Initial commit

.gitmodules

@@ -0,0 +1,6 @@
+[submodule "system/modules/cdarknet/nixdark"]
+	path = system/modules/cdarknet/nixdark
+	url = git@git.darmstadt.ccc.de:cdark.net/nixdark
+[submodule "system/modules/cdarknet/hosts"]
+	path = system/modules/cdarknet/hosts
+	url = git@git.darmstadt.ccc.de:cdark.net/hosts

home/hosts/apollo.nix

@@ -0,0 +1,9 @@
+{ pkgs, ... }:
+let
+  unstable = import (fetchTarball https://github.com/NixOS/nixpkgs-channels/archive/nixos-unstable.tar.gz) {};
+in {
+  imports = [
+    ../snippets/everywhere.nix
+    ../snippets/my-systems.nix
+  ];
+}

home/hosts/charon.nix

@@ -0,0 +1,70 @@
+{ pkgs, ... }:
+let
+  unstable = import (fetchTarball https://github.com/NixOS/nixpkgs-channels/archive/nixos-unstable.tar.gz) {};
+  habitask = with pkgs; with unstable.rustPlatform; buildRustPackage rec {
+     name = "habitask";
+     version = "0.1.0";
+     src = ~/data/aktuell/it/code/habitask;
+     depsSha256 = "0clac943ajxns64jkdcg312a4x4jgd239jb4yd5qm32nnkj62ym7";
+     cargoSha256 = "0clac943ajxns64jkdcg312a4x4jgd239jb4yd5qm32nnkj62ym7";
+     buildInputs = [ openssl pkgconfig ];
+  };
+in {
+  imports = [
+    ../snippets/everywhere.nix
+    ../snippets/my-systems.nix
+  ];
+  home.packages = [ habitask ];
+
+  systemd.user = {
+    services.morgenreport =
+    let
+    morgenreport-script = pkgs.writeShellScriptBin "morgenreport" ''
+        cd $HOME/data/aktuell/media/ebooks/morgenreport/
+        DATE=`date +%Y-%m-%d`
+        ${unstable.calibre}/bin/ebook-convert $HOME/data/aktuell/it/code/calibre-recipes/morgenreport.recipe morgenreport-$DATE.mobi --output-profile=kindle_pw3
+        echo "File created, sending to kindle now …"
+        PATH=$PATH:/run/wrappers/bin/
+        echo 'Siehe Anhang' | ${pkgs.mutt}/bin/mutt -s "Morgenreport $DATE" -a morgenreport-$DATE.mobi -- maralorn@kindle.com
+      '';
+    in {
+      Unit = {
+        Description = "Send morgenreport to kindle";
+      };
+
+      Service = {
+        Type = "oneshot";
+        ExecStart="/bin/sh ${morgenreport-script}/bin/morgenreport";
+      };
+    };
+    timers.morgenreport = {
+      Timer = {
+        OnCalendar = "20:00";
+      };
+    };
+
+    services.sort-mail =
+    let
+      sort-mail-script = pkgs.writeShellScriptBin "sort-mail" ''
+        ${unstable.isync}/bin/mbsync -a
+        mv $HOME/data/aktuell/it/mail/.Move.kiva/cur/* $HOME/data/aktuell/it/mail-accounts/fb4/INBOX/new/
+        mv $HOME/data/aktuell/it/mail-accounts/fb4/Move/privat/cur/* $HOME/data/aktuell/it/mail/new/
+        ${unstable.isync}/bin/mbsync -a
+      '';
+    in {
+      Unit = {
+        Description = "Sort E-Mails";
+      };
+
+      Service = {
+        Type = "oneshot";
+        ExecStart="/bin/sh ${sort-mail-script}/bin/sort-mail";
+      };
+    };
+    timers.sort-mail = {
+      Timer = {
+        OnCalendar = "minutely";
+      };
+    };
+  };
+}

home/hosts/fb4.nix

@@ -0,0 +1,11 @@
+{ pkgs, ... }:
+{
+imports = [
+    ../snippets/everywhere.nix
+    ../snippets/graphical.nix
+  ];
+  home.packages = with pkgs; [
+    xautolock
+    syncthing
+  ];
+}

home/snippets/everywhere.nix

@@ -0,0 +1,31 @@
+{ pkgs, ... }:
+{
+  programs.home-manager = {
+    enable = true;
+    path = https://github.com/rycee/home-manager/archive/release-17.09.tar.gz;
+  };
+  systemd.user.startServices = true;
+
+  home.packages = with pkgs; [
+    htop
+    tree
+    rxvt_unicode.terminfo
+
+    socat
+    nmap
+    tcpdump
+
+    rcm
+    tmux
+    tig
+
+    neovim
+    taskwarrior
+
+    vimPlugins.vundle
+    vimPlugins.deoplete-nvim
+    vimPlugins.vim-nix
+    pythonPackages.qrcode
+    ranger
+  ];
+}

home/snippets/graphical.nix

@@ -0,0 +1,21 @@
+{ pkgs, ... }:
+let
+  unstable = import (fetchTarball https://github.com/NixOS/nixpkgs-channels/archive/nixos-unstable.tar.gz) {};
+  tasktree = with pkgs; with rustPlatform; buildRustPackage rec {
+    name = "tasktree";
+    version = "0.1.0";
+    src = ~/data/aktuell/it/code/tasktree;
+    depsSha256 = "";
+    cargoSha256 = "";
+    buildInputs = [ gnome3.gtk atk cairo gdk_pixbuf glib pango ];
+  };
+in {
+  home.packages = with pkgs; [
+    vimPlugins.vimtex
+    redshift
+    python27Packages.syncthing-gtk
+    rxvt_unicode
+    tasktree
+    gnome3.gnome_terminal
+  ];
+}

home/snippets/my-systems.nix

@@ -0,0 +1,11 @@
+{ pkgs, ... }:
+{
+  home.packages = with pkgs; [
+    gnupg
+    pass
+    mutt
+    sshuttle
+    mtr
+    youtubeDL
+  ];
+}

system/hosts/apollo/configuration.nix

@@ -0,0 +1,79 @@
+{ config, pkgs, ... }:
+{
+
+networking = {
+	hostName = "apollo";
+	networkmanager.enable = true;
+	hostId = "38d29f92";
+};
+
+i18n.consoleKeyMap = "neo";
+
+imports = [
+   ./hardware-configuration.nix
+   ../modules/cdarknet
+   ../snippets/common.nix
+];
+
+# Use the systemd-boot EFI boot loader.
+boot = {
+	loader = {
+		systemd-boot.enable = true;
+		efi.canTouchEfiVariables = true;
+	};
+	supportedFilesystems = [ "zfs" "exfat" ];
+};
+
+environment.systemPackages = with pkgs; [
+	zfstools
+	gnome3.caribou
+   xournal
+];
+
+security.rngd.enable = true;
+
+programs.gnupg.agent = {
+	enable = true;
+};
+
+cdark_net = {
+  enable = true;
+  hostName = "maralorn_apollo";
+  ed25519PrivateKeyFile = /etc/nixos/local/tinc/ed25519_key.priv;
+  hostsDirectory = /etc/nixos/config/cdarknet/hosts;
+  ip6address = "fd23:42:cda:4342::2";
+  ip4address = "172.20.71.2";
+};
+
+
+services = {
+   printing = {
+     enable = true;
+     drivers = [pkgs.hplip];
+   };
+	xserver = {
+		enable = true;
+		layout = "de";
+		xkbVariant = "neo";
+		desktopManager.gnome3.enable = true;
+      displayManager.gdm = {
+        autoLogin = {
+          delay = 3;
+          enable = true;
+          user = "maralorn";
+        };
+        wayland = false;
+        enable = true;
+      };
+		libinput.enable = true;
+		config = ''
+			Section "InputClass"
+			Identifier "Enable libinput for TrackPoint"
+			MatchIsPointer "on"
+			Driver "libinput"
+			EndSection
+		'';
+	};
+};
+#virtualisation.docker.enable = true;
+}

system/hosts/apollo/hardware-configuration.nix

@@ -0,0 +1,31 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, ... }:
+
+{
+  imports =
+    [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/d01fd9f1-f5b1-4199-a736-54c1698682d7";
+      fsType = "ext4";
+    };
+
+  boot.initrd.luks.devices."nixos".device = "/dev/disk/by-uuid/d10217d6-d703-42d3-af7d-2f5d06095ff3";
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/F51A-2EE0";
+      fsType = "vfat";
+    };
+
+  swapDevices = [ ];
+
+  nix.maxJobs = lib.mkDefault 4;
+  powerManagement.cpuFreqGovernor = "powersave";
+}

system/hosts/charon/configuration.nix

@@ -0,0 +1,297 @@
+{ config, pkgs, ... }:
+
+let
+   unstable = import (fetchTarball https://github.com/NixOS/nixpkgs-channels/archive/nixos-unstable.tar.gz) {};
+in
+{
+  system.stateVersion = "17.03";
+
+  networking = {
+    hostName = "charon.olymp.space";
+
+    interfaces.ens3 = {
+      ip4 = [ { address = "45.32.154.139"; prefixLength = 22; } ];
+      ip6 = [ { address = "2001:19f0:6c01:b0d::1"; prefixLength = 64; } ];
+    };
+    defaultGateway = "45.32.152.1";
+    nameservers = [ "108.61.10.10" "2001:19f0:300:1704::6" ];
+  };
+
+  environment.systemPackages = with pkgs; [
+    pandoc
+  ];
+
+  imports = [
+    ./hardware-configuration.nix
+    ../snippets/common.nix
+    ../snippets/init_ssh.nix
+    /etc/nixos/local/config.nix
+  ];
+
+  boot.initrd.network.postCommands = "ip address add 2001:19f0:6c01:b0d::b007/64 dev eth0";
+  boot.initrd.postMountCommands = "ip link set eth0 down";
+
+  networking.firewall.allowedTCPPorts = [ 25 80 587 443 993 8448 22000 ];
+
+  users.users = {
+    choreutes = {
+      description = "Tobias Schmalz";
+      isNormalUser = true;
+      passwordFile = "/etc/nixos/local/pw-choreutes";
+    };
+    swantje = {
+      description = "Swantje Mahncke";
+      isNormalUser = true;
+      passwordFile = "/etc/nixos/local/pw-swantje";
+    };
+    dovecot2.extraGroups = ["certs"];
+    postfix.extraGroups = ["certs"];
+    matrix-synapse.extraGroups = ["certs"];
+  };
+  users.groups = {
+    certs = {};
+  };
+  security.acme.certs = {
+    "charon.olymp.space" = {
+      email = "malte.brandy@maralorn.de";
+      postRun = "systemctl restart postfix dovecot2";
+      allowKeysForGroup = true;
+      group = "certs";
+      extraDomains = {
+        "maralorn.de" = null;
+      };
+    };
+    "matrix.maralorn.de" = {
+      email = "malte.brandy@maralorn.de";
+      postRun = "systemctl restart matrix-synapse";
+      allowKeysForGroup = true;
+      group = "certs";
+      extraDomains = {
+        "maralorn.de" = null;
+      };
+    };
+  };
+  services = {
+    radicale = {
+      enable = true;
+      package = pkgs.radicale2;
+      config = ''
+        [auth]
+        type = http_x_remote_user
+      '';
+    };
+    nginx = {
+      enable = true;
+      virtualHosts."mathechor.de" = {
+        serverAliases = ["www.mathechor.de"];
+        forceSSL = true;
+        enableACME = true;
+        locations = {
+          "~* Makefile".extraConfig = "deny all;";
+          "/" = {
+            root = "/var/www/mathechor/public";
+            index = "index.html";
+            extraConfig = "location ~* \.(otf)$ {add_header Access-Control-Allow-Origin *;}";
+          };
+        };
+      };
+      virtualHosts."intern.mathechor.de" = {
+        forceSSL = true;
+        enableACME = true;
+        # See /etc/nixos/local/ für basic_auth pw.
+        locations = {
+          "~* Makefile".extraConfig = "deny all;";
+          "/" = {
+            root = "/var/www/mathechor/intern";
+            index = "index.html";
+          };
+          "/mathechor.ics" = {
+            proxyPass ="http://127.0.0.1:5232/maralorn/23e21619-29c6-17eb-043f-8ab5af00b46b/";
+            extraConfig = ''
+              proxy_set_header     X-Remote-User maralorn;
+            '';
+          };
+        };
+      };
+      virtualHosts."dav.maralorn.de" = {
+        forceSSL = true;
+        enableACME = true;
+        # See /etc/nixos/local/ für basic_auth pw.
+        locations."/" = {
+          proxyPass = "http://127.0.0.1:5232";
+          extraConfig = "proxy_set_header     X-Remote-User $remote_user;";
+        };
+      };
+      virtualHosts."blog.maralorn.de" = {
+        forceSSL = true;
+        enableACME = true;
+        locations = {
+          "/" = {
+            root = "/var/www/blog/output";
+            index = "index.html";
+          };
+        };
+      };
+      virtualHosts."charon.olymp.space" = {
+        forceSSL = true;
+        enableACME = true;
+        default = true;
+        locations = {
+          "/ved.ics" = {
+            proxyPass ="http://127.0.0.1:5232/maralorn/5a155c2c-1d87-e50d-874c-63f8858d1302/";
+            extraConfig = ''
+              proxy_set_header     X-Remote-User maralorn;
+            '';
+          };
+        };
+      };
+      virtualHosts."matrix.maralorn.de" = {
+        forceSSL = true;
+        enableACME = true;
+        locations = {
+          "/_matrix" = {
+            proxyPass = "http://[::1]:8008";
+            extraConfig = ''
+              proxy_http_version 1.1;
+              proxy_set_header X-Forwarded-For $remote_addr;
+            '';
+          };
+        };
+      };
+    };
+
+    # Postgres
+    postgresql = {
+      enable = true;
+      package = pkgs.postgresql96;
+    };
+
+    # Synapse
+    matrix-synapse = {
+      enable = true;
+      package = unstable.matrix-synapse;
+      server_name = "maralorn.de";
+      database_type = "psycopg2";
+      max_upload_size = "30M";
+      database_args = {
+        user = "matrix-synapse";
+        database = "matrix-synapse";
+        cp_min = "5";
+        cp_max = "10";
+      };
+      report_stats = true;
+      tls_certificate_path = "/var/lib/acme/matrix.maralorn.de/fullchain.pem";
+      tls_private_key_path = "/var/lib/acme/matrix.maralorn.de/key.pem";
+      listeners = [
+        {
+          port = 8448;
+          bind_address = "::";
+          resources = [ { compress = true; names = [ "client" ]; } { compress = false; names = [ "federation" ]; } ];
+          x_forwarded = false;
+        }
+        {
+          port = 8008;
+          bind_address = "::1";
+          resources = [ { compress = false; names = [ "client" ]; } { compress = false; names = [ "federation" ]; } ];
+          x_forwarded = true;
+          tls = false;
+        }
+      ];
+    };
+
+    # Taskserver
+    # taskserver = {
+    #   enable = true;
+    #   fqdn = config.networking.hostName;
+    #   listenHost = "::";
+    #   organisations.users.users = [ "maralorn" ];
+    #   config = { request.limit = 0; };
+    # };
+
+    # Mailserver
+    rspamd.enable = true;
+    rmilter = {
+      enable = true;
+      socketActivation = false;
+      rspamd = {
+        extraConfig = ''
+          extended_spam_headers = yes;
+        '';
+        enable = true;
+      };
+      postfix.enable = true;
+    };
+    dovecot2 = {
+      enable = true;
+      enablePop3 = false;
+      modules = [ pkgs.dovecot_pigeonhole ];
+      sslServerCert = "/var/lib/acme/charon.olymp.space/fullchain.pem";
+      sslServerKey = "/var/lib/acme/charon.olymp.space/key.pem";
+      extraConfig =
+      ''
+        ssl = required
+        service auth {
+          unix_listener /var/lib/postfix/queue/private/auth {
+            mode = 0660
+            user = postfix
+            group = postfix
+          }
+        }
+        protocol lda {
+          mail_plugins = $mail_plugins sieve
+        }
+        plugin {
+          sieve_extensions = +vnd.dovecot.duplicate
+        }
+      '';
+      };
+    postfix = {
+      enable = true;
+      enableSubmission = true;
+      rootAlias = "maralorn";
+      sslCert = "/var/lib/acme/charon.olymp.space/fullchain.pem";
+      sslKey = "/var/lib/acme/charon.olymp.space/key.pem";
+      extraAliases =
+      ''
+junge-erwachsene: :include:/etc/nixos/local/lists/junge-erwachsene
+je-orga: :include:/etc/nixos/local/lists/je-orga
+      '';
+      lookupMX = true;
+      extraConfig =
+      ''
+message_size_limit = 30720000
+
+mailbox_command = ${pkgs.dovecot}/libexec/dovecot/dovecot-lda -f "$SENDER" -a "$RECIPIENT" -d "$USER"
+
+virtual_alias_domains = maralorn.de, choreutes.de, olymp.space, mathechor.de
+smtp_bind_address6 = 2001:19f0:6c01:b0d::1
+smtp_tls_security_level = may
+smtpd_tls_security_level = may
+      '';
+      virtual =
+      ''
+junge-erwachsene@maralorn.de junge-erwachsene
+je-orga@maralorn.de je-orga
+@maralorn.de maralorn
+@mathechor.de maralorn
+@olymp.space maralorn
+@choreutes.de choreutes
+      '';
+      submissionOptions = {
+        milter_macro_daemon_name = "ORIGINATING";
+        smtpd_tls_security_level = "encrypt";
+        smtpd_sasl_type = "dovecot";
+        smtpd_sasl_auth_enable = "yes";
+        smtpd_sasl_path = "private/auth";
+        smtpd_recipient_restrictions = "permit_sasl_authenticated,reject";
+      };
+    };
+  };
+
+  boot.loader.grub = {
+      enable = true;
+      version = 2;
+      device = "/dev/vda";
+  };
+
+}

system/hosts/charon/hardware-configuration.nix

@@ -0,0 +1,30 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, ... }:
+
+{
+  imports =
+    [ <nixpkgs/nixos/modules/profiles/qemu-guest.nix>
+    ];
+
+  boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk" ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/c0311786-f760-4834-bb92-6c6c0dd8943a";
+      fsType = "ext4";
+    };
+
+  boot.initrd.luks.devices."root".device = "/dev/disk/by-uuid/051f74d2-c0dd-4fbe-b007-0d728acf3a91";
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/211c5a28-7243-4bfe-982c-7c31186ec9b7";
+      fsType = "ext4";
+    };
+
+  swapDevices = [ ];
+
+  nix.maxJobs = lib.mkDefault 1;
+}

system/modules/cdarknet/default.nix

@@ -0,0 +1 @@
+nixdark/default.nix

system/modules/cdarknet/hosts

@@ -0,0 +1 @@
+Subproject commit 2bc5760b0c12502073a26314156e5afc1a6800a0

system/modules/cdarknet/nixdark

@@ -0,0 +1 @@
+Subproject commit 8f95a4a050889afe687fceb6875fd0d4006630df

system/snippets/common.nix

@@ -0,0 +1,101 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, pkgs, ... }:
+let
+  unstable = import <unstable> {};
+in
+{
+
+  i18n = {
+    defaultLocale = "en_US.UTF-8";
+  };
+  time.timeZone = "Europe/Berlin";
+  boot.kernel.sysctl = { "fs.inotify.max_user_watches" = 204800; };
+  boot.loader.grub.configurationLimit = 5;
+
+  nix = {
+    gc = {
+       automatic = true;
+       options = "--delete-older-than 5d";
+    };
+    optimise.automatic = true;
+    package = pkgs.nixUnstable;
+  };
+  system.autoUpgrade.enable = true;
+  system.autoUpgrade.dates = "22:00";
+
+  users = {
+    defaultUserShell = pkgs.zsh;
+    mutableUsers = false;
+    users =
+      let keys = [
+        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+jbK/gzzarMHQc9R++i+llMHIh34lXr7FjIyjCdVjnLjKDE3mdJ6mh7JTJc9njn7s+6kZ7FAoDWe9QValR0OUlE3TRAD3wtu0Kud7LUPsR961Go84yRw3mVMZpJFJHYb4p2bTPcMMgFnj8+b5RfWJ1GU5gMOT7EIkpmytpien/IvBig8dzNQ152YQU9xiQ9dZspsMiSMP0pt5mU5tqGGA/5WCXgUPk19OhhEkak/VMNFPnRysk5ofmYWbitShciMAnTx1UHyDYCzbiHHN8Ud9UxkSVoR+q9RYbMfXsW04z5z8sRna1xDo8N9c3bZgcUXIBlIVBJPOaABpXO6+Ke3X pegasus"
+        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+r1uf2Wuw3CwXS8HaU5fl99LL74Xnblr0SWoUGKHKoRqgtNg/a+Z++l87UhqBGm9eYuFLSYGRzzQiffGbtfRT/18G/pixiPYPQCOQp7lWRguGjs4ejGzgIy9CrAXEKDwI6294tvX/8WiQLckROYE2gVKyA70yM0QmlozwqU9mzsky81EwDOtltsQGbBTswVuzNHqMgZsDTg+aBd66qUSRWMgh3PfvQyJPd+EUrsQzdt6lTx1A/Vg2oPXP3xZIKpbgQzDXxtzz1a7H/QYkJkkjefAFeMa3Z+PpP4zFV0Wnrn3Ny4sC4kjgywt1CPwJX7WnrZxpQ3cmg3G/08MAl+wp maralorn@apollo"
+        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCvKq3AkhHDKTPMKhXZfZhLhgwqk186h1R/j2rDNYPqsh73AnfiyTZQQqX4O7chkFCEFsBmDrpaOg1fnzIA0OGYIx02KwUQa8W/1eC4AsgDVQGdRCVKNQ+LFrtFQB0yjzO1zzXMpp3/BhfkwftyrAPP431icum/bMgpfz+QexeSbmmQUXVydcSK02YLJHbDwaF2FxTD1gfoLcCdW36VCp6xBPDVrvlp6z9mU+TZS0UxG8ruh3Q9FFGQqJ6NTy14dj4H5pHW9toFB3uDqBltfoN6azW+DylyxgM6/0PwQn3rALmPv3Ye/Wp/p12o0YhFXWbFRhnrSv1zomU/xjSm0LXz brandy@fb04217" ];
+          pw-file = "/etc/nixos/local/pw-maralorn";
+      in {
+        maralorn = {
+          description = "Malte Brandy";
+          isNormalUser = true;
+          uid = 1000;
+          extraGroups = [ "wheel" "systemd-journal" "networkmanager" "docker" ];
+          openssh.authorizedKeys.keys = keys;
+          passwordFile = pw-file;
+        };
+        root = {
+          openssh.authorizedKeys.keys = keys;
+          passwordFile = pw-file;
+        };
+      };
+  };
+
+  networking.firewall.allowPing = true;
+
+  services = {
+    sshd.enable = true;
+    syncthing = {
+      dataDir = "/home/maralorn/.config/syncthing";
+      enable = true;
+      group = "users";
+      user = "maralorn";
+      openDefaultPorts = true;
+      useInotify = true;
+      package = unstable.syncthing;
+    };
+  };
+
+  environment = {
+    systemPackages = with pkgs; [
+      git
+      gnumake
+      python3
+      python
+      pandoc
+      mkpasswd
+      rxvt_unicode.terminfo
+      htop
+      file
+      tmux
+      socat
+      tcpdump
+      wget
+      curl
+      neovim
+    ];
+    sessionVariables = {
+      TERMINFO = "/run/current-system/sw/share/terminfo";
+    };
+  };
+
+  programs = {
+    zsh = {
+      enable = true;
+      enableAutosuggestions = true;
+      enableCompletion = true;
+      syntaxHighlighting.enable = true;
+    };
+    vim.defaultEditor = true;
+  };
+}

system/snippets/init_ssh.nix

@@ -0,0 +1,16 @@
+{ config, pkgs, ... }:
+
+{
+  boot.initrd.network = {
+    enable = true;
+    ssh = {
+      enable = true;
+      authorizedKeys = config.users.users.root.openssh.authorizedKeys.keys;
+
+      # generate file with
+      # dropbearkey -t rsa -f /etc/nixos/boot_rsa
+      # nix-env -iA nixos.dropbear
+      hostRSAKey = /etc/nixos/local/boot_rsa;
+    };
+  };
+}

system/snippets/server.nix

@@ -0,0 +1,4 @@
+{ config, pkgs, ... }:
+
+{
+}