96 lines
2.7 KiB
Nix
96 lines
2.7 KiB
Nix
{ config, lib, pkgs, ... }:
|
|
|
|
let users = {
|
|
fhauser = {
|
|
uid = 1000;
|
|
isNormalUser = true;
|
|
description = "Fabian Hauser";
|
|
group = "fhauser";
|
|
extraGroups = [ "wheel" "video" "docker" "networkmanager" "libvirtd" "adbusers" ];
|
|
hashedPassword =
|
|
"$6$rounds=20000$TYZ8CojfBLwejcwn$smEJe6/anL9NGf.Ytfny14nBfhr4TRPv2XK1lgHz7yg.zQow1HACePirEjsjxzFC6vTHGaT8t2NxobUsHbWLg1";
|
|
openssh.authorizedKeys.keys = [
|
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDIPF8ZV7vhpbVvLxiKq8ANVusNUHMbtii5MuvjxCbVz7vSNVPo9OOLvYyDqhbRAWMTdQeGZVAaALBufKKmprDTRFMpnA7Ut4TFrdz/5DTaR2KEjJ7P75moH+0xooR/GsbzFGsNBSQSXK3u1igndPYEC/PqCHN++32kDo2wLqTB4VLrEovU3iq8BMckn329Bu1fGbXKTgDpEvUEEwFO2brQZLMmzILGF/v4B9ImEGtinAUNgDSfEpgPN23sdWQH9rwEClGv95JmWNf05tuVomhZzOBtCFoAno3XB1nj16avjsqJ3aGFY2CCcfsNrwKzhIotmm82bcI4BJuJIVRIKbZ1 cardno:000603507108"
|
|
];
|
|
};
|
|
|
|
empty0 = {
|
|
uid = 1003;
|
|
isNormalUser = true;
|
|
description = "Testuser empty0";
|
|
group = "empty0";
|
|
extraGroups = [ "video" ];
|
|
hashedPassword =
|
|
"$6$mlI7Au.EzmrL9uJj$vz8ujechSkx83tsFcRA8D04vh5.3ZwPlPmE.wsf2CTKvLio48a1eXtRxUHkkDfPlLAjqyJ55bSSw2lLazH9Ip/";
|
|
};
|
|
};
|
|
in {
|
|
imports = [ ../../modules ./unfree.nix ./applications.nix ./overlays.nix ];
|
|
|
|
boot.loader.timeout = 2;
|
|
boot.tmpOnTmpfs = true;
|
|
boot.kernelPackages = pkgs.linuxPackages_latest;
|
|
|
|
console.keyMap = "de_CH-latin1";
|
|
i18n.defaultLocale = "en_US.UTF-8";
|
|
|
|
users.mutableUsers = false;
|
|
users.groups = {
|
|
fhauser.gid = 1000;
|
|
empty0.gid = 1003;
|
|
};
|
|
users.users = users // {
|
|
root.openssh.authorizedKeys.keys = with lib;
|
|
concatLists (mapAttrsToList (name: user:
|
|
if elem "wheel" user.extraGroups then
|
|
user.openssh.authorizedKeys.keys
|
|
else
|
|
[ ]) users);
|
|
};
|
|
|
|
# Package management
|
|
nix = {
|
|
trustedUsers = [ "root" "@wheel" ];
|
|
gc = {
|
|
automatic = true;
|
|
dates = "weekly";
|
|
options = "--delete-older-than 60d";
|
|
};
|
|
package = pkgs.nixFlakes;
|
|
extraOptions = ''
|
|
experimental-features = nix-command flakes
|
|
'';
|
|
};
|
|
|
|
system.autoUpgrade.enable = true;
|
|
system.autoUpgrade.allowReboot = false;
|
|
|
|
# System Services
|
|
services.btrfs.autoScrub.enable = true;
|
|
services.fwupd.enable = true;
|
|
|
|
# Network services
|
|
networking.firewall = {
|
|
allowPing = true;
|
|
allowedTCPPorts = [ 22 ];
|
|
};
|
|
|
|
services.openssh = {
|
|
enable = true;
|
|
passwordAuthentication = false;
|
|
};
|
|
|
|
security.acme = {
|
|
acceptTerms = true;
|
|
email = "sysadmin@qo.is";
|
|
};
|
|
|
|
# Default Settings
|
|
environment.etc = {
|
|
gitconfig.source = ./etc/gitconfig;
|
|
vimrc.source = ./etc/vimrc;
|
|
};
|
|
|
|
programs.autojump.enable = true;
|
|
programs.vim.defaultEditor = true;
|
|
}
|