1 files changed, 21 insertions, 3 deletions

diff --git a/machines/srv3/configuration.nix b/machines/srv3/configuration.nix
index 60fe2ef..73c20db 100644
--- a/machines/srv3/configuration.nix
+++ b/machines/srv3/configuration.nix
@@ -65,8 +65,15 @@ in
     vim lm_sensors
   ];
 
-  services.openssh.enable = true;
-  services.openssh.settings.PasswordAuthentication = false;
+  services.openssh = {
+    enable = true;
+    settings = {
+      PasswordAuthentication = false;
+      PermitRootLogin = "no";
+      #AllowGroups = ["using-ssh"];
+      AllowUsers = [ "pn-ssh" "pn@192.168.1.*" ];
+    };
+  };
   services.sshguard = {
     enable = true;
     whitelist = [
@@ -153,12 +160,23 @@ in
   networking.firewall.allowedTCPPorts = [ 53 80 443 ];
   networking.firewall.allowedUDPPorts = [ 53 ];
 
+  virtualisation.docker.enable = true;
+
   users = {
+    groups."using-ssh" = { name = "using-ssh"; };
     users = {
+      pn-ssh = {
+        description = "patryk-zdalny";
+        isNormalUser = true;
+        extraGroups = [ "pn" "git" "using-ssh"];
+        openssh.authorizedKeys.keys = [
+          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIqlCe4ovKa/Gwl5xmgu9nvVPmFXMgwdeLRYW7Gg7RWx pniedzwiedzinski19@gmail.com"
+        ];
+      };
       pn = {
 	description = "patryk";
         isNormalUser = true;
-        extraGroups = [ "wheel" "git" ]; # Enable ‘sudo’ for the user.
+        extraGroups = [ "wheel" "git" "using-ssh" "docker" ]; # Enable ‘sudo’ for the user.
         openssh.authorizedKeys.keys = [
           "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIqlCe4ovKa/Gwl5xmgu9nvVPmFXMgwdeLRYW7Gg7RWx pniedzwiedzinski19@gmail.com"
         ];