From fcc22aaf7d656b05aeefe59cf988a61595cbe06c Mon Sep 17 00:00:00 2001
From: root <root@beherbergung-lifeline>
Date: Thu, 10 Mar 2022 02:23:37 +0100
Subject: [PATCH] deployment: trivial setup

TODO:
* systemd-service
* reverse-proxy
---
 .../hosts/beherbergung-lifeline/configuration.nix    | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/deployment/hosts/beherbergung-lifeline/configuration.nix b/deployment/hosts/beherbergung-lifeline/configuration.nix
index 07de3b6..526334d 100644
--- a/deployment/hosts/beherbergung-lifeline/configuration.nix
+++ b/deployment/hosts/beherbergung-lifeline/configuration.nix
@@ -12,4 +12,16 @@
       ipv6.addresses = [ { address = "2a01:4f8:c0c:cf13::1"; prefixLength = 64; } ];
     };
   };
+
+  users.users."beherbergung" = {
+    group = "beherbergung";
+    isSystemUser = true;
+    createHome = true;
+    home = "/var/lib/beherbergung";
+    openssh.authorizedKeys.keys = config.users.users.root.openssh.authorizedKeys.keys;
+    shell = "${pkgs.bash}/bin/bash";
+  };
+  users.groups."beherbergung" = {};
+
+  networking.firewall.allowedTCPPorts = [ 4000 3000 ];
 }