Commit 05345a36 authored by fpletz's avatar fpletz 🚧
Browse files

luftschleuse: add ssh users for open/close

parent af6001ea
{ config, pkgs, lib, ... }:
let
sshCommandUsers = [
{ user = "open";
msg = "Unlocking back door";
cmd = "unlock";
}
{ user = "openfront";
msg = "Unlocking front door";
cmd = "unlockfront";
}
{ user = "close";
msg = "Unlocking back door";
cmd = "lock";
}
];
in
{
boot = {
kernelPackages = pkgs.linuxPackages;
......@@ -20,6 +37,10 @@
fsType = "ext4";
options = [ "noatime" ];
};
"/boot/firmware = {
device = "/dev/disk/by-label/FIRMWARE";
fsType = "vfat";
};
};
networking = {
......@@ -44,11 +65,38 @@
services.fail2ban.enable = false;
services.openssh.extraConfig = lib.concatMapStrings (t: ''
Match User ${t.user}
ForceCommand ${pkgs.writeScript "${t.user}.sh" ''
#!${pkgs.stdenv.shell}
set -o errexit
echo '${t.msg}...'
echo '${t.cmd}' | ${pkgs.netcat}/bin/nc -w 0 -u 127.0.0.1 2323
echo 'Command sent.'
''}
'') sshCommandUsers;
users = {
mutableUsers = false;
users.root.openssh.authorizedKeys.keys = [
# FIXME
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFJY+/tAXZFm9U+nJt0kKo6e/TrYiH7E49n0ktbuF5I6 fpletz@fpine"
];
users.open = {
isNormalUser = true;
group = "users";
openssh.authorizedKeys.keys = config.users.users.root.openssh.authorizedKeys.keys;
};
users.openfront = {
isNormalUser = true;
group = "users";
openssh.authorizedKeys.keys = config.users.users.root.openssh.authorizedKeys.keys;
};
users.close = {
isNormalUser = true;
group = "users";
openssh.authorizedKeys.keys = config.users.users.root.openssh.authorizedKeys.keys;
};
};
systemd.services.dnsmasq = {
......@@ -57,6 +105,7 @@
};
services.dnsmasq = {
enable = true;
resolveLocalQueries = false;
extraConfig = ''
bind-interfaces
interface=wlan0
......@@ -78,7 +127,6 @@
wpa = false;
};
systemd.services.lockd = let lockdCfg = pkgs.writeText "lockd.cfg" ''
[Front Door]
type = door
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment