Merge pull request 'User Configuration' (#12) from server1_users into server1

Reviewed-on: https://git.sils.li/vhack.eu/nixos-server/pulls/12 Reviewed-by: sils <sils@sils.li>
author: sils <sils@sils.li> 2023-01-23 21:12:50 +0100
committer: sils <sils@sils.li> 2023-01-23 21:12:50 +0100
commit: 1b5e27311adf4da0bcfaa15acfbc5005584569e5 (patch)
tree: 82a4ae678333272b380942f2966f0c71c5881f5a
parent: Merge pull request 'Remove ssh from the config file and make it's keys persis... (diff)
parent: Update: Save hashed password for sils (diff)
download: nixos-server-1b5e27311adf4da0bcfaa15acfbc5005584569e5.zip
5 files changed, 81 insertions, 19 deletions
diff --git a/configuration.nix b/configuration.nix
index 72c4895..8fc047a 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -3,6 +3,7 @@
     ./hardware-configuration.nix
     ./packages.nix
     ./networking.nix # network configuration that just works
+    ./users.nix
 
     ./services/minecraft.nix
     ./services/rust-motd.nix
@@ -14,7 +15,6 @@
   networking.hostName = "server1";
   networking.domain = "vhack.eu";
 
-
   system.stateVersion = "22.11";
 }
 # vim: ts=2
diff --git a/hardware-configuration.nix b/hardware-configuration.nix
index 9fcbe2b..76cdb1e 100644
--- a/hardware-configuration.nix
+++ b/hardware-configuration.nix
@@ -19,13 +19,14 @@
       fsType = "btrfs";
       options = ["subvol=storage" "compress-force=zstd"];
     };
-    "/etc/nixos" = {
-      device = "/srv/nix-config";
-      options = ["bind"];
-    };
     "/boot" = {
       device = "/dev/vda3";
       options = ["subvol=boot" "compress-force=zstd"];
     };
+
+    "/etc/nixos" = {
+      device = "/srv/nix-config";
+      options = ["bind"];
+    };
   };
 }
diff --git a/services/opensshd.nix b/services/opensshd.nix
index 4bd38fd..cb9f2ba 100644
--- a/services/opensshd.nix
+++ b/services/opensshd.nix
@@ -1,19 +1,18 @@
-{ config, pkg, ... }: {
+{
+  config,
+  pkg,
+  ...
+}: {
   services.openssh = {
     enable = true;
     passwordAuthentication = false;
-    extraConfig = ''
-      PrintMotd yes
-    ''; # this could be done with pam
-    hostKeys = [{
-      comment = "key comment";
-      path = "/srv/sshd/ssh_host_ed25519_key";
-      rounds = 1000;
-      type = "ed25519";
-    }];
+    hostKeys = [
+      {
+        comment = "key comment";
+        path = "/srv/sshd/ssh_host_ed25519_key";
+        rounds = 1000;
+        type = "ed25519";
+      }
+    ];
   };
-  users.users.root.openssh.authorizedKeys.keys = [
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGBFuTNNn71Rhfnop2cdz3r/RhWWlCePnSBOhTBbu2ME soispha"
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG63gxw8JePmrC8Fni0pLV4TnPBhCPmSV9FYEdva+6s7 sils"
-  ];
 }
diff --git a/services/rust-motd.nix b/services/rust-motd.nix
index 6ff9367..21bc1cd 100644
--- a/services/rust-motd.nix
+++ b/services/rust-motd.nix
@@ -67,6 +67,9 @@
       };
 
       last_login = {
+        sils = 2;
+        soispha = 2;
+        nightingale = 2;
       };
 
       last_run = {
diff --git a/users.nix b/users.nix
new file mode 100644
index 0000000..34e1648
--- /dev/null
+++ b/users.nix
@@ -0,0 +1,59 @@
+{pkgs, ...}: {
+  users.mutableUsers = false;
+  users.defaultUserShell = pkgs.zsh;
+
+  users.users = {
+    root = {
+      #uid = 0;
+      #initialHashedPassword = null; # to lock root
+      # Backup, if something happens. TODO remove this later
+      openssh.authorizedKeys.keys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG63gxw8JePmrC8Fni0pLV4TnPBhCPmSV9FYEdva+6s7 sils"
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGBFuTNNn71Rhfnop2cdz3r/RhWWlCePnSBOhTBbu2ME soispha"
+      ];
+    };
+
+    sils = {
+      name = "sils";
+      isNormalUser = true;
+      home = "/srv/home/sils";
+      initialHashedPassword = "$y$jFT$KpFnahVCE9JbE.5P3us8o.$ZzSxCusWqe3sL7b6DLgOXNNUf114tiiptM6T8lDxtKC"; # TODO CHANGE
+      uid = 1000;
+      extraGroups = [
+        "wheel"
+      ];
+      openssh.authorizedKeys.keys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG63gxw8JePmrC8Fni0pLV4TnPBhCPmSV9FYEdva+6s7 sils"
+      ];
+    };
+
+    soispha = {
+      name = "soispha";
+      isNormalUser = true;
+      home = "/srv/home/soispha";
+      initialHashedPassword = "$y$jFT$3.8XmUyukZvpExMUxDZkI.$IVrJgm8ysNDF/0vDD2kF6w73ozXgr1LMVRNN4Bq7pv1";
+      uid = 1001;
+      extraGroups = [
+        "wheel"
+      ];
+      openssh.authorizedKeys.keys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGBFuTNNn71Rhfnop2cdz3r/RhWWlCePnSBOhTBbu2ME soispha"
+      ];
+    };
+
+    nightingale = {
+      name = "nightingale";
+      isNormalUser = true;
+      home = "/srv/home/nightingale";
+      initialHashedPassword = null; # TODO CHANGE
+      uid = 1002;
+      extraGroups = [
+        "wheel"
+      ];
+      openssh.authorizedKeys.keys = [
+      ];
+    };
+  };
+}
+# vim: ts=2
+
author	sils <sils@sils.li>	2023-01-23 21:12:50 +0100
committer	sils <sils@sils.li>	2023-01-23 21:12:50 +0100
commit	1b5e27311adf4da0bcfaa15acfbc5005584569e5 (patch)
tree	82a4ae678333272b380942f2966f0c71c5881f5a
parent	Merge pull request 'Remove ssh from the config file and make it's keys persis... (diff)
parent	Update: Save hashed password for sils (diff)
download	nixos-server-1b5e27311adf4da0bcfaa15acfbc5005584569e5.zip