rilla
/
nix-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
nix-config/common/default.nix

95 lines
2.1 KiB
Nix
Raw Normal View History

feat: integrated lb host into the config
2023-07-30 16:06:59 +02:00
{ config, pkgs, ... }:
{
nix = {
package = pkgs.nixFlakes;
extraOptions = ''
experimental-features = nix-command flakes
'';
optimise.automatic = true;
gc = {
automatic = true;
options = "--delete-older-than 30d";
};
};
time.timeZone = "Europe/Madrid";
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
console = {
font = "Lat2-Terminus16";
keyMap = "us";
};
security = {
doas = {
enable = true;
extraRules = [{
groups = [ "wheel" ];
keepEnv = true;
noPass = true;
}];
};
sudo.enable = false;
};
feat: added deploy-rs
2023-08-04 17:45:37 +02:00
environment.systemPackages = with pkgs; [ git vim wget just ripgrep deploy-rs ];
feat: integrated lb host into the config
2023-07-30 16:06:59 +02:00
services.openssh = {
enable = true;
settings = {
PermitRootLogin = "no";
PasswordAuthentication = false;
};
hostKeys = [{
path = "/etc/ssh/ssh_host_ed25519_key";
type = "ed25519";
}];
knownHosts = {
"*.monotremata.xyz,10.*,narwhal,suricata,pikvm,caladan,fugu,lb,snitch,trantor,capibara,axolotl" =
{
certAuthority = true;
publicKey =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHperHwojXZeo3QWAu1f3kiCKeaHHSqBXJM6ZZEefxdd host_ca";
};
};
extraConfig = ''
HostCertificate /etc/ssh/ssh_host_ed25519_key-cert.pub
TrustedUserCAKeys /etc/ssh/user_ca.pub
'';
};
users.mutableUsers = false;
users.groups = {
dags.gid = 506;
};
users.users = {
root = {
initialHashedPassword = "$6$tzMk5I1KZlx7byaO$BvlSz7Cgo1g09e4RpxAjrZEuCptzjibF8nDWDfnOImTbz61Py/qzATDAa7HwAC3JyiZxb.2slTb.vA.f25ypd1";
};
rilla = {
uid = 1000;
isNormalUser = true;
extraGroups = [ "wheel" ]; # Enable sudo for the user.
initialHashedPassword = "$6$tzMk5I1KZlx7byaO$BvlSz7Cgo1g09e4RpxAjrZEuCptzjibF8nDWDfnOImTbz61Py/qzATDAa7HwAC3JyiZxb.2slTb.vA.f25ypd1";
};
dags = {
uid = 506;
group = "dags";
extraGroups = [ "wheel" ];
createHome = false;
isSystemUser = true;
password = "*";
useDefaultShell = true;
};
};
}