104 lines
2.3 KiB
Nix
104 lines
2.3 KiB
Nix
|
{ inputs, outputs, lib, config, pkgs, ... }:
|
|||
|
|
|
|||
|
|
{
|
|||
|
|
nix = {
|
|||
|
|
package = pkgs.nixFlakes;
|
|||
|
|
extraOptions = ''
|
|||
|
|
experimental-features = nix-command flakes
|
|||
|
|
'';
|
|||
|
|
optimise.automatic = true;
|
|||
|
|
gc = {
|
|||
|
|
automatic = true;
|
|||
|
|
options = "--delete-older-than 30d";
|
|||
|
|
};
|
|||
|
|
};
|
|||
|
|
|
|||
|
|
nixpkgs = {
|
|||
|
|
overlays = [
|
|||
|
|
outputs.overlays.additions
|
|||
|
|
outputs.overlays.modifications
|
|||
|
|
# outputs.overlays.stable-packages
|
|||
|
|
];
|
|||
|
|
config.allowUnfree = true;
|
|||
|
|
};
|
|||
|
|
|
|||
|
|
time.timeZone = "Europe/Madrid";
|
|||
|
|
|
|||
|
|
# Select internationalisation properties.
|
|||
|
|
i18n.defaultLocale = "en_US.UTF-8";
|
|||
|
|
console = {
|
|||
|
|
font = "Lat2-Terminus16";
|
|||
|
|
keyMap = "us";
|
|||
|
|
};
|
|||
|
|
|
|||
|
|
security = {
|
|||
|
|
doas = {
|
|||
|
|
enable = true;
|
|||
|
|
extraRules = [{
|
|||
|
|
groups = [ "wheel" ];
|
|||
|
|
keepEnv = true;
|
|||
|
|
noPass = true;
|
|||
|
|
}];
|
|||
|
|
};
|
|||
|
|
sudo.enable = false;
|
|||
|
|
};
|
|||
|
|
|
|||
|
|
environment.systemPackages = with pkgs; [ git vim wget just ripgrep deploy-rs ];
|
|||
|
|
|
|||
|
|
services.openssh = {
|
|||
|
|
enable = true;
|
|||
|
|
settings = {
|
|||
|
|
PermitRootLogin = "no";
|
|||
|
|
PasswordAuthentication = false;
|
|||
|
|
};
|
|||
|
|
|
|||
|
|
hostKeys = [{
|
|||
|
|
path = "/etc/ssh/ssh_host_ed25519_key";
|
|||
|
|
type = "ed25519";
|
|||
|
|
}];
|
|||
|
|
|
|||
|
|
knownHosts = {
|
|||
|
|
"*.monotremata.xyz,10.*,narwhal,suricata,pikvm,caladan,fugu,lb,snitch,trantor,capibara,axolotl" =
|
|||
|
|
{
|
|||
|
|
certAuthority = true;
|
|||
|
|
publicKey =
|
|||
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHperHwojXZeo3QWAu1f3kiCKeaHHSqBXJM6ZZEefxdd host_ca";
|
|||
|
|
};
|
|||
|
|
};
|
|||
|
|
|
|||
|
|
extraConfig = ''
|
|||
|
|
HostCertificate /etc/ssh/ssh_host_ed25519_key-cert.pub
|
|||
|
|
TrustedUserCAKeys /etc/ssh/user_ca.pub
|
|||
|
|
'';
|
|||
|
|
};
|
|||
|
|
|
|||
|
|
users.mutableUsers = false;
|
|||
|
|
users.groups = {
|
|||
|
|
dags.gid = 506;
|
|||
|
|
};
|
|||
|
|
users.users = {
|
|||
|
|
|
|||
|
|
root = {
|
|||
|
|
initialHashedPassword = "$6$tzMk5I1KZlx7byaO$BvlSz7Cgo1g09e4RpxAjrZEuCptzjibF8nDWDfnOImTbz61Py/qzATDAa7HwAC3JyiZxb.2slTb.vA.f25ypd1";
|
|||
|
|
};
|
|||
|
|
|
|||
|
|
rilla = {
|
|||
|
|
uid = 1000;
|
|||
|
|
isNormalUser = true;
|
|||
|
|
extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
|
|||
|
|
initialHashedPassword = "$6$tzMk5I1KZlx7byaO$BvlSz7Cgo1g09e4RpxAjrZEuCptzjibF8nDWDfnOImTbz61Py/qzATDAa7HwAC3JyiZxb.2slTb.vA.f25ypd1";
|
|||
|
|
};
|
|||
|
|
|
|||
|
|
dags = {
|
|||
|
|
uid = 506;
|
|||
|
|
group = "dags";
|
|||
|
|
extraGroups = [ "wheel" ];
|
|||
|
|
createHome = false;
|
|||
|
|
isSystemUser = true;
|
|||
|
|
password = "*";
|
|||
|
|
useDefaultShell = true;
|
|||
|
|
};
|
|||
|
|
|
|||
|
|
};
|
|||
|
|
}
|