2015-07-28 20:19:54 +02:00
|
|
|
{ config, lib, pkgs, ... }:
|
|
|
|
|
2023-06-10 20:53:47 +02:00
|
|
|
with lib;
|
2015-07-28 20:19:54 +02:00
|
|
|
{
|
2015-08-07 13:51:49 +02:00
|
|
|
imports = [
|
2023-06-10 20:53:47 +02:00
|
|
|
./secrets/user-passwords.nix
|
2018-09-08 12:45:47 +02:00
|
|
|
./editor/vim.nix
|
2016-07-14 22:31:27 +02:00
|
|
|
./binary-cache/nixos.nix
|
2018-09-24 23:34:30 +02:00
|
|
|
./minimal.nix
|
2023-08-18 11:17:33 +02:00
|
|
|
./secrets/ssh_server.nix
|
2022-12-12 19:42:41 +01:00
|
|
|
# ./security/hotfix.nix
|
2015-08-07 13:51:49 +02:00
|
|
|
];
|
2018-01-04 01:25:07 +01:00
|
|
|
|
2018-09-24 23:34:30 +02:00
|
|
|
# users are super important
|
|
|
|
users.users = {
|
2023-06-10 20:53:47 +02:00
|
|
|
root.openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ];
|
2015-07-28 20:19:54 +02:00
|
|
|
makefu = {
|
|
|
|
uid = 9001;
|
|
|
|
group = "users";
|
|
|
|
home = "/home/makefu";
|
|
|
|
createHome = true;
|
2021-06-05 15:02:20 +02:00
|
|
|
isNormalUser = true;
|
2015-07-28 20:19:54 +02:00
|
|
|
useDefaultShell = true;
|
2018-09-24 23:34:30 +02:00
|
|
|
extraGroups = [ "wheel" ];
|
2023-06-10 20:53:47 +02:00
|
|
|
openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ];
|
2015-07-28 20:19:54 +02:00
|
|
|
};
|
|
|
|
};
|
2023-06-10 20:53:47 +02:00
|
|
|
# nix.settings.trusted-users = [ config.krebs.build.user.name ];
|
2023-06-03 15:30:37 +02:00
|
|
|
nix.settings.experimental-features = [ "flakes" "nix-command" ];
|
2015-07-28 20:19:54 +02:00
|
|
|
|
2020-04-22 23:40:45 +02:00
|
|
|
boot.kernelPackages = lib.mkDefault pkgs.linuxPackages;
|
2015-08-13 17:13:13 +02:00
|
|
|
|
2019-09-04 20:17:56 +02:00
|
|
|
nixpkgs.config.allowUnfreePredicate = pkg: packageName pkg == "unrar";
|
|
|
|
|
2018-09-24 23:34:30 +02:00
|
|
|
krebs = {
|
|
|
|
enable = true;
|
2023-06-10 20:53:47 +02:00
|
|
|
# dns.providers.lan = "hosts";
|
2018-09-24 23:34:30 +02:00
|
|
|
build.user = config.krebs.users.makefu;
|
2016-01-16 01:30:37 +01:00
|
|
|
};
|
2015-07-28 20:19:54 +02:00
|
|
|
|
|
|
|
|
2023-06-10 20:53:47 +02:00
|
|
|
boot.tmp.useTmpfs = true;
|
2015-07-28 20:19:54 +02:00
|
|
|
|
|
|
|
environment.systemPackages = with pkgs; [
|
2015-07-29 01:07:41 +02:00
|
|
|
jq
|
2015-07-28 20:19:54 +02:00
|
|
|
git
|
|
|
|
gnumake
|
|
|
|
rxvt_unicode.terminfo
|
2015-08-13 17:13:13 +02:00
|
|
|
htop
|
2022-09-23 22:42:33 +02:00
|
|
|
nix-output-monitor
|
2015-07-28 20:19:54 +02:00
|
|
|
];
|
|
|
|
|
2018-09-24 23:34:30 +02:00
|
|
|
programs.bash.enableCompletion = true;
|
2015-07-28 20:19:54 +02:00
|
|
|
|
|
|
|
environment.shellAliases = {
|
2017-05-02 14:05:06 +02:00
|
|
|
# TODO: see .aliases
|
2015-07-28 20:19:54 +02:00
|
|
|
lsl = "ls -lAtr";
|
2021-03-12 20:24:40 +01:00
|
|
|
ip = "ip -c -br";
|
2020-01-23 23:51:05 +01:00
|
|
|
dmesg = "dmesg -L --reltime";
|
2015-12-16 10:42:40 +01:00
|
|
|
psg = "ps -ef | grep";
|
|
|
|
nmap = "nmap -oN $HOME/loot/scan-`date +\%s`.nmap -oX $HOME/loot/scan-`date +%s`.xml";
|
|
|
|
grep = "grep --color=auto";
|
2015-07-28 20:19:54 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
nixpkgs.config.packageOverrides = pkgs: {
|
2023-01-11 13:59:43 +01:00
|
|
|
#nano = pkgs.runCommand "empty" {} "mkdir -p $out";
|
2016-03-16 08:39:58 +01:00
|
|
|
tinc = pkgs.tinc_pre;
|
2015-07-28 20:19:54 +02:00
|
|
|
};
|
|
|
|
|
2017-03-01 22:02:47 +01:00
|
|
|
|
2016-05-02 17:38:27 +02:00
|
|
|
nix.extraOptions = ''
|
|
|
|
auto-optimise-store = true
|
|
|
|
'';
|
2015-07-28 20:19:54 +02:00
|
|
|
|
2021-12-04 18:37:03 +01:00
|
|
|
#security.wrappers.sendmail = {
|
|
|
|
# source = "${pkgs.exim}/bin/sendmail";
|
|
|
|
# setuid = true;
|
|
|
|
#};
|
2015-07-28 20:19:54 +02:00
|
|
|
services.journald.extraConfig = ''
|
|
|
|
SystemMaxUse=1G
|
|
|
|
RuntimeMaxUse=128M
|
|
|
|
'';
|
2019-01-21 11:17:27 +01:00
|
|
|
environment.pathsToLink = [ "/share" ];
|
2020-04-22 16:36:44 +02:00
|
|
|
security.acme = {
|
2022-09-23 22:42:33 +02:00
|
|
|
defaults.email = "letsencrypt@syntax-fehler.de";
|
2020-04-22 16:36:44 +02:00
|
|
|
acceptTerms = true;
|
|
|
|
};
|
2023-06-10 20:53:47 +02:00
|
|
|
system.stateVersion = lib.mkDefault "23.05";
|
2022-09-23 22:42:33 +02:00
|
|
|
services.postgresql.package = pkgs.postgresql_14;
|
2015-07-28 20:19:54 +02:00
|
|
|
}
|