diff options
| -rw-r--r-- | src/machines.scm | 66 |
1 files changed, 37 insertions, 29 deletions
diff --git a/src/machines.scm b/src/machines.scm index d08a48f..9bcd55f 100644 --- a/src/machines.scm +++ b/src/machines.scm @@ -1,5 +1,6 @@ (use-modules (gnu) (curth0) + (srfi srfi-26) (gnu packages ssh) @@ -155,15 +156,13 @@ borg init -e repokey-blake2 "$R:toph-borg" ||: borg key export "$R:toph-borg" /opt/secrets/borg-key.txt - # FIXME: more users borg create \ --exclude /root/.cache/ \ - --exclude /home/andreh/.cache/ \ --stats \ --compression lzma,9 \ "R$:toph-borg::{hostname}-{now}-${1:-cronjob}" \ /root/ \ - /home/andreh/ \ + /home/ \ /etc/letsencrypt/ \ /var/lib/certbot/ \ /var/lib/letsencrypt \ @@ -224,33 +223,42 @@ #~(job "* * * * *" "seq 20 30 >&2"))) +(define admin-user "andreh") + +(define andreh-pk + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDnUv7iWOejQNa3fZ6v4lkHT6qFRp2+NuzIpFJ2Vy7eP58XZoiz6HJPcCU8Hf95JXwaXEwS4S7mXdw1x60hd8JIe058Ek6MZSSVQmlLfocGsAYj1wTrLmnQ8+PV0IeQlNj1aytBI1fL+v3IPt+JdLt6b+g3vwcEUU9efzxx2E0KZ5GIpb2meiCQ6ha+tcd7XqegB53eQj/h/coE2zLJodpaJ3xbj894pE/OJCNC0+4d0Sv7oHhY7QoLYldTQbSgPyhyfl4iZpJf6OEPZxK2cJaB+cbeoBB6aGNyU+CIJToM+uAJJ7H7EpvxfcnfJQ1PuY5szTdvFbW820euiUEKEW69mW4uaFNPSc6D4Z8tZ5hXQIqBD40irULhF0CYNkIILmyNV/KJIZ5HkbQ1q+UrCFHJyvuH/3aCTjj9OSfE7xHPQ3xd3Xw8vvj0Mjie09xFbbcklBTw5WRzH7cw8c+Q0O69kZZ8b+ykcdzWTeZeWNdnzptNqnMjfheig90rUIJ7DN0c+53jCUcGpWJxJhcYF9Uk1RNHmSE5+VzK1y+20t0grVFX90nApm4Tl35QPrX7Qxp9C81cWiUB8xCAE6jYrmd4x+P/3wSQfc1Xg0Eg3QjJB+6JD7cbyDJpzDR3ja+CLZCAr9I0B4rDKD2d6et/z67iXPnZUWMyZ8RVVZPFbBMOTw== openpgp:0xF727046D") + (define users - '()) + `(((#:username . "andreh") + (#:extra-groups . ("wheel")) + (#:public-keys . (,andreh-pk))))) (define user-accounts - '()) -(define authorized-keys) -`(("andreh" ,(plain-file "id_rsa.pub" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDnUv7iWOejQNa3fZ6v4lkHT6qFRp2+NuzIpFJ2Vy7eP58XZoiz6HJPcCU8Hf95JXwaXEwS4S7mXdw1x60hd8JIe058Ek6MZSSVQmlLfocGsAYj1wTrLmnQ8+PV0IeQlNj1aytBI1fL+v3IPt+JdLt6b+g3vwcEUU9efzxx2E0KZ5GIpb2meiCQ6ha+tcd7XqegB53eQj/h/coE2zLJodpaJ3xbj894pE/OJCNC0+4d0Sv7oHhY7QoLYldTQbSgPyhyfl4iZpJf6OEPZxK2cJaB+cbeoBB6aGNyU+CIJToM+uAJJ7H7EpvxfcnfJQ1PuY5szTdvFbW820euiUEKEW69mW4uaFNPSc6D4Z8tZ5hXQIqBD40irULhF0CYNkIILmyNV/KJIZ5HkbQ1q+UrCFHJyvuH/3aCTjj9OSfE7xHPQ3xd3Xw8vvj0Mjie09xFbbcklBTw5WRzH7cw8c+Q0O69kZZ8b+ykcdzWTeZeWNdnzptNqnMjfheig90rUIJ7DN0c+53jCUcGpWJxJhcYF9Uk1RNHmSE5+VzK1y+20t0grVFX90nApm4Tl35QPrX7Qxp9C81cWiUB8xCAE6jYrmd4x+P/3wSQfc1Xg0Eg3QjJB+6JD7cbyDJpzDR3ja+CLZCAr9I0B4rDKD2d6et/z67iXPnZUWMyZ8RVVZPFbBMOTw== openpgp:0xF727046D"))) - (list - (user-account - (name "andreh") - (comment "EuAndreh") - (group "users") - (supplementary-groups '("wheel")))) + (map (lambda (user) + (let ((name (assoc-ref user #:username)) + (groups (or (assoc-ref user #:extra-groups) '()))) + (user-account + (name name) + (comment name) + (group "users") + (supplementary-groups groups)))) + users)) + +(define authorized-keys + (map (lambda (user) + (let* ((name (assoc-ref user #:username)) + (pk-strs (assoc-ref user #:public-keys)) + (pk-files (map (cut plain-file "id_rsa.pub" <>) pk-strs))) + `(,name . ,pk-files))) + users)) + (define toph (operating-system (locale "fr_FR.utf8") (timezone "America/Sao_Paulo") (host-name "toph") - (users (append - (list - (user-account - (name "andreh") - (comment "EuAndreh") - (group "users") - (supplementary-groups '("wheel")))) - %base-user-accounts)) + (users (append user-accounts %base-user-accounts)) (sudoers-file (plain-file "sudoers" #"""- root ALL=(ALL) ALL %wheel ALL=NOPASSWD: ALL @@ -272,12 +280,12 @@ (password-authentication? #f) (subsystems '()) (log-level 'verbose) + (authorized-keys authorized-keys) (extra-content #"""- ClientAliveInterval 30 ClientAliveCountMax 20 - """#) - (authorized-keys - `(("andreh" ,(plain-file "id_rsa.pub" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDnUv7iWOejQNa3fZ6v4lkHT6qFRp2+NuzIpFJ2Vy7eP58XZoiz6HJPcCU8Hf95JXwaXEwS4S7mXdw1x60hd8JIe058Ek6MZSSVQmlLfocGsAYj1wTrLmnQ8+PV0IeQlNj1aytBI1fL+v3IPt+JdLt6b+g3vwcEUU9efzxx2E0KZ5GIpb2meiCQ6ha+tcd7XqegB53eQj/h/coE2zLJodpaJ3xbj894pE/OJCNC0+4d0Sv7oHhY7QoLYldTQbSgPyhyfl4iZpJf6OEPZxK2cJaB+cbeoBB6aGNyU+CIJToM+uAJJ7H7EpvxfcnfJQ1PuY5szTdvFbW820euiUEKEW69mW4uaFNPSc6D4Z8tZ5hXQIqBD40irULhF0CYNkIILmyNV/KJIZ5HkbQ1q+UrCFHJyvuH/3aCTjj9OSfE7xHPQ3xd3Xw8vvj0Mjie09xFbbcklBTw5WRzH7cw8c+Q0O69kZZ8b+ykcdzWTeZeWNdnzptNqnMjfheig90rUIJ7DN0c+53jCUcGpWJxJhcYF9Uk1RNHmSE5+VzK1y+20t0grVFX90nApm4Tl35QPrX7Qxp9C81cWiUB8xCAE6jYrmd4x+P/3wSQfc1Xg0Eg3QjJB+6JD7cbyDJpzDR3ja+CLZCAr9I0B4rDKD2d6et/z67iXPnZUWMyZ8RVVZPFbBMOTw== openpgp:0xF727046D")))))) + MaxSessions 20 + """#))) (service dhcp-client-service-type) (service mcron-service-type (mcron-configuration @@ -320,10 +328,10 @@ add_header Strict-Transport-Security 'max-age=86400; includeSubdomains' always; """#))))))) (service mail-aliases-service-type - '(("webmaster" "andreh") - ("abuse" "andreh") - ("root" "andreh") - ("postmaster" "andreh"))) + `(("webmaster" ,admin-user) + ("abuse" ,admin-user) + ("root" ,admin-user) + ("postmaster" ,admin-user))) (service opensmtpd-service-type (opensmtpd-configuration (config-file opensmtpd.conf)))) @@ -365,7 +373,7 @@ (configuration (machine-ssh-configuration (host-name "toph") (system "x86_64-linux") - (user "andreh") + (user admin-user) (port 38123) (host-key "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILoz1gFl6chY91vQ5SrZXSP5yHqRI3TdYy2ccEDpS7Z4"))))) |