diff --git a/home/hosts/charon.nix b/home/hosts/charon.nix index aea78085..1e0835d4 100644 --- a/home/hosts/charon.nix +++ b/home/hosts/charon.nix @@ -1,70 +1,9 @@ -{ pkgs, ... }: -let - unstable = import (fetchTarball https://github.com/NixOS/nixpkgs-channels/archive/nixos-unstable.tar.gz) {}; - habitask = with pkgs; with rustPlatform; buildRustPackage rec { - name = "habitask"; - version = "0.1.0"; - src = ~/data/aktuell/it/code/habitask; - depsSha256 = "0clac943ajxns64jkdcg312a4x4jgd239jb4yd5qm32nnkj62ym7"; - cargoSha256 = "0clac943ajxns64jkdcg312a4x4jgd239jb4yd5qm32nnkj62ym7"; - buildInputs = [ openssl pkgconfig ]; - }; -in { +{ imports = [ ../snippets/everywhere.nix ../snippets/my-systems.nix + ../snippets/morgenreport.nix + ../snippets/sort-mail.nix + ../snippets/habitask.nix ]; - home.packages = [ habitask ]; - - systemd.user = { - services.morgenreport = - let - morgenreport-script = pkgs.writeShellScriptBin "morgenreport" '' - cd $HOME/data/aktuell/media/ebooks/morgenreport/ - DATE=`date +%Y-%m-%d` - ${unstable.calibre}/bin/ebook-convert $HOME/data/aktuell/it/code/calibre-recipes/morgenreport.recipe morgenreport-$DATE.mobi --output-profile=kindle_pw3 - echo "File created, sending to kindle now …" - PATH=$PATH:/run/wrappers/bin/ - echo 'Siehe Anhang' | ${pkgs.mutt}/bin/mutt -s "Morgenreport $DATE" -a morgenreport-$DATE.mobi -- maralorn@kindle.com - ''; - in { - Unit = { - Description = "Send morgenreport to kindle"; - }; - - Service = { - Type = "oneshot"; - ExecStart="/bin/sh ${morgenreport-script}/bin/morgenreport"; - }; - }; - timers.morgenreport = { - Timer = { - OnCalendar = "20:00"; - }; - }; - - services.sort-mail = - let - sort-mail-script = pkgs.writeShellScriptBin "sort-mail" '' - ${unstable.isync}/bin/mbsync -a - mv $HOME/data/aktuell/it/mail/.Move.kiva/cur/* $HOME/data/aktuell/it/mail-accounts/fb4/INBOX/new/ - mv $HOME/data/aktuell/it/mail-accounts/fb4/Move/privat/cur/* $HOME/data/aktuell/it/mail/new/ - ${unstable.isync}/bin/mbsync -a - ''; - in { - Unit = { - Description = "Sort E-Mails"; - }; - - Service = { - Type = "oneshot"; - ExecStart="/bin/sh ${sort-mail-script}/bin/sort-mail"; - }; - }; - timers.sort-mail = { - Timer = { - OnCalendar = "minutely"; - }; - }; - }; } diff --git a/home/snippets/habitask.nix b/home/snippets/habitask.nix new file mode 100644 index 00000000..75c2ece6 --- /dev/null +++ b/home/snippets/habitask.nix @@ -0,0 +1,13 @@ +let + unstable = import (fetchTarball https://github.com/NixOS/nixpkgs-channels/archive/nixos-unstable.tar.gz) {}; + habitask = with unstable; with rustPlatform; buildRustPackage rec { + name = "habitask"; + version = "0.1.0"; + src = ~/data/aktuell/it/code/habitask; + depsSha256 = "0clac943ajxns64jkdcg312a4x4jgd239jb4yd5qm32nnkj62ym7"; + cargoSha256 = "0clac943ajxns64jkdcg312a4x4jgd239jb4yd5qm32nnkj62ym7"; + buildInputs = [ openssl pkgconfig ]; + }; +in { + home.packages = [ habitask ]; +} diff --git a/home/snippets/morgenreport.nix b/home/snippets/morgenreport.nix new file mode 100644 index 00000000..3d0cd5e8 --- /dev/null +++ b/home/snippets/morgenreport.nix @@ -0,0 +1,32 @@ +{ pkgs, ... }: +let + unstable = import (fetchTarball https://github.com/NixOS/nixpkgs-channels/archive/nixos-unstable.tar.gz) {}; +in { + systemd.user = { + services.morgenreport = + let + morgenreport-script = pkgs.writeShellScriptBin "morgenreport" '' + cd $HOME/data/aktuell/media/ebooks/morgenreport/ + DATE=`date +%Y-%m-%d` + ${pkgs.calibre}/bin/ebook-convert $HOME/data/aktuell/it/code/calibre-recipes/morgenreport.recipe morgenreport-$DATE.mobi --output-profile=kindle_pw3 + echo "File created, sending to kindle now …" + PATH=$PATH:/run/wrappers/bin/ + echo 'Siehe Anhang' | ${pkgs.mutt}/bin/mutt -s "Morgenreport $DATE" -a morgenreport-$DATE.mobi -- maralorn@kindle.com + ''; + in { + Unit = { + Description = "Send morgenreport to kindle"; + }; + + Service = { + Type = "oneshot"; + ExecStart="/bin/sh ${morgenreport-script}/bin/morgenreport"; + }; + }; + timers.morgenreport = { + Timer = { + OnCalendar = "20:00"; + }; + }; + }; +} diff --git a/home/snippets/sort-mail.nix b/home/snippets/sort-mail.nix new file mode 100644 index 00000000..ce66aab0 --- /dev/null +++ b/home/snippets/sort-mail.nix @@ -0,0 +1,30 @@ +{ pkgs, ... }: +let + unstable = import (fetchTarball https://github.com/NixOS/nixpkgs-channels/archive/nixos-unstable.tar.gz) {}; +in { + systemd.user = { + services.sort-mail = + let + sort-mail-script = pkgs.writeShellScriptBin "sort-mail" '' + ${unstable.isync}/bin/mbsync -a + mv $HOME/data/aktuell/it/mail/.Move.kiva/cur/* $HOME/data/aktuell/it/mail-accounts/fb4/INBOX/new/ + mv $HOME/data/aktuell/it/mail-accounts/fb4/Move/privat/cur/* $HOME/data/aktuell/it/mail/new/ + ${unstable.isync}/bin/mbsync -a + ''; + in { + Unit = { + Description = "Sort E-Mails"; + }; + + Service = { + Type = "oneshot"; + ExecStart="/bin/sh ${sort-mail-script}/bin/sort-mail"; + }; + }; + timers.sort-mail = { + Timer = { + OnCalendar = "minutely"; + }; + }; + }; +} diff --git a/system/hosts/charon/configuration.nix b/system/hosts/charon/configuration.nix index 52cbd10b..db24ee4e 100644 --- a/system/hosts/charon/configuration.nix +++ b/system/hosts/charon/configuration.nix @@ -1,8 +1,5 @@ { config, pkgs, ... }: -let - unstable = import (fetchTarball https://github.com/NixOS/nixpkgs-channels/archive/nixos-unstable.tar.gz) {}; -in { system.stateVersion = "17.03"; @@ -26,13 +23,15 @@ in ../../snippets/common.nix ../../snippets/init_ssh.nix /etc/nixos/local/config.nix + ./dav.nix + ./mail.nix + ./matrix.nix + ./web.nix ]; boot.initrd.network.postCommands = "ip address add 2001:19f0:6c01:b0d::b007/64 dev eth0"; boot.initrd.postMountCommands = "ip link set eth0 down"; - networking.firewall.allowedTCPPorts = [ 25 80 587 443 993 8448 22000 ]; - users.users = { choreutes = { description = "Tobias Schmalz"; @@ -44,160 +43,8 @@ in isNormalUser = true; passwordFile = "/etc/nixos/local/pw-swantje"; }; - dovecot2.extraGroups = ["certs"]; - postfix.extraGroups = ["certs"]; - matrix-synapse.extraGroups = ["certs"]; - }; - users.groups = { - certs = {}; - }; - security.acme.certs = { - "charon.olymp.space" = { - email = "malte.brandy@maralorn.de"; - postRun = "systemctl restart postfix dovecot2"; - allowKeysForGroup = true; - group = "certs"; - extraDomains = { - "maralorn.de" = null; - }; - }; - "matrix.maralorn.de" = { - email = "malte.brandy@maralorn.de"; - postRun = "systemctl restart matrix-synapse"; - allowKeysForGroup = true; - group = "certs"; - extraDomains = { - "maralorn.de" = null; - }; - }; }; services = { - radicale = { - enable = true; - package = pkgs.radicale2; - config = '' - [auth] - type = http_x_remote_user - ''; - }; - nginx = { - enable = true; - virtualHosts."mathechor.de" = { - serverAliases = ["www.mathechor.de"]; - forceSSL = true; - enableACME = true; - locations = { - "~* Makefile".extraConfig = "deny all;"; - "/" = { - root = "/var/www/mathechor/public"; - index = "index.html"; - extraConfig = "location ~* \.(otf)$ {add_header Access-Control-Allow-Origin *;}"; - }; - }; - }; - virtualHosts."intern.mathechor.de" = { - forceSSL = true; - enableACME = true; - # See /etc/nixos/local/ für basic_auth pw. - locations = { - "~* Makefile".extraConfig = "deny all;"; - "/" = { - root = "/var/www/mathechor/intern"; - index = "index.html"; - }; - "/mathechor.ics" = { - proxyPass ="http://127.0.0.1:5232/maralorn/23e21619-29c6-17eb-043f-8ab5af00b46b/"; - extraConfig = '' - proxy_set_header X-Remote-User maralorn; - ''; - }; - }; - }; - virtualHosts."dav.maralorn.de" = { - forceSSL = true; - enableACME = true; - # See /etc/nixos/local/ für basic_auth pw. - locations."/" = { - proxyPass = "http://127.0.0.1:5232"; - extraConfig = "proxy_set_header X-Remote-User $remote_user;"; - }; - }; - virtualHosts."blog.maralorn.de" = { - forceSSL = true; - enableACME = true; - locations = { - "/" = { - root = "/var/www/blog/output"; - index = "index.html"; - }; - }; - }; - virtualHosts."charon.olymp.space" = { - forceSSL = true; - enableACME = true; - default = true; - locations = { - "/ved.ics" = { - proxyPass ="http://127.0.0.1:5232/maralorn/5a155c2c-1d87-e50d-874c-63f8858d1302/"; - extraConfig = '' - proxy_set_header X-Remote-User maralorn; - ''; - }; - }; - }; - virtualHosts."matrix.maralorn.de" = { - forceSSL = true; - enableACME = true; - locations = { - "/_matrix" = { - proxyPass = "http://[::1]:8008"; - extraConfig = '' - proxy_http_version 1.1; - proxy_set_header X-Forwarded-For $remote_addr; - ''; - }; - }; - }; - }; - - # Postgres - postgresql = { - enable = true; - package = pkgs.postgresql96; - }; - - # Synapse - matrix-synapse = { - enable = true; - package = unstable.matrix-synapse; - server_name = "maralorn.de"; - database_type = "psycopg2"; - max_upload_size = "30M"; - database_args = { - user = "matrix-synapse"; - database = "matrix-synapse"; - cp_min = "5"; - cp_max = "10"; - }; - report_stats = true; - tls_certificate_path = "/var/lib/acme/matrix.maralorn.de/fullchain.pem"; - tls_private_key_path = "/var/lib/acme/matrix.maralorn.de/key.pem"; - listeners = [ - { - port = 8448; - bind_address = "::"; - resources = [ { compress = true; names = [ "client" ]; } { compress = false; names = [ "federation" ]; } ]; - x_forwarded = false; - } - { - port = 8008; - bind_address = "::1"; - resources = [ { compress = false; names = [ "client" ]; } { compress = false; names = [ "federation" ]; } ]; - x_forwarded = true; - tls = false; - } - ]; - }; # Taskserver # taskserver = { @@ -207,85 +54,6 @@ in # organisations.users.users = [ "maralorn" ]; # config = { request.limit = 0; }; # }; - - # Mailserver - rspamd.enable = true; - rmilter = { - enable = true; - socketActivation = false; - rspamd = { - extraConfig = '' - extended_spam_headers = yes; - ''; - enable = true; - }; - postfix.enable = true; - }; - dovecot2 = { - enable = true; - enablePop3 = false; - modules = [ pkgs.dovecot_pigeonhole ]; - sslServerCert = "/var/lib/acme/charon.olymp.space/fullchain.pem"; - sslServerKey = "/var/lib/acme/charon.olymp.space/key.pem"; - extraConfig = - '' - ssl = required - service auth { - unix_listener /var/lib/postfix/queue/private/auth { - mode = 0660 - user = postfix - group = postfix - } - } - protocol lda { - mail_plugins = $mail_plugins sieve - } - plugin { - sieve_extensions = +vnd.dovecot.duplicate - } - ''; - }; - postfix = { - enable = true; - enableSubmission = true; - rootAlias = "maralorn"; - sslCert = "/var/lib/acme/charon.olymp.space/fullchain.pem"; - sslKey = "/var/lib/acme/charon.olymp.space/key.pem"; - extraAliases = - '' -junge-erwachsene: :include:/etc/nixos/local/lists/junge-erwachsene -je-orga: :include:/etc/nixos/local/lists/je-orga - ''; - lookupMX = true; - extraConfig = - '' -message_size_limit = 30720000 - -mailbox_command = ${pkgs.dovecot}/libexec/dovecot/dovecot-lda -f "$SENDER" -a "$RECIPIENT" -d "$USER" - -virtual_alias_domains = maralorn.de, choreutes.de, olymp.space, mathechor.de -smtp_bind_address6 = 2001:19f0:6c01:b0d::1 -smtp_tls_security_level = may -smtpd_tls_security_level = may - ''; - virtual = - '' -junge-erwachsene@maralorn.de junge-erwachsene -je-orga@maralorn.de je-orga -@maralorn.de maralorn -@mathechor.de maralorn -@olymp.space maralorn -@choreutes.de choreutes - ''; - submissionOptions = { - milter_macro_daemon_name = "ORIGINATING"; - smtpd_tls_security_level = "encrypt"; - smtpd_sasl_type = "dovecot"; - smtpd_sasl_auth_enable = "yes"; - smtpd_sasl_path = "private/auth"; - smtpd_recipient_restrictions = "permit_sasl_authenticated,reject"; - }; - }; }; boot.loader.grub = { diff --git a/system/hosts/charon/dav.nix b/system/hosts/charon/dav.nix new file mode 100644 index 00000000..b5f95e70 --- /dev/null +++ b/system/hosts/charon/dav.nix @@ -0,0 +1,24 @@ +{ pkgs, ... }: +{ + services = { + radicale = { + enable = true; + package = pkgs.radicale2; + config = '' + [auth] + type = http_x_remote_user + ''; + }; + nginx = { + virtualHosts."dav.maralorn.de" = { + forceSSL = true; + enableACME = true; + # See /etc/nixos/local/ für basic_auth pw. + locations."/" = { + proxyPass = "http://127.0.0.1:5232"; + extraConfig = "proxy_set_header X-Remote-User $remote_user;"; + }; + }; + }; + }; +} diff --git a/system/hosts/charon/mail.nix b/system/hosts/charon/mail.nix new file mode 100644 index 00000000..39c80362 --- /dev/null +++ b/system/hosts/charon/mail.nix @@ -0,0 +1,110 @@ +{ config, pkgs, ... }: + +let + unstable = import (fetchTarball https://github.com/NixOS/nixpkgs-channels/archive/nixos-unstable.tar.gz) {}; +in +{ + networking.firewall.allowedTCPPorts = [ 25 587 443 993 ]; + + users.users = { + dovecot2.extraGroups = ["mail-cert"]; + postfix.extraGroups = ["mail-cert"]; + }; + + users.groups = { + mail-cert = {}; + }; + + security.acme.certs = { + "charon.olymp.space" = { + email = "malte.brandy@maralorn.de"; + postRun = "systemctl restart postfix dovecot2"; + allowKeysForGroup = true; + group = "mail-cert"; + extraDomains = { + "maralorn.de" = null; + }; + }; + }; + + services = { + # Mailserver + rspamd.enable = true; + rmilter = { + enable = true; + socketActivation = false; + rspamd = { + extraConfig = '' + extended_spam_headers = yes; + ''; + enable = true; + }; + postfix.enable = true; + }; + dovecot2 = { + enable = true; + enablePop3 = false; + modules = [ pkgs.dovecot_pigeonhole ]; + sslServerCert = "/var/lib/acme/charon.olymp.space/fullchain.pem"; + sslServerKey = "/var/lib/acme/charon.olymp.space/key.pem"; + extraConfig = + '' + ssl = required + service auth { + unix_listener /var/lib/postfix/queue/private/auth { + mode = 0660 + user = postfix + group = postfix + } + } + protocol lda { + mail_plugins = $mail_plugins sieve + } + plugin { + sieve_extensions = +vnd.dovecot.duplicate + } + ''; + }; + postfix = { + enable = true; + enableSubmission = true; + rootAlias = "maralorn"; + sslCert = "/var/lib/acme/charon.olymp.space/fullchain.pem"; + sslKey = "/var/lib/acme/charon.olymp.space/key.pem"; + extraAliases = + '' +junge-erwachsene: :include:/etc/nixos/local/lists/junge-erwachsene +je-orga: :include:/etc/nixos/local/lists/je-orga + ''; + lookupMX = true; + extraConfig = + '' +message_size_limit = 30720000 + +mailbox_command = ${pkgs.dovecot}/libexec/dovecot/dovecot-lda -f "$SENDER" -a "$RECIPIENT" -d "$USER" + +virtual_alias_domains = maralorn.de, choreutes.de, olymp.space, mathechor.de +smtp_bind_address6 = 2001:19f0:6c01:b0d::1 +smtp_tls_security_level = may +smtpd_tls_security_level = may + ''; + virtual = + '' +junge-erwachsene@maralorn.de junge-erwachsene +je-orga@maralorn.de je-orga +@maralorn.de maralorn +@mathechor.de maralorn +@olymp.space maralorn +@choreutes.de choreutes + ''; + submissionOptions = { + milter_macro_daemon_name = "ORIGINATING"; + smtpd_tls_security_level = "encrypt"; + smtpd_sasl_type = "dovecot"; + smtpd_sasl_auth_enable = "yes"; + smtpd_sasl_path = "private/auth"; + smtpd_recipient_restrictions = "permit_sasl_authenticated,reject"; + }; + }; + }; +} diff --git a/system/hosts/charon/matrix.nix b/system/hosts/charon/matrix.nix new file mode 100644 index 00000000..3ccc3959 --- /dev/null +++ b/system/hosts/charon/matrix.nix @@ -0,0 +1,85 @@ +{ config, pkgs, ... }: + +let + unstable = import (fetchTarball https://github.com/NixOS/nixpkgs-channels/archive/nixos-unstable.tar.gz) {}; +in +{ + networking.firewall.allowedTCPPorts = [ 8448 ]; + + users.users = { + matrix-synapse.extraGroups = ["matrix-cert"]; + }; + + users.groups = { + matrix-cert = {}; + }; + + security.acme.certs = { + "matrix.maralorn.de" = { + email = "malte.brandy@maralorn.de"; + postRun = "systemctl restart matrix-synapse"; + allowKeysForGroup = true; + group = "matrix-cert"; + extraDomains = { + "maralorn.de" = null; + }; + }; + }; + services = { + nginx = { + enable = true; + virtualHosts."matrix.maralorn.de" = { + forceSSL = true; + enableACME = true; + locations = { + "/_matrix" = { + proxyPass = "http://[::1]:8008"; + extraConfig = '' + proxy_http_version 1.1; + proxy_set_header X-Forwarded-For $remote_addr; + ''; + }; + }; + }; + }; + + # Postgres + postgresql = { + enable = true; + package = pkgs.postgresql96; + }; + + # Synapse + matrix-synapse = { + enable = true; + package = unstable.matrix-synapse; + server_name = "maralorn.de"; + database_type = "psycopg2"; + max_upload_size = "30M"; + database_args = { + user = "matrix-synapse"; + database = "matrix-synapse"; + cp_min = "5"; + cp_max = "10"; + }; + report_stats = true; + tls_certificate_path = "/var/lib/acme/matrix.maralorn.de/fullchain.pem"; + tls_private_key_path = "/var/lib/acme/matrix.maralorn.de/key.pem"; + listeners = [ + { + port = 8448; + bind_address = "::"; + resources = [ { compress = true; names = [ "client" ]; } { compress = false; names = [ "federation" ]; } ]; + x_forwarded = false; + } + { + port = 8008; + bind_address = "::1"; + resources = [ { compress = false; names = [ "client" ]; } { compress = false; names = [ "federation" ]; } ]; + x_forwarded = true; + tls = false; + } + ]; + }; + }; +} diff --git a/system/hosts/charon/web.nix b/system/hosts/charon/web.nix new file mode 100644 index 00000000..950a8e5d --- /dev/null +++ b/system/hosts/charon/web.nix @@ -0,0 +1,63 @@ +{ + networking.firewall.allowedTCPPorts = [ 80 443 ]; + + services = { + nginx = { + enable = true; + virtualHosts."mathechor.de" = { + serverAliases = ["www.mathechor.de"]; + forceSSL = true; + enableACME = true; + locations = { + "~* Makefile".extraConfig = "deny all;"; + "/" = { + root = "/var/www/mathechor/public"; + index = "index.html"; + extraConfig = "location ~* \.(otf)$ {add_header Access-Control-Allow-Origin *;}"; + }; + }; + }; + virtualHosts."intern.mathechor.de" = { + forceSSL = true; + enableACME = true; + # See /etc/nixos/local/ für basic_auth pw. + locations = { + "~* Makefile".extraConfig = "deny all;"; + "/" = { + root = "/var/www/mathechor/intern"; + index = "index.html"; + }; + "/mathechor.ics" = { + proxyPass ="http://127.0.0.1:5232/maralorn/23e21619-29c6-17eb-043f-8ab5af00b46b/"; + extraConfig = '' + proxy_set_header X-Remote-User maralorn; + ''; + }; + }; + }; + virtualHosts."blog.maralorn.de" = { + forceSSL = true; + enableACME = true; + locations = { + "/" = { + root = "/var/www/blog/output"; + index = "index.html"; + }; + }; + }; + virtualHosts."charon.olymp.space" = { + forceSSL = true; + enableACME = true; + default = true; + locations = { + "/ved.ics" = { + proxyPass ="http://127.0.0.1:5232/maralorn/5a155c2c-1d87-e50d-874c-63f8858d1302/"; + extraConfig = '' + proxy_set_header X-Remote-User maralorn; + ''; + }; + }; + }; + }; + }; +} diff --git a/system/snippets/admin.nix b/system/snippets/admin.nix new file mode 100644 index 00000000..9fce08ea --- /dev/null +++ b/system/snippets/admin.nix @@ -0,0 +1,23 @@ +let + keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+jbK/gzzarMHQc9R++i+llMHIh34lXr7FjIyjCdVjnLjKDE3mdJ6mh7JTJc9njn7s+6kZ7FAoDWe9QValR0OUlE3TRAD3wtu0Kud7LUPsR961Go84yRw3mVMZpJFJHYb4p2bTPcMMgFnj8+b5RfWJ1GU5gMOT7EIkpmytpien/IvBig8dzNQ152YQU9xiQ9dZspsMiSMP0pt5mU5tqGGA/5WCXgUPk19OhhEkak/VMNFPnRysk5ofmYWbitShciMAnTx1UHyDYCzbiHHN8Ud9UxkSVoR+q9RYbMfXsW04z5z8sRna1xDo8N9c3bZgcUXIBlIVBJPOaABpXO6+Ke3X pegasus" + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+r1uf2Wuw3CwXS8HaU5fl99LL74Xnblr0SWoUGKHKoRqgtNg/a+Z++l87UhqBGm9eYuFLSYGRzzQiffGbtfRT/18G/pixiPYPQCOQp7lWRguGjs4ejGzgIy9CrAXEKDwI6294tvX/8WiQLckROYE2gVKyA70yM0QmlozwqU9mzsky81EwDOtltsQGbBTswVuzNHqMgZsDTg+aBd66qUSRWMgh3PfvQyJPd+EUrsQzdt6lTx1A/Vg2oPXP3xZIKpbgQzDXxtzz1a7H/QYkJkkjefAFeMa3Z+PpP4zFV0Wnrn3Ny4sC4kjgywt1CPwJX7WnrZxpQ3cmg3G/08MAl+wp maralorn@apollo" + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCvKq3AkhHDKTPMKhXZfZhLhgwqk186h1R/j2rDNYPqsh73AnfiyTZQQqX4O7chkFCEFsBmDrpaOg1fnzIA0OGYIx02KwUQa8W/1eC4AsgDVQGdRCVKNQ+LFrtFQB0yjzO1zzXMpp3/BhfkwftyrAPP431icum/bMgpfz+QexeSbmmQUXVydcSK02YLJHbDwaF2FxTD1gfoLcCdW36VCp6xBPDVrvlp6z9mU+TZS0UxG8ruh3Q9FFGQqJ6NTy14dj4H5pHW9toFB3uDqBltfoN6azW+DylyxgM6/0PwQn3rALmPv3Ye/Wp/p12o0YhFXWbFRhnrSv1zomU/xjSm0LXz brandy@fb04217" ]; + pw-file = "/etc/nixos/local/pw-maralorn"; +in +{ + users.users = { + maralorn = { + description = "Malte Brandy"; + isNormalUser = true; + uid = 1000; + extraGroups = [ "wheel" "systemd-journal" "networkmanager" "docker" ]; + openssh.authorizedKeys.keys = keys; + passwordFile = pw-file; + }; + root = { + openssh.authorizedKeys.keys = keys; + passwordFile = pw-file; + }; + }; +} diff --git a/system/snippets/common.nix b/system/snippets/common.nix index a7c09b09..f06f927e 100644 --- a/system/snippets/common.nix +++ b/system/snippets/common.nix @@ -1,14 +1,14 @@ { pkgs, ... }: -let - unstable = import (fetchTarball https://github.com/NixOS/nixpkgs-channels/archive/nixos-unstable.tar.gz) {}; -in { + imports = [ + ./admin.nix + ./syncthing.nix + ]; i18n = { defaultLocale = "en_US.UTF-8"; }; time.timeZone = "Europe/Berlin"; - boot.kernel.sysctl = { "fs.inotify.max_user_watches" = 204800; }; # So that boot does not fill up with old kernels boot.loader.grub.configurationLimit = 5; @@ -27,41 +27,12 @@ in users = { defaultUserShell = pkgs.zsh; mutableUsers = false; - users = - let keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+jbK/gzzarMHQc9R++i+llMHIh34lXr7FjIyjCdVjnLjKDE3mdJ6mh7JTJc9njn7s+6kZ7FAoDWe9QValR0OUlE3TRAD3wtu0Kud7LUPsR961Go84yRw3mVMZpJFJHYb4p2bTPcMMgFnj8+b5RfWJ1GU5gMOT7EIkpmytpien/IvBig8dzNQ152YQU9xiQ9dZspsMiSMP0pt5mU5tqGGA/5WCXgUPk19OhhEkak/VMNFPnRysk5ofmYWbitShciMAnTx1UHyDYCzbiHHN8Ud9UxkSVoR+q9RYbMfXsW04z5z8sRna1xDo8N9c3bZgcUXIBlIVBJPOaABpXO6+Ke3X pegasus" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+r1uf2Wuw3CwXS8HaU5fl99LL74Xnblr0SWoUGKHKoRqgtNg/a+Z++l87UhqBGm9eYuFLSYGRzzQiffGbtfRT/18G/pixiPYPQCOQp7lWRguGjs4ejGzgIy9CrAXEKDwI6294tvX/8WiQLckROYE2gVKyA70yM0QmlozwqU9mzsky81EwDOtltsQGbBTswVuzNHqMgZsDTg+aBd66qUSRWMgh3PfvQyJPd+EUrsQzdt6lTx1A/Vg2oPXP3xZIKpbgQzDXxtzz1a7H/QYkJkkjefAFeMa3Z+PpP4zFV0Wnrn3Ny4sC4kjgywt1CPwJX7WnrZxpQ3cmg3G/08MAl+wp maralorn@apollo" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCvKq3AkhHDKTPMKhXZfZhLhgwqk186h1R/j2rDNYPqsh73AnfiyTZQQqX4O7chkFCEFsBmDrpaOg1fnzIA0OGYIx02KwUQa8W/1eC4AsgDVQGdRCVKNQ+LFrtFQB0yjzO1zzXMpp3/BhfkwftyrAPP431icum/bMgpfz+QexeSbmmQUXVydcSK02YLJHbDwaF2FxTD1gfoLcCdW36VCp6xBPDVrvlp6z9mU+TZS0UxG8ruh3Q9FFGQqJ6NTy14dj4H5pHW9toFB3uDqBltfoN6azW+DylyxgM6/0PwQn3rALmPv3Ye/Wp/p12o0YhFXWbFRhnrSv1zomU/xjSm0LXz brandy@fb04217" ]; - pw-file = "/etc/nixos/local/pw-maralorn"; - in { - maralorn = { - description = "Malte Brandy"; - isNormalUser = true; - uid = 1000; - extraGroups = [ "wheel" "systemd-journal" "networkmanager" "docker" ]; - openssh.authorizedKeys.keys = keys; - passwordFile = pw-file; - }; - root = { - openssh.authorizedKeys.keys = keys; - passwordFile = pw-file; - }; - }; }; networking.firewall.allowPing = true; services = { sshd.enable = true; - syncthing = { - dataDir = "/home/maralorn/.config/syncthing"; - enable = true; - group = "users"; - user = "maralorn"; - openDefaultPorts = true; - useInotify = true; - package = unstable.syncthing; - }; }; environment = { diff --git a/system/snippets/syncthing.nix b/system/snippets/syncthing.nix new file mode 100644 index 00000000..3410336f --- /dev/null +++ b/system/snippets/syncthing.nix @@ -0,0 +1,17 @@ +let + unstable = import (fetchTarball https://github.com/NixOS/nixpkgs-channels/archive/nixos-unstable.tar.gz) {}; +in +{ + boot.kernel.sysctl = { "fs.inotify.max_user_watches" = 204800; }; + services = { + syncthing = { + dataDir = "/home/maralorn/.config/syncthing"; + enable = true; + group = "users"; + user = "maralorn"; + openDefaultPorts = true; + useInotify = true; + package = unstable.syncthing; + }; + }; +}