-
Notifications
You must be signed in to change notification settings - Fork 13
/
Copy pathcore.nix
154 lines (152 loc) · 5.09 KB
/
core.nix
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
{ pkgs, config, ... }:
let
secrets = import ./load-secrets.nix;
keys = import ./keys.nix;
util = pkgs.callPackage ./util.nix {};
in {
imports = [
./vim.nix
#./iscsi-boot.nix
./iscsi_module.nix
./qemu.nix
./arcstats.nix
./extra-statsd.nix
./auto-gc.nix
./coredump.nix
];
environment.systemPackages = with pkgs; [
(if config.services.xserver.enable then gitAndTools.gitFull else git)
#utillinuxCurses
(pkgs.makeDesktopItem { name = "screen"; exec = "${pkgs.xterm}/bin/xterm -e ${pkgs.screen}/bin/screen -xRR"; desktopName = "Screen"; genericName = "screen"; categories = [ "System" "TerminalEmulator" ]; })
bat
ncdu
psmisc
sqlite-interactive
util
util-linuxCurses
];
boot = {
blacklistedKernelModules = [ "dccp" ];
kernelParams = [
"zfs.zfs_metaslab_try_hard_before_gang=1"
];
};
nixpkgs = {
config = {
sqlite.interactive = true;
allowUnfree = true;
allowBroken = true;
vim.ruby = false;
};
};
programs = {
screen.screenrc = ''
defscrollback 5000
caption always
#termcapinfo xterm 'Co#256:AB=\E[48;5;%dm:AF=\E[38;5;%dm'
# fixes terminfo bugs involing tsl=
termcapinfo xterm 'hs:ts=\E]2;:fs=\007:ds=\E]2;screen\007'
#defbce "on"
maptimeout 5
'';
screen.enable = true;
ssh = {
extraConfig = ''
ServerAliveInterval 60
'';
knownHosts = let
router = { publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMSvyvC18BHfivZJDhWSm7VU3kEElfNfMIfeohkil614"; };
amd = { publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJhJRINrY5cFcqZ76GsAK7FU+wQhErlS6APdOIm7xcnW"; };
system76 = { publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGtWMQ3F30gczudsr38Tw9yARsUMZbmvD4llnZq3K68u"; };
in {
"192.168.2.1" = router;
"router.localnet" = router;
"192.168.2.15" = amd;
"amd.localnet" = amd;
"system76" = system76;
"system76.localnet" = system76;
"c2d.localnet" = { publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAeIKSyO23iQey8rfwqYdRrcn2sY/Uxcy/OogAZKYNBAeLdwWDmX73d/TZA/rLJtImKPjZYl1VyCIylnNaogvNs="; };
"andoria.angeldsis.com" = { publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHX1VUOiMc14jztdHArChYyUaLlTygtUSuH7qU+SD8DqnCmlmbTgeuRDEnsMCBGfWIRSftGi1VG7gC5cZwQxsiY="; };
"github.com" = { publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg="; };
"du075.macincloud.com" = { publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCrJvUu+5o75C8Sf27LWf0GNyb96iBQ6znoy8YmPeoVecpsEgj1KoW+NyZSkEgB1PQA/SBYpHVQRGFfxP0WI8H0kVfJX2wf89oY5m3XJDj/B6JnFo0tpJFhdnidSehFAPm5eja93osKpJDMgtt9F31PjmuOiYS/sTtZsyz/KzoUd2mekdlowvyQA5Fw93sC2lNrKyGsD6y7O5ft9YmyNn43s7g+2f2qBLF4miPgYECJ0AaNq1NBzrmxeDBxCvrMAZe4ZFnHx/g8oy+D4eZm+J2kc8ZMIa57dqua4Y3rm9o+Uej/8sBPcp7Kczf5eAS5f9+lLaATuLDTyFKLNLItU5kX"; };
"aarch64.nixos.community" = { publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMUTz5i9u5H2FHNAmZJyoJfIGyUm/HfGhfwnc142L3ds"; };
"pi5w" = { publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBgqVYJn5wzz8bfVwWCtvUB6YsTNUlKzPA/IHhEJ78LF"; };
};
};
};
users = {
users = {
root.openssh.authorizedKeys.keys = with keys; [
dual.distro
clever.amd
clever.laptopLuks
];
builder = {
uid = 1001;
isNormalUser = true;
openssh.authorizedKeys.keys = with keys; [
dual.distro
#clever.amd
clever.nix1
router_distro
clever.nix2
clever.amd_distro
clever.nas_distro
clever.hydra
];
};
clever = {
isNormalUser = true;
uid = 1000;
initialHashedPassword = secrets.hashedPw;
openssh.authorizedKeys.keys = with keys; [
clever.amd clever.ramboot clever.laptop
];
extraGroups = [ "wheel" "wireshark" "vboxusers" ];
};
};
};
services = {
openssh = {
enable = true;
settings.PermitRootLogin = "yes";
};
avahi = {
enable = true;
nssmdns4 = true;
publish = {
enable = true;
addresses = true;
workstation = true;
};
};
};
networking = {
extraHosts = ''
10.42.1.5 nixbox360
#192.168.2.11 fuspr.net
#192.168.123.51 hydra.angeldsis.com
'';
};
nix = {
min-free-collection = true;
distributedBuilds = true;
#binaryCaches = [
#"http://nixcache.localnet"
#"https://cache.nixos.org"
#];
settings = {
trusted-public-keys = [
"c2d.localnet-1:YTVKcy9ZO3tqPNxRqeYEYxSpUH5C8ykZ9ImUKuugf4c="
#"hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs="
"amd-1:8E8Dz+Vc/6+8SePHMrJxe92IUYHBdv5pbI7YLnJH6Ek="
];
trusted-users = [ "builder" ];
};
};
#system.extraSystemBuilderCmds = ''
# ln -sv ${./.} $out/nixcfg
#'';
security.acme.email = "[email protected]";
security.acme.acceptTerms = true;
}