cadey
/
nixos-configs
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

make users for the system 

Signed-off-by: Xe <me@christine.website>
This commit is contained in:
Cadey Ratio 2021-12-21 17:13:01 -05:00
parent d7c1d539ff
commit dcd75e0a4c
7 changed files with 75 additions and 242 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
common/default.nix
View File

@ -4,7 +4,7 @@
boot.cleanTmpDir = true; boot.cleanTmpDir = true;
boot.kernelModules = [ "wireguard" ]; boot.kernelModules = [ "wireguard" ];
environment.systemPackages = with pkgs; [ age minisign tmate jq nfs-utils ]; environment.systemPackages = with pkgs; [ age minisign tmate jq nfs-utils git ];
nix = { nix = {
autoOptimiseStore = true; autoOptimiseStore = true;

29
common/users/cadey.nix Normal file
View File

@ -0,0 +1,29 @@
{ config, pkgs, ... }:
{
users.users.cadey = {
isNormalUser = true;
extraGroups =
[ "wheel" "docker" "audio" "plugdev" "libvirtd" "adbusers" "dialout" "within" ];
shell = pkgs.fish;
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDK1sv1j0XAuHkcUB78D1S0Gv1mvJDjpCcZSTSgR5j3vxFoONctnb1BtnV75zR5YRkAfDNs00qeL+nyWA1s2VR9onaYRTQYO5TRsJhOgSijthn8qT8uK1ws1tWWui/sPzxbLu34nW8IsoQm3iFLD9yQCR7GK9e4WOU5itqLNMyh5jS7LTRKCSC2mi9IvYyTfFMggtuF3u7yFTksR02FOoox2YPzB8bHM3xBqPK46Z+fq+/mWaulnoXWcC3SZgjwpRmcEOAmTEQuk67jlpeumGqRU3lO6UFY3FDvQ8W1VYv2O1ZwPmV87S1pIEulX3WG+r7lO73bPT420PdoQehS/pY7"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDsviqiUuN6t4YM2H+ApQtGAFx6TWJbWCqDDhInIh3X40ZAxtTmryRwAXdtHJ+v6HuGFU5XH3chDX1WSRbwVIrlxkX1hJIEZO379YSIHkORSrAmxF/2lsrW2zSjufZ6IS9yI7nsxe2mJf3GEiFjoAh2iGrSKnOACK2Y+o/SiO0BtDkOUIabofuAxf/RNOpn/HSPh/MabOxYuNOMO2bl+quYN7C1idyvVcNp0llfrnGGTCk5g3rDpR+CDQ0P2Ebg1hf4j2i/6XJmHL52Zg4b8hkoS9BzRcb2vOjGYZVR4lOMqR9ZcNMUBwMboJeQtsAib9DYaGjhMWgMQ76brXwE65sX"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPrz5T/RdragJF6StZm92JZKPMJinYdw5fYnV4osiY8Q"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH6BhO4roUnnppgf4GPDonhu0DOaA60dZ+JaFBZUa+IW"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPg9gYKVglnO2HQodSJt4z4mNrUSUiyJQ7b+J798bwD9"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAv/8Iprp3f+THr9txqoWKTO5KxnYVpiKI7e4mdTO2+b"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBp8WiNUFK6mbehvO94LAzIA4enTuWxugABC79tiQSHT"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC1e4qhGYEUCNoCYHUqfvPSkBfVdlIjmwQI7q8eibeWw"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMOyr7PjUfbALe3+zgygnL0fQz4GhQ7qT9b0Lw+1Gzwk"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMQAQCZLLbbrMTsR1NYqFRftXM2Dm8V83uaOrAxIy7zZ"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL46usOZyZD+CYa5wNBSpPxNWwF3EMeeAytPq6iVPO2X"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN76Ol48QNvRjjjIaAa3WPqVWB/ryFMmOUJpszEz13TO"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPYr9hiLtDHgd6lZDgQMkJzvYeAXmePOrgFaWHAjJvNU"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICmEyBV301bq2VMa0cm4aE4peh57TcmNq4jHVN3Clufp cadey@la-tahorskami"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBJHpoa7MSKy50Jv0cKjb1B/6jh/VtB71v8OGrt+lw3P cadey@genza"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK4mrGB2aTjHkp3r3Q7l8FHgtDPCCDqBUp9DykRWjcMA mara@blink"
];
};
users.users.root.openssh.authorizedKeys.keys = config.users.users.cadey.openssh.authorizedKeys.keys;
}

26
common/users/default.nix
View File

@ -3,29 +3,5 @@
with lib; with lib;
{ {
users.users.cadey = { imports = [ ./cadey.nix ./other.nix ];
isNormalUser = true;
extraGroups =
[ "wheel" "docker" "audio" "plugdev" "libvirtd" "adbusers" "dialout" "within" ];
shell = pkgs.fish;
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDK1sv1j0XAuHkcUB78D1S0Gv1mvJDjpCcZSTSgR5j3vxFoONctnb1BtnV75zR5YRkAfDNs00qeL+nyWA1s2VR9onaYRTQYO5TRsJhOgSijthn8qT8uK1ws1tWWui/sPzxbLu34nW8IsoQm3iFLD9yQCR7GK9e4WOU5itqLNMyh5jS7LTRKCSC2mi9IvYyTfFMggtuF3u7yFTksR02FOoox2YPzB8bHM3xBqPK46Z+fq+/mWaulnoXWcC3SZgjwpRmcEOAmTEQuk67jlpeumGqRU3lO6UFY3FDvQ8W1VYv2O1ZwPmV87S1pIEulX3WG+r7lO73bPT420PdoQehS/pY7"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDsviqiUuN6t4YM2H+ApQtGAFx6TWJbWCqDDhInIh3X40ZAxtTmryRwAXdtHJ+v6HuGFU5XH3chDX1WSRbwVIrlxkX1hJIEZO379YSIHkORSrAmxF/2lsrW2zSjufZ6IS9yI7nsxe2mJf3GEiFjoAh2iGrSKnOACK2Y+o/SiO0BtDkOUIabofuAxf/RNOpn/HSPh/MabOxYuNOMO2bl+quYN7C1idyvVcNp0llfrnGGTCk5g3rDpR+CDQ0P2Ebg1hf4j2i/6XJmHL52Zg4b8hkoS9BzRcb2vOjGYZVR4lOMqR9ZcNMUBwMboJeQtsAib9DYaGjhMWgMQ76brXwE65sX"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPrz5T/RdragJF6StZm92JZKPMJinYdw5fYnV4osiY8Q"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH6BhO4roUnnppgf4GPDonhu0DOaA60dZ+JaFBZUa+IW"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPg9gYKVglnO2HQodSJt4z4mNrUSUiyJQ7b+J798bwD9"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAv/8Iprp3f+THr9txqoWKTO5KxnYVpiKI7e4mdTO2+b"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBp8WiNUFK6mbehvO94LAzIA4enTuWxugABC79tiQSHT"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC1e4qhGYEUCNoCYHUqfvPSkBfVdlIjmwQI7q8eibeWw"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMOyr7PjUfbALe3+zgygnL0fQz4GhQ7qT9b0Lw+1Gzwk"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMQAQCZLLbbrMTsR1NYqFRftXM2Dm8V83uaOrAxIy7zZ"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL46usOZyZD+CYa5wNBSpPxNWwF3EMeeAytPq6iVPO2X"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN76Ol48QNvRjjjIaAa3WPqVWB/ryFMmOUJpszEz13TO"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPYr9hiLtDHgd6lZDgQMkJzvYeAXmePOrgFaWHAjJvNU"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICmEyBV301bq2VMa0cm4aE4peh57TcmNq4jHVN3Clufp cadey@la-tahorskami"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBJHpoa7MSKy50Jv0cKjb1B/6jh/VtB71v8OGrt+lw3P cadey@genza"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK4mrGB2aTjHkp3r3Q7l8FHgtDPCCDqBUp9DykRWjcMA mara@blink"
];
};
users.users.root.openssh.authorizedKeys.keys = config.users.users.cadey.openssh.authorizedKeys.keys;
} }

36
common/users/other.nix Normal file
View File

@ -0,0 +1,36 @@
{ config, pkgs, lib, ... }:
with lib;
let cfg = config.within.users.enableSystem;
in {
options.within.users = {
enableSystem = mkEnableOption "enable system-wide users (vic, mai)";
};
config = mkIf cfg {
users.users.mai = {
isNormalUser = true;
shell = pkgs.fish;
extraGroups = [ "within" ];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMOyr7PjUfbALe3+zgygnL0fQz4GhQ7qT9b0Lw+1Gzwk"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPg9gYKVglnO2HQodSJt4z4mNrUSUiyJQ7b+J798bwD9"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPrz5T/RdragJF6StZm92JZKPMJinYdw5fYnV4osiY8Q"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF0I+UJPT7noL/bDvPj25SC24kpThqHUtge3tSQ9sIUx"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL46usOZyZD+CYa5wNBSpPxNWwF3EMeeAytPq6iVPO2X"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN76Ol48QNvRjjjIaAa3WPqVWB/ryFMmOUJpszEz13TO"
];
};
users.users.vic = {
isNormalUser = true;
extraGroups = [ "wheel" "libvirtd" "adbusers" "dialout" "within" ];
shell = pkgs.zsh;
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCZBjzU/7vrR8isVC2xzRamcREWw+oLeB2cS+zfZwqEwXHTI99LonR2ow5xlnngmBcJMQo8aIChwwX4iHVuUIx5ObvfbtauqWjImr8ItNqJgMnbPXwzNVJmuuhC7ThxoSYWlmyRQNChE1BAcVeSqU9Vjvc4No9GYAOMOazeAhz5jnesauemFU1WTgIcdnUyuBA2vHNYj/I0K5FHUSjpePccCwpCz+5ieELMcpGv+Wtlq8v8OiasxmLP7MORX6AClvqPtczd5M40rLlX96AoEXuviUbEvy2GzaKsutzyI7OdnfCMw2PWhxL0kjNWsU4VAYVH1EdOfoJeeEO8FuSUIQnd"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIChFSS2KUKbGYFrkbO2VwxuWqFkCSdzbxh68Edk+Pkss victo@Nami"
];
};
};
}

6
flake.nix
View File

@ -17,7 +17,11 @@
nixosConfigurations.logos = nixpkgs.lib.nixosSystem { nixosConfigurations.logos = nixpkgs.lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
modules = [ ./hosts/logos ./hardware/alrest ]; modules = [
home-manager.nixosModules.home-manager
./hosts/logos
./hardware/alrest
];
}; };
deploy.nodes.logos = { deploy.nodes.logos = {

5
hardware/alrest/default.nix
View File

@ -1,9 +1,10 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
let metadata = pkgs.callPackage ../../../ops/metadata/peers.nix { }; {
in {
imports = [ ./hardware-configuration.nix ./zfs.nix ]; imports = [ ./hardware-configuration.nix ./zfs.nix ];
within.users.enableSystem = true;
boot.loader.systemd-boot.enable = true; boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true; boot.loader.efi.canTouchEfiVariables = true;
boot.supportedFilesystems = [ "zfs" ]; boot.supportedFilesystems = [ "zfs" ];

213
hardware/alrest/solanum.nix
View File

@ -1,213 +0,0 @@
{config, pkgs, lib, ...}:
let
metadata = pkgs.callPackage ../../../ops/metadata/peers.nix { };
info = metadata.raw."${config.networking.hostName}".solanum;
in {
services.solanum = {
enable = true;
motd = ''
NmmN Nmmmd.:mm
NmmmN NmmydmmmmmN
Nm/:mN Nmms /mmmmm
Nmm:-dm NmmmmdsdmmmmN
mmmmmmmN NmmdhhddhhmNN Nmy:hmmmmmmmm
Nm++mmmmN mdyo/::.........-:/sdN Nmmms`smmmmmmmN
md.-dmmmm mhs/-....................-+dN Nmmmmmmmmmmmmmm
Nmmmmmmmmho:-...........................:sN NmmmmmmmmmmmmmmmN Nmdd
Nmd+ydhs/-.................................-sNmmmmmmmmmmmmmmmdhyssss
NNh+`........................................:dmmmmmmmmmmmmmmmyssssss
NNdhy+:-...........................................+dmmmmmmmmmmmmmmmdsssssss
N+-...............................................-smmmmmmmmmmmmmmmmmysyyhdmN
Nho:::-.--::-.......................----------..:hmmmmmmmmmmmmmmmmmmmN
NNNmmdo:......................--------------:ymmmmmmmmmmmmmmmmmmm
ds+........................-----------------+dmmmmmmmmmmmmmmmmm
h+........................--------------------:smmmmmmmmmmmmmmN
Ny/........................-------------::--------/hmmmmmmmmmmmN Nmd
d/........................--------------so----------odmmmmmmmm Nmdhhysss
m/........................--------------+mh-----------:ymmmmdhhyysssssssss
o.......................---------------:dmmo------------+dmdysssssssssssss
yhdmNh:......................---------------:dmmmm+------------:sssssssssssyhhdm
sssssy.......................--------------:hmmmmmmos++:---------/sssyyhdmN
ssssso......................--------------:hmmmNNN Ndddysso:------:yNN
ysssss.....................--------------/dmNyy/m d``d/------------sN
Nmdhy-...................--------------ommmh`o/N /. smh+-----------:yN
N+...................------------/hmmss: `-//-.smmmmd+----------:h
d:..................----------:smmmmhy+oosyysdmmy+:. `.--------/d
h-................---------:smmmmmmmmmmmmmmmh/` `/s:-------s
ms:...............-------/ymmmmmmmmmmmmmmmd/ :d Ny/-----+m
myss/..............------ommmmmmmmmmmmmmmmd. :y Ns:---+m
Ndssssso-............----..odmmmmmmmmmmmmmmh:.` .sN d/--s
mysssssssh/................` -odmmmmmmmmmh+. `om h/+m
Ndyssssssym Ny-.............. `/sssso+:. `+m dN
NhssssssshN No:............/.` `+d
ysssssssd m+-..........+ddy/.` -om
ssssssym h/.........-oN Nmy+--` `-+dN
ssssydN Ny:........-h Nmdm
sssym m+....-..:h
symN No.../-/d
dN h:.:hyN
'';
config = ''
loadmodule "extensions/chm_adminonly";
loadmodule "extensions/chm_nonotice";
loadmodule "extensions/chm_operonly";
loadmodule "extensions/chm_sslonly";
#loadmodule "extensions/chm_operpeace";
#loadmodule "extensions/createauthonly";
loadmodule "extensions/extb_account";
loadmodule "extensions/extb_canjoin";
loadmodule "extensions/extb_channel";
loadmodule "extensions/extb_combi";
loadmodule "extensions/extb_extgecos";
loadmodule "extensions/extb_hostmask";
loadmodule "extensions/extb_oper";
loadmodule "extensions/extb_realname";
loadmodule "extensions/extb_server";
loadmodule "extensions/extb_ssl";
loadmodule "extensions/extb_usermode";
#loadmodule "extensions/helpops";
#loadmodule "extensions/hurt";
loadmodule "extensions/ip_cloaking_4.0";
#loadmodule "extensions/ip_cloaking";
#loadmodule "extensions/m_extendchans";
#loadmodule "extensions/m_findforwards";
#loadmodule "extensions/m_identify";
#loadmodule "extensions/m_locops";
#loadmodule "extensions/no_oper_invis";
loadmodule "extensions/sno_farconnect";
loadmodule "extensions/sno_globalnickchange";
loadmodule "extensions/sno_globaloper";
#loadmodule "extensions/sno_whois";
loadmodule "extensions/override";
loadmodule "extensions/no_kill_services";
serverinfo {
name = "${config.networking.hostName}.alrest";
sid = "${info.sid}";
description = "${info.description}";
network_name = "akua";
};
listen {
host = "0.0.0.0";
port = 6667;
};
class "users" {
ping_time = 2 minutes;
number_per_ident = 10;
number_per_ip = 10;
number_per_ip_global = 50;
cidr_ipv4_bitlen = 24;
cidr_ipv6_bitlen = 64;
number_per_cidr = 200;
max_number = 3000;
sendq = 400 kbytes;
};
class "opers" {
ping_time = 5 minutes;
number_per_ip = 10;
max_number = 1000;
sendq = 1 megabyte;
};
class "server" {
ping_time = 5 minutes;
connectfreq = 5 minutes;
max_number = 420;
sendq = 4 megabytes;
};
auth {
user = "*@*";
class = "users";
flags = exceed_limit;
};
channel {
default_split_user_count = 0;
};
privset "local_op" {
privs = oper:general, oper:privs, oper:testline, oper:kill, oper:operwall, oper:message,
usermode:servnotice, auspex:oper, auspex:hostname, auspex:umodes, auspex:cmodes;
};
privset "server_bot" {
/* extends: a privset to inherit in this privset */
extends = "local_op";
privs = oper:kline, oper:remoteban, snomask:nick_changes;
};
privset "global_op" {
extends = "local_op";
privs = oper:routing, oper:kline, oper:unkline, oper:xline,
oper:resv, oper:cmodes, oper:mass_notice, oper:wallops,
oper:remoteban;
};
privset "admin" {
extends = "global_op";
privs = oper:admin, oper:die, oper:rehash, oper:spy, oper:grant, oper:privs;
};
operator "Mara" {
user = "*@*";
password = "L/b5FCMZ1DUc2";
snomask = "+Zbfkrsuy";
flags = encrypted;
privset = "admin";
};
connect "kos-mos.alrest" {
host = "100.72.50.9";
send_password = "hunter2";
accept_password = "hunter2";
port = 6667;
class = "server";
flags = topicburst, autoconn;
};
connect "logos.alrest" {
host = "100.106.69.58";
send_password = "hunter2";
accept_password = "hunter2";
port = 6667;
class = "server";
flags = topicburst, autoconn;
};
connect "ontos.alrest" {
host = "100.66.226.109";
send_password = "hunter2";
accept_password = "hunter2";
port = 6667;
class = "server";
flags = topicburst, autoconn;
};
connect "pneuma.alrest" {
host = "100.120.235.118";
send_password = "hunter2";
accept_password = "hunter2";
port = 6667;
class = "server";
flags = topicburst, autoconn;
};
connect "services." {
host = "100.67.184.57";
send_password = "hunter2";
accept_password = "hunter2";
class = "server";
};
service {
name = "services.";
};
'';
openFilesLimit = 65536;
};
}