Commit 05345a36 authored by fpletz's avatar fpletz 🚧
Browse files

luftschleuse: add ssh users for open/close

parent af6001ea
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
let
sshCommandUsers = [
{ user = "open";
msg = "Unlocking back door";
cmd = "unlock";
}
{ user = "openfront";
msg = "Unlocking front door";
cmd = "unlockfront";
}
{ user = "close";
msg = "Unlocking back door";
cmd = "lock";
}
];
in
{ {
boot = { boot = {
kernelPackages = pkgs.linuxPackages; kernelPackages = pkgs.linuxPackages;
...@@ -20,6 +37,10 @@ ...@@ -20,6 +37,10 @@
fsType = "ext4"; fsType = "ext4";
options = [ "noatime" ]; options = [ "noatime" ];
}; };
"/boot/firmware = {
device = "/dev/disk/by-label/FIRMWARE";
fsType = "vfat";
};
}; };
networking = { networking = {
...@@ -44,11 +65,38 @@ ...@@ -44,11 +65,38 @@
services.fail2ban.enable = false; services.fail2ban.enable = false;
services.openssh.extraConfig = lib.concatMapStrings (t: ''
Match User ${t.user}
ForceCommand ${pkgs.writeScript "${t.user}.sh" ''
#!${pkgs.stdenv.shell}
set -o errexit
echo '${t.msg}...'
echo '${t.cmd}' | ${pkgs.netcat}/bin/nc -w 0 -u 127.0.0.1 2323
echo 'Command sent.'
''}
'') sshCommandUsers;
users = { users = {
mutableUsers = false; mutableUsers = false;
users.root.openssh.authorizedKeys.keys = [ users.root.openssh.authorizedKeys.keys = [
# FIXME
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFJY+/tAXZFm9U+nJt0kKo6e/TrYiH7E49n0ktbuF5I6 fpletz@fpine" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFJY+/tAXZFm9U+nJt0kKo6e/TrYiH7E49n0ktbuF5I6 fpletz@fpine"
]; ];
users.open = {
isNormalUser = true;
group = "users";
openssh.authorizedKeys.keys = config.users.users.root.openssh.authorizedKeys.keys;
};
users.openfront = {
isNormalUser = true;
group = "users";
openssh.authorizedKeys.keys = config.users.users.root.openssh.authorizedKeys.keys;
};
users.close = {
isNormalUser = true;
group = "users";
openssh.authorizedKeys.keys = config.users.users.root.openssh.authorizedKeys.keys;
};
}; };
systemd.services.dnsmasq = { systemd.services.dnsmasq = {
...@@ -57,6 +105,7 @@ ...@@ -57,6 +105,7 @@
}; };
services.dnsmasq = { services.dnsmasq = {
enable = true; enable = true;
resolveLocalQueries = false;
extraConfig = '' extraConfig = ''
bind-interfaces bind-interfaces
interface=wlan0 interface=wlan0
...@@ -78,7 +127,6 @@ ...@@ -78,7 +127,6 @@
wpa = false; wpa = false;
}; };
systemd.services.lockd = let lockdCfg = pkgs.writeText "lockd.cfg" '' systemd.services.lockd = let lockdCfg = pkgs.writeText "lockd.cfg" ''
[Front Door] [Front Door]
type = door type = door
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment