From c5c7efb19bf15cd7d191b2c917884bab0fad64e8 Mon Sep 17 00:00:00 2001
From: Nguyễn Gia Phong <cnx@loang.net>
Date: Fri, 12 Jan 2024 02:49:13 +0900
Subject: Split user access control to separate module

---
 configuration.nix | 68 +------------------------------------------------------
 1 file changed, 1 insertion(+), 67 deletions(-)

(limited to 'configuration.nix')

diff --git a/configuration.nix b/configuration.nix
index 0972cad..3e6ad48 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -30,6 +30,7 @@
   };
 
   imports = [
+    ./access.nix
     ./automation.nix
     ./dbms.nix
     ./dns.nix
@@ -86,18 +87,6 @@
     };
   };
 
-  security.sudo = {
-    enable = true;
-    wheelNeedsPassword = false;
-  };
-
-  services.openssh = {
-    enable = true;
-    openFirewall = true;
-    settings.PasswordAuthentication = false;
-    ports = [ 2211 ];
-  };
-
   system.stateVersion = "22.05";
 
   systemd.extraConfig = ''
@@ -105,59 +94,4 @@
   '';
 
   time.timeZone = "UTC";
-
-  users.users = {
-    axl = {
-      isNormalUser = true;
-      openssh.authorizedKeys.keyFiles = [ "/etc/ssh/axl.pub" ];
-    };
-
-    ckie = {
-      isNormalUser = true;
-      openssh.authorizedKeys.keyFiles = [ "/etc/ssh/ckie.pub" ];
-    };
-
-    cnx = {
-      extraGroups = [ "wheel" ];
-      isNormalUser = true;
-      openssh.authorizedKeys.keyFiles = [ "/etc/ssh/cnx.pub" ];
-      packages = with pkgs; [ stow ];
-    };
-
-    epoch = {
-      isNormalUser = true;
-      openssh.authorizedKeys.keyFiles = [ "/etc/ssh/epoch.pub" ];
-    };
-
-    int2k = {
-      isNormalUser = true;
-      openssh.authorizedKeys.keyFiles = [ "/etc/ssh/int2k.pub" ];
-    };
-
-    mingnho = {
-      isNormalUser = true;
-      openssh.authorizedKeys.keyFiles = [ "/etc/ssh/mingnho.pub" ];
-    };
-
-    ooze = {
-      isNormalUser = true;
-      openssh.authorizedKeys.keyFiles = [ "/etc/ssh/ooze.pub" ];
-    };
-
-    owocean = {
-      isNormalUser = true;
-      openssh.authorizedKeys.keyFiles = [ "/etc/ssh/owocean.pub" ];
-    };
-
-    vnpower = {
-      isNormalUser = true;
-      openssh.authorizedKeys.keyFiles = [ "/etc/ssh/vnpower.pub" ];
-    };
-
-    xarvos = {
-      extraGroups = [ "wheel" ];
-      isNormalUser = true;
-      openssh.authorizedKeys.keyFiles = [ "/etc/ssh/xarvos.pub" ];
-    };
-  };
 }
-- 
cgit 1.4.1