf Mon Sep 17 00:00:00 2001 From: Xe Date: Tue, 21 Dec 2021 17:13:01 -0500 Subject: [PATCH] make users for the system Signed-off-by: Xe --- common/default.nix | 2 +- common/users/cadey.nix | 29 +++++ common/users/default.nix | 26 +---- common/users/other.nix | 36 ++++++ flake.nix | 6 +- hardware/alrest/default.nix | 5 +- hardware/alrest/solanum.nix | 213 ------------------------------------ 7 files changed, 75 insertions(+), 242 deletions(-) create mode 100644 common/users/cadey.nix create mode 100644 common/users/other.nix delete mode 100644 hardware/alrest/solanum.nix diff --git a/common/default.nix b/common/default.nix index 4853991..2ddf79a 100644 --- a/common/default.nix +++ b/common/default.nix @@ -4,7 +4,7 @@ boot.cleanTmpDir = true; boot.kernelModules = [ "wireguard" ]; - environment.systemPackages = with pkgs; [ age minisign tmate jq nfs-utils ]; + environment.systemPackages = with pkgs; [ age minisign tmate jq nfs-utils git ]; nix = { autoOptimiseStore = true; diff --git a/common/users/cadey.nix b/common/users/cadey.nix new file mode 100644 index 0000000..7a7df4f --- /dev/null +++ b/common/users/cadey.nix @@ -0,0 +1,29 @@ +{ config, pkgs, ... }: + +{ + users.users.cadey = { + isNormalUser = true; + extraGroups = + [ "wheel" "docker" "audio" "plugdev" "libvirtd" "adbusers" "dialout" "within" ]; + shell = pkgs.fish; + openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDK1sv1j0XAuHkcUB78D1S0Gv1mvJDjpCcZSTSgR5j3vxFoONctnb1BtnV75zR5YRkAfDNs00qeL+nyWA1s2VR9onaYRTQYO5TRsJhOgSijthn8qT8uK1ws1tWWui/sPzxbLu34nW8IsoQm3iFLD9yQCR7GK9e4WOU5itqLNMyh5jS7LTRKCSC2mi9IvYyTfFMggtuF3u7yFTksR02FOoox2YPzB8bHM3xBqPK46Z+fq+/mWaulnoXWcC3SZgjwpRmcEOAmTEQuk67jlpeumGqRU3lO6UFY3FDvQ8W1VYv2O1ZwPmV87S1pIEulX3WG+r7lO73bPT420PdoQehS/pY7" + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDsviqiUuN6t4YM2H+ApQtGAFx6TWJbWCqDDhInIh3X40ZAxtTmryRwAXdtHJ+v6HuGFU5XH3chDX1WSRbwVIrlxkX1hJIEZO379YSIHkORSrAmxF/2lsrW2zSjufZ6IS9yI7nsxe2mJf3GEiFjoAh2iGrSKnOACK2Y+o/SiO0BtDkOUIabofuAxf/RNOpn/HSPh/MabOxYuNOMO2bl+quYN7C1idyvVcNp0llfrnGGTCk5g3rDpR+CDQ0P2Ebg1hf4j2i/6XJmHL52Zg4b8hkoS9BzRcb2vOjGYZVR4lOMqR9ZcNMUBwMboJeQtsAib9DYaGjhMWgMQ76brXwE65sX" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPrz5T/RdragJF6StZm92JZKPMJinYdw5fYnV4osiY8Q" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH6BhO4roUnnppgf4GPDonhu0DOaA60dZ+JaFBZUa+IW" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPg9gYKVglnO2HQodSJt4z4mNrUSUiyJQ7b+J798bwD9" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAv/8Iprp3f+THr9txqoWKTO5KxnYVpiKI7e4mdTO2+b" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBp8WiNUFK6mbehvO94LAzIA4enTuWxugABC79tiQSHT" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC1e4qhGYEUCNoCYHUqfvPSkBfVdlIjmwQI7q8eibeWw" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMOyr7PjUfbALe3+zgygnL0fQz4GhQ7qT9b0Lw+1Gzwk" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMQAQCZLLbbrMTsR1NYqFRftXM2Dm8V83uaOrAxIy7zZ" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL46usOZyZD+CYa5wNBSpPxNWwF3EMeeAytPq6iVPO2X" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN76Ol48QNvRjjjIaAa3WPqVWB/ryFMmOUJpszEz13TO" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPYr9hiLtDHgd6lZDgQMkJzvYeAXmePOrgFaWHAjJvNU" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICmEyBV301bq2VMa0cm4aE4peh57TcmNq4jHVN3Clufp cadey@la-tahorskami" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBJHpoa7MSKy50Jv0cKjb1B/6jh/VtB71v8OGrt+lw3P cadey@genza" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK4mrGB2aTjHkp3r3Q7l8FHgtDPCCDqBUp9DykRWjcMA mara@blink" + ]; + }; + users.users.root.openssh.authorizedKeys.keys = config.users.users.cadey.openssh.authorizedKeys.keys; +} diff --git a/common/users/default.nix b/common/users/default.nix index 7b9a090..73b1062 100644 --- a/common/users/default.nix +++ b/common/users/default.nix @@ -3,29 +3,5 @@ with lib; { - users.users.cadey = { - isNormalUser = true; - extraGroups = - [ "wheel" "docker" "audio" "plugdev" "libvirtd" "adbusers" "dialout" "within" ]; - shell = pkgs.fish; - openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDK1sv1j0XAuHkcUB78D1S0Gv1mvJDjpCcZSTSgR5j3vxFoONctnb1BtnV75zR5YRkAfDNs00qeL+nyWA1s2VR9onaYRTQYO5TRsJhOgSijthn8qT8uK1ws1tWWui/sPzxbLu34nW8IsoQm3iFLD9yQCR7GK9e4WOU5itqLNMyh5jS7LTRKCSC2mi9IvYyTfFMggtuF3u7yFTksR02FOoox2YPzB8bHM3xBqPK46Z+fq+/mWaulnoXWcC3SZgjwpRmcEOAmTEQuk67jlpeumGqRU3lO6UFY3FDvQ8W1VYv2O1ZwPmV87S1pIEulX3WG+r7lO73bPT420PdoQehS/pY7" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDsviqiUuN6t4YM2H+ApQtGAFx6TWJbWCqDDhInIh3X40ZAxtTmryRwAXdtHJ+v6HuGFU5XH3chDX1WSRbwVIrlxkX1hJIEZO379YSIHkORSrAmxF/2lsrW2zSjufZ6IS9yI7nsxe2mJf3GEiFjoAh2iGrSKnOACK2Y+o/SiO0BtDkOUIabofuAxf/RNOpn/HSPh/MabOxYuNOMO2bl+quYN7C1idyvVcNp0llfrnGGTCk5g3rDpR+CDQ0P2Ebg1hf4j2i/6XJmHL52Zg4b8hkoS9BzRcb2vOjGYZVR4lOMqR9ZcNMUBwMboJeQtsAib9DYaGjhMWgMQ76brXwE65sX" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPrz5T/RdragJF6StZm92JZKPMJinYdw5fYnV4osiY8Q" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH6BhO4roUnnppgf4GPDonhu0DOaA60dZ+JaFBZUa+IW" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPg9gYKVglnO2HQodSJt4z4mNrUSUiyJQ7b+J798bwD9" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAv/8Iprp3f+THr9txqoWKTO5KxnYVpiKI7e4mdTO2+b" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBp8WiNUFK6mbehvO94LAzIA4enTuWxugABC79tiQSHT" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC1e4qhGYEUCNoCYHUqfvPSkBfVdlIjmwQI7q8eibeWw" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMOyr7PjUfbALe3+zgygnL0fQz4GhQ7qT9b0Lw+1Gzwk" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMQAQCZLLbbrMTsR1NYqFRftXM2Dm8V83uaOrAxIy7zZ" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL46usOZyZD+CYa5wNBSpPxNWwF3EMeeAytPq6iVPO2X" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN76Ol48QNvRjjjIaAa3WPqVWB/ryFMmOUJpszEz13TO" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPYr9hiLtDHgd6lZDgQMkJzvYeAXmePOrgFaWHAjJvNU" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICmEyBV301bq2VMa0cm4aE4peh57TcmNq4jHVN3Clufp cadey@la-tahorskami" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBJHpoa7MSKy50Jv0cKjb1B/6jh/VtB71v8OGrt+lw3P cadey@genza" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK4mrGB2aTjHkp3r3Q7l8FHgtDPCCDqBUp9DykRWjcMA mara@blink" - ]; - }; - users.users.root.openssh.authorizedKeys.keys = config.users.users.cadey.openssh.authorizedKeys.keys; + imports = [ ./cadey.nix ./other.nix ]; } diff --git a/common/users/other.nix b/common/users/other.nix new file mode 100644 index 0000000..6e078bd --- /dev/null +++ b/common/users/other.nix @@ -0,0 +1,36 @@ +{ config, pkgs, lib, ... }: + +with lib; + +let cfg = config.within.users.enableSystem; +in { + options.within.users = { + enableSystem = mkEnableOption "enable system-wide users (vic, mai)"; + }; + + config = mkIf cfg { + users.users.mai = { + isNormalUser = true; + shell = pkgs.fish; + extraGroups = [ "within" ]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMOyr7PjUfbALe3+zgygnL0fQz4GhQ7qT9b0Lw+1Gzwk" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPg9gYKVglnO2HQodSJt4z4mNrUSUiyJQ7b+J798bwD9" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPrz5T/RdragJF6StZm92JZKPMJinYdw5fYnV4osiY8Q" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF0I+UJPT7noL/bDvPj25SC24kpThqHUtge3tSQ9sIUx" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL46usOZyZD+CYa5wNBSpPxNWwF3EMeeAytPq6iVPO2X" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN76Ol48QNvRjjjIaAa3WPqVWB/ryFMmOUJpszEz13TO" + ]; + }; + + users.users.vic = { + isNormalUser = true; + extraGroups = [ "wheel" "libvirtd" "adbusers" "dialout" "within" ]; + shell = pkgs.zsh; + openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCZBjzU/7vrR8isVC2xzRamcREWw+oLeB2cS+zfZwqEwXHTI99LonR2ow5xlnngmBcJMQo8aIChwwX4iHVuUIx5ObvfbtauqWjImr8ItNqJgMnbPXwzNVJmuuhC7ThxoSYWlmyRQNChE1BAcVeSqU9Vjvc4No9GYAOMOazeAhz5jnesauemFU1WTgIcdnUyuBA2vHNYj/I0K5FHUSjpePccCwpCz+5ieELMcpGv+Wtlq8v8OiasxmLP7MORX6AClvqPtczd5M40rLlX96AoEXuviUbEvy2GzaKsutzyI7OdnfCMw2PWhxL0kjNWsU4VAYVH1EdOfoJeeEO8FuSUIQnd" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIChFSS2KUKbGYFrkbO2VwxuWqFkCSdzbxh68Edk+Pkss victo@Nami" + ]; + }; + }; +} diff --git a/flake.nix b/flake.nix index 42a9def..7a38ce9 100644 --- a/flake.nix +++ b/flake.nix @@ -17,7 +17,11 @@ nixosConfigurations.logos = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; - modules = [ ./hosts/logos ./hardware/alrest ]; + modules = [ + home-manager.nixosModules.home-manager + ./hosts/logos + ./hardware/alrest + ]; }; deploy.nodes.logos = { diff --git a/hardware/alrest/default.nix b/hardware/alrest/default.nix index c9e653b..880221a 100644 --- a/hardware/alrest/default.nix +++ b/hardware/alrest/default.nix @@ -1,9 +1,10 @@ { config, pkgs, ... }: -let metadata = pkgs.callPackage ../../../ops/metadata/peers.nix { }; -in { +{ imports = [ ./hardware-configuration.nix ./zfs.nix ]; + within.users.enableSystem = true; + boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; boot.supportedFilesystems = [ "zfs" ]; diff --git a/hardware/alrest/solanum.nix b/hardware/alrest/solanum.nix deleted file mode 100644 index bf5562d..0000000 --- a/hardware/alrest/solanum.nix +++ /dev/null @@ -1,213 +0,0 @@ -{config, pkgs, lib, ...}: - -let - metadata = pkgs.callPackage ../../../ops/metadata/peers.nix { }; - info = metadata.raw."${config.networking.hostName}".solanum; -in { - services.solanum = { - enable = true; - motd = '' - NmmN Nmmmd.:mm - NmmmN NmmydmmmmmN - Nm/:mN Nmms /mmmmm - Nmm:-dm NmmmmdsdmmmmN - mmmmmmmN NmmdhhddhhmNN Nmy:hmmmmmmmm - Nm++mmmmN mdyo/::.........-:/sdN Nmmms`smmmmmmmN - md.-dmmmm mhs/-....................-+dN Nmmmmmmmmmmmmmm - Nmmmmmmmmho:-...........................:sN NmmmmmmmmmmmmmmmN Nmdd - Nmd+ydhs/-.................................-sNmmmmmmmmmmmmmmmdhyssss - NNh+`........................................:dmmmmmmmmmmmmmmmyssssss - NNdhy+:-...........................................+dmmmmmmmmmmmmmmmdsssssss - N+-...............................................-smmmmmmmmmmmmmmmmmysyyhdmN - Nho:::-.--::-.......................----------..:hmmmmmmmmmmmmmmmmmmmN - NNNmmdo:......................--------------:ymmmmmmmmmmmmmmmmmmm - ds+........................-----------------+dmmmmmmmmmmmmmmmmm - h+........................--------------------:smmmmmmmmmmmmmmN - Ny/........................-------------::--------/hmmmmmmmmmmmN Nmd - d/........................--------------so----------odmmmmmmmm Nmdhhysss - m/........................--------------+mh-----------:ymmmmdhhyysssssssss - o.......................---------------:dmmo------------+dmdysssssssssssss - yhdmNh:......................---------------:dmmmm+------------:sssssssssssyhhdm - sssssy.......................--------------:hmmmmmmos++:---------/sssyyhdmN - ssssso......................--------------:hmmmNNN Ndddysso:------:yNN - ysssss.....................--------------/dmNyy/m d``d/------------sN - Nmdhy-...................--------------ommmh`o/N /. smh+-----------:yN - N+...................------------/hmmss: `-//-.smmmmd+----------:h - d:..................----------:smmmmhy+oosyysdmmy+:. `.--------/d - h-................---------:smmmmmmmmmmmmmmmh/` `/s:-------s - ms:...............-------/ymmmmmmmmmmmmmmmd/ :d Ny/-----+m - myss/..............------ommmmmmmmmmmmmmmmd. :y Ns:---+m - Ndssssso-............----..odmmmmmmmmmmmmmmh:.` .sN d/--s - mysssssssh/................` -odmmmmmmmmmh+. `om h/+m - Ndyssssssym Ny-.............. `/sssso+:. `+m dN - NhssssssshN No:............/.` `+d - ysssssssd m+-..........+ddy/.` -om - ssssssym h/.........-oN Nmy+--` `-+dN - ssssydN Ny:........-h Nmdm - sssym m+....-..:h - symN No.../-/d - dN h:.:hyN - ''; - config = '' - loadmodule "extensions/chm_adminonly"; - loadmodule "extensions/chm_nonotice"; - loadmodule "extensions/chm_operonly"; - loadmodule "extensions/chm_sslonly"; - #loadmodule "extensions/chm_operpeace"; - #loadmodule "extensions/createauthonly"; - loadmodule "extensions/extb_account"; - loadmodule "extensions/extb_canjoin"; - loadmodule "extensions/extb_channel"; - loadmodule "extensions/extb_combi"; - loadmodule "extensions/extb_extgecos"; - loadmodule "extensions/extb_hostmask"; - loadmodule "extensions/extb_oper"; - loadmodule "extensions/extb_realname"; - loadmodule "extensions/extb_server"; - loadmodule "extensions/extb_ssl"; - loadmodule "extensions/extb_usermode"; - #loadmodule "extensions/helpops"; - #loadmodule "extensions/hurt"; - loadmodule "extensions/ip_cloaking_4.0"; - #loadmodule "extensions/ip_cloaking"; - #loadmodule "extensions/m_extendchans"; - #loadmodule "extensions/m_findforwards"; - #loadmodule "extensions/m_identify"; - #loadmodule "extensions/m_locops"; - #loadmodule "extensions/no_oper_invis"; - loadmodule "extensions/sno_farconnect"; - loadmodule "extensions/sno_globalnickchange"; - loadmodule "extensions/sno_globaloper"; - #loadmodule "extensions/sno_whois"; - loadmodule "extensions/override"; - loadmodule "extensions/no_kill_services"; - - serverinfo { - name = "${config.networking.hostName}.alrest"; - sid = "${info.sid}"; - description = "${info.description}"; - network_name = "akua"; - }; - - listen { - host = "0.0.0.0"; - port = 6667; - }; - - class "users" { - ping_time = 2 minutes; - number_per_ident = 10; - number_per_ip = 10; - number_per_ip_global = 50; - cidr_ipv4_bitlen = 24; - cidr_ipv6_bitlen = 64; - number_per_cidr = 200; - max_number = 3000; - sendq = 400 kbytes; - }; - - class "opers" { - ping_time = 5 minutes; - number_per_ip = 10; - max_number = 1000; - sendq = 1 megabyte; - }; - - class "server" { - ping_time = 5 minutes; - connectfreq = 5 minutes; - max_number = 420; - sendq = 4 megabytes; - }; - - auth { - user = "*@*"; - class = "users"; - flags = exceed_limit; - }; - - channel { - default_split_user_count = 0; - }; - - privset "local_op" { - privs = oper:general, oper:privs, oper:testline, oper:kill, oper:operwall, oper:message, - usermode:servnotice, auspex:oper, auspex:hostname, auspex:umodes, auspex:cmodes; - }; - - privset "server_bot" { - /* extends: a privset to inherit in this privset */ - extends = "local_op"; - privs = oper:kline, oper:remoteban, snomask:nick_changes; - }; - - privset "global_op" { - extends = "local_op"; - privs = oper:routing, oper:kline, oper:unkline, oper:xline, - oper:resv, oper:cmodes, oper:mass_notice, oper:wallops, - oper:remoteban; - }; - - privset "admin" { - extends = "global_op"; - privs = oper:admin, oper:die, oper:rehash, oper:spy, oper:grant, oper:privs; - }; - - operator "Mara" { - user = "*@*"; - password = "L/b5FCMZ1DUc2"; - snomask = "+Zbfkrsuy"; - flags = encrypted; - privset = "admin"; - }; - - connect "kos-mos.alrest" { - host = "100.72.50.9"; - send_password = "hunter2"; - accept_password = "hunter2"; - port = 6667; - class = "server"; - flags = topicburst, autoconn; - }; - - connect "logos.alrest" { - host = "100.106.69.58"; - send_password = "hunter2"; - accept_password = "hunter2"; - port = 6667; - class = "server"; - flags = topicburst, autoconn; - }; - - connect "ontos.alrest" { - host = "100.66.226.109"; - send_password = "hunter2"; - accept_password = "hunter2"; - port = 6667; - class = "server"; - flags = topicburst, autoconn; - }; - - connect "pneuma.alrest" { - host = "100.120.235.118"; - send_password = "hunter2"; - accept_password = "hunter2"; - port = 6667; - class = "server"; - flags = topicburst, autoconn; - }; - - connect "services." { - host = "100.67.184.57"; - send_password = "hunter2"; - accept_password = "hunter2"; - class = "server"; - }; - - service { - name = "services."; - }; - ''; - openFilesLimit = 65536; - }; -}