summary refs log tree commit diff stats
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--configuration.nix8
-rw-r--r--users.nix64
2 files changed, 72 insertions, 0 deletions
diff --git a/configuration.nix b/configuration.nix
index 72c4895..75701ad 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -3,6 +3,8 @@
     ./hardware-configuration.nix
     ./packages.nix
     ./networking.nix # network configuration that just works
+    ./users.nix
+    ./services/minecraft.nix
 
     ./services/minecraft.nix
     ./services/rust-motd.nix
@@ -14,6 +16,12 @@
   networking.hostName = "server1";
   networking.domain = "vhack.eu";
 
+  # openssh config
+  services.openssh = {
+    enable = true;
+    passwordAuthentication = false;
+    extraConfig = "PrintMotd yes\n"; # this could be done with pam
+  };
 
   system.stateVersion = "22.11";
 }
diff --git a/users.nix b/users.nix
new file mode 100644
index 0000000..dcf06e8
--- /dev/null
+++ b/users.nix
@@ -0,0 +1,64 @@
+{
+  cfg,
+  lib,
+  pkgs,
+  list,
+  ...
+}: {
+  users.mutableUsers = false;
+  users.defaultUserShell = pkgs.zsh;
+
+  # Persisting user passwords
+  fileSystems."/srv".neededForBoot = true;
+
+  users.users = {
+    root = {
+      passwordFile = "/srv/users/root/password";
+      #uid = 0;
+      #hashedPassword = null; # to lock root
+    };
+
+    sils = {
+      name = "sils";
+      isNormalUser = true;
+      home = "/srv/users/sils/home";
+      passwordFile = "/srv/users/sils/password";
+      uid = 1000;
+      extraGroups = [
+        "wheel"
+      ];
+      openssh.authorizedKeys.keys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG63gxw8JePmrC8Fni0pLV4TnPBhCPmSV9FYEdva+6s7 sils"
+      ];
+    };
+
+    soispha = {
+      name = "soispha";
+      isNormalUser = true;
+      home = "/srv/users/soispha/home";
+      passwordFile = "/srv/users/soispha/password";
+      uid = 1001;
+      extraGroups = [
+        "wheel"
+      ];
+      openssh.authorizedKeys.keys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGBFuTNNn71Rhfnop2cdz3r/RhWWlCePnSBOhTBbu2ME soispha"
+      ];
+    };
+
+    nightingale = {
+      name = "nightingale";
+      isNormalUser = true;
+      home = "/srv/users/nightingale/home";
+      passwordFile = "/srv/users/nightingale/password";
+      uid = 1002;
+      extraGroups = [
+        "wheel"
+      ];
+      openssh.authorizedKeys.keys = [
+      ];
+    };
+  };
+}
+# vim: ts=2
+
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-11-29 16:28:35 +0000