diff options
| -rw-r--r-- | configuration.nix | 2 | ||||
| -rw-r--r-- | hardware-configuration.nix | 9 | ||||
| -rw-r--r-- | services/opensshd.nix | 27 | ||||
| -rw-r--r-- | services/rust-motd.nix | 3 | ||||
| -rw-r--r-- | users.nix | 59 |
5 files changed, 81 insertions, 19 deletions
diff --git a/configuration.nix b/configuration.nix index 72c4895..8fc047a 100644 --- a/configuration.nix +++ b/configuration.nix @@ -3,6 +3,7 @@ ./hardware-configuration.nix ./packages.nix ./networking.nix # network configuration that just works + ./users.nix ./services/minecraft.nix ./services/rust-motd.nix @@ -14,7 +15,6 @@ networking.hostName = "server1"; networking.domain = "vhack.eu"; - system.stateVersion = "22.11"; } # vim: ts=2 diff --git a/hardware-configuration.nix b/hardware-configuration.nix index 9fcbe2b..76cdb1e 100644 --- a/hardware-configuration.nix +++ b/hardware-configuration.nix @@ -19,13 +19,14 @@ fsType = "btrfs"; options = ["subvol=storage" "compress-force=zstd"]; }; - "/etc/nixos" = { - device = "/srv/nix-config"; - options = ["bind"]; - }; "/boot" = { device = "/dev/vda3"; options = ["subvol=boot" "compress-force=zstd"]; }; + + "/etc/nixos" = { + device = "/srv/nix-config"; + options = ["bind"]; + }; }; } diff --git a/services/opensshd.nix b/services/opensshd.nix index 4bd38fd..cb9f2ba 100644 --- a/services/opensshd.nix +++ b/services/opensshd.nix @@ -1,19 +1,18 @@ -{ config, pkg, ... }: { +{ + config, + pkg, + ... +}: { services.openssh = { enable = true; passwordAuthentication = false; - extraConfig = '' - PrintMotd yes - ''; # this could be done with pam - hostKeys = [{ - comment = "key comment"; - path = "/srv/sshd/ssh_host_ed25519_key"; - rounds = 1000; - type = "ed25519"; - }]; + hostKeys = [ + { + comment = "key comment"; + path = "/srv/sshd/ssh_host_ed25519_key"; + rounds = 1000; + type = "ed25519"; + } + ]; }; - users.users.root.openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGBFuTNNn71Rhfnop2cdz3r/RhWWlCePnSBOhTBbu2ME soispha" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG63gxw8JePmrC8Fni0pLV4TnPBhCPmSV9FYEdva+6s7 sils" - ]; } diff --git a/services/rust-motd.nix b/services/rust-motd.nix index 6ff9367..21bc1cd 100644 --- a/services/rust-motd.nix +++ b/services/rust-motd.nix @@ -67,6 +67,9 @@ }; last_login = { + sils = 2; + soispha = 2; + nightingale = 2; }; last_run = { diff --git a/users.nix b/users.nix new file mode 100644 index 0000000..34e1648 --- /dev/null +++ b/users.nix @@ -0,0 +1,59 @@ +{pkgs, ...}: { + users.mutableUsers = false; + users.defaultUserShell = pkgs.zsh; + + users.users = { + root = { + #uid = 0; + #initialHashedPassword = null; # to lock root + # Backup, if something happens. TODO remove this later + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG63gxw8JePmrC8Fni0pLV4TnPBhCPmSV9FYEdva+6s7 sils" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGBFuTNNn71Rhfnop2cdz3r/RhWWlCePnSBOhTBbu2ME soispha" + ]; + }; + + sils = { + name = "sils"; + isNormalUser = true; + home = "/srv/home/sils"; + initialHashedPassword = "$y$jFT$KpFnahVCE9JbE.5P3us8o.$ZzSxCusWqe3sL7b6DLgOXNNUf114tiiptM6T8lDxtKC"; # TODO CHANGE + uid = 1000; + extraGroups = [ + "wheel" + ]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG63gxw8JePmrC8Fni0pLV4TnPBhCPmSV9FYEdva+6s7 sils" + ]; + }; + + soispha = { + name = "soispha"; + isNormalUser = true; + home = "/srv/home/soispha"; + initialHashedPassword = "$y$jFT$3.8XmUyukZvpExMUxDZkI.$IVrJgm8ysNDF/0vDD2kF6w73ozXgr1LMVRNN4Bq7pv1"; + uid = 1001; + extraGroups = [ + "wheel" + ]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGBFuTNNn71Rhfnop2cdz3r/RhWWlCePnSBOhTBbu2ME soispha" + ]; + }; + + nightingale = { + name = "nightingale"; + isNormalUser = true; + home = "/srv/home/nightingale"; + initialHashedPassword = null; # TODO CHANGE + uid = 1002; + extraGroups = [ + "wheel" + ]; + openssh.authorizedKeys.keys = [ + ]; + }; + }; +} +# vim: ts=2 + |