Initial commit
This commit is contained in:
commit
e47964b2b6
6
.gitmodules
vendored
Normal file
6
.gitmodules
vendored
Normal file
|
@ -0,0 +1,6 @@
|
|||
[submodule "system/modules/cdarknet/nixdark"]
|
||||
path = system/modules/cdarknet/nixdark
|
||||
url = git@git.darmstadt.ccc.de:cdark.net/nixdark
|
||||
[submodule "system/modules/cdarknet/hosts"]
|
||||
path = system/modules/cdarknet/hosts
|
||||
url = git@git.darmstadt.ccc.de:cdark.net/hosts
|
9
home/hosts/apollo.nix
Normal file
9
home/hosts/apollo.nix
Normal file
|
@ -0,0 +1,9 @@
|
|||
{ pkgs, ... }:
|
||||
let
|
||||
unstable = import (fetchTarball https://github.com/NixOS/nixpkgs-channels/archive/nixos-unstable.tar.gz) {};
|
||||
in {
|
||||
imports = [
|
||||
../snippets/everywhere.nix
|
||||
../snippets/my-systems.nix
|
||||
];
|
||||
}
|
70
home/hosts/charon.nix
Normal file
70
home/hosts/charon.nix
Normal file
|
@ -0,0 +1,70 @@
|
|||
{ pkgs, ... }:
|
||||
let
|
||||
unstable = import (fetchTarball https://github.com/NixOS/nixpkgs-channels/archive/nixos-unstable.tar.gz) {};
|
||||
habitask = with pkgs; with unstable.rustPlatform; buildRustPackage rec {
|
||||
name = "habitask";
|
||||
version = "0.1.0";
|
||||
src = ~/data/aktuell/it/code/habitask;
|
||||
depsSha256 = "0clac943ajxns64jkdcg312a4x4jgd239jb4yd5qm32nnkj62ym7";
|
||||
cargoSha256 = "0clac943ajxns64jkdcg312a4x4jgd239jb4yd5qm32nnkj62ym7";
|
||||
buildInputs = [ openssl pkgconfig ];
|
||||
};
|
||||
in {
|
||||
imports = [
|
||||
../snippets/everywhere.nix
|
||||
../snippets/my-systems.nix
|
||||
];
|
||||
home.packages = [ habitask ];
|
||||
|
||||
systemd.user = {
|
||||
services.morgenreport =
|
||||
let
|
||||
morgenreport-script = pkgs.writeShellScriptBin "morgenreport" ''
|
||||
cd $HOME/data/aktuell/media/ebooks/morgenreport/
|
||||
DATE=`date +%Y-%m-%d`
|
||||
${unstable.calibre}/bin/ebook-convert $HOME/data/aktuell/it/code/calibre-recipes/morgenreport.recipe morgenreport-$DATE.mobi --output-profile=kindle_pw3
|
||||
echo "File created, sending to kindle now …"
|
||||
PATH=$PATH:/run/wrappers/bin/
|
||||
echo 'Siehe Anhang' | ${pkgs.mutt}/bin/mutt -s "Morgenreport $DATE" -a morgenreport-$DATE.mobi -- maralorn@kindle.com
|
||||
'';
|
||||
in {
|
||||
Unit = {
|
||||
Description = "Send morgenreport to kindle";
|
||||
};
|
||||
|
||||
Service = {
|
||||
Type = "oneshot";
|
||||
ExecStart="/bin/sh ${morgenreport-script}/bin/morgenreport";
|
||||
};
|
||||
};
|
||||
timers.morgenreport = {
|
||||
Timer = {
|
||||
OnCalendar = "20:00";
|
||||
};
|
||||
};
|
||||
|
||||
services.sort-mail =
|
||||
let
|
||||
sort-mail-script = pkgs.writeShellScriptBin "sort-mail" ''
|
||||
${unstable.isync}/bin/mbsync -a
|
||||
mv $HOME/data/aktuell/it/mail/.Move.kiva/cur/* $HOME/data/aktuell/it/mail-accounts/fb4/INBOX/new/
|
||||
mv $HOME/data/aktuell/it/mail-accounts/fb4/Move/privat/cur/* $HOME/data/aktuell/it/mail/new/
|
||||
${unstable.isync}/bin/mbsync -a
|
||||
'';
|
||||
in {
|
||||
Unit = {
|
||||
Description = "Sort E-Mails";
|
||||
};
|
||||
|
||||
Service = {
|
||||
Type = "oneshot";
|
||||
ExecStart="/bin/sh ${sort-mail-script}/bin/sort-mail";
|
||||
};
|
||||
};
|
||||
timers.sort-mail = {
|
||||
Timer = {
|
||||
OnCalendar = "minutely";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
11
home/hosts/fb4.nix
Normal file
11
home/hosts/fb4.nix
Normal file
|
@ -0,0 +1,11 @@
|
|||
{ pkgs, ... }:
|
||||
{
|
||||
imports = [
|
||||
../snippets/everywhere.nix
|
||||
../snippets/graphical.nix
|
||||
];
|
||||
home.packages = with pkgs; [
|
||||
xautolock
|
||||
syncthing
|
||||
];
|
||||
}
|
31
home/snippets/everywhere.nix
Normal file
31
home/snippets/everywhere.nix
Normal file
|
@ -0,0 +1,31 @@
|
|||
{ pkgs, ... }:
|
||||
{
|
||||
programs.home-manager = {
|
||||
enable = true;
|
||||
path = https://github.com/rycee/home-manager/archive/release-17.09.tar.gz;
|
||||
};
|
||||
systemd.user.startServices = true;
|
||||
|
||||
home.packages = with pkgs; [
|
||||
htop
|
||||
tree
|
||||
rxvt_unicode.terminfo
|
||||
|
||||
socat
|
||||
nmap
|
||||
tcpdump
|
||||
|
||||
rcm
|
||||
tmux
|
||||
tig
|
||||
|
||||
neovim
|
||||
taskwarrior
|
||||
|
||||
vimPlugins.vundle
|
||||
vimPlugins.deoplete-nvim
|
||||
vimPlugins.vim-nix
|
||||
pythonPackages.qrcode
|
||||
ranger
|
||||
];
|
||||
}
|
21
home/snippets/graphical.nix
Normal file
21
home/snippets/graphical.nix
Normal file
|
@ -0,0 +1,21 @@
|
|||
{ pkgs, ... }:
|
||||
let
|
||||
unstable = import (fetchTarball https://github.com/NixOS/nixpkgs-channels/archive/nixos-unstable.tar.gz) {};
|
||||
tasktree = with pkgs; with rustPlatform; buildRustPackage rec {
|
||||
name = "tasktree";
|
||||
version = "0.1.0";
|
||||
src = ~/data/aktuell/it/code/tasktree;
|
||||
depsSha256 = "";
|
||||
cargoSha256 = "";
|
||||
buildInputs = [ gnome3.gtk atk cairo gdk_pixbuf glib pango ];
|
||||
};
|
||||
in {
|
||||
home.packages = with pkgs; [
|
||||
vimPlugins.vimtex
|
||||
redshift
|
||||
python27Packages.syncthing-gtk
|
||||
rxvt_unicode
|
||||
tasktree
|
||||
gnome3.gnome_terminal
|
||||
];
|
||||
}
|
11
home/snippets/my-systems.nix
Normal file
11
home/snippets/my-systems.nix
Normal file
|
@ -0,0 +1,11 @@
|
|||
{ pkgs, ... }:
|
||||
{
|
||||
home.packages = with pkgs; [
|
||||
gnupg
|
||||
pass
|
||||
mutt
|
||||
sshuttle
|
||||
mtr
|
||||
youtubeDL
|
||||
];
|
||||
}
|
79
system/hosts/apollo/configuration.nix
Normal file
79
system/hosts/apollo/configuration.nix
Normal file
|
@ -0,0 +1,79 @@
|
|||
{ config, pkgs, ... }:
|
||||
{
|
||||
|
||||
networking = {
|
||||
hostName = "apollo";
|
||||
networkmanager.enable = true;
|
||||
hostId = "38d29f92";
|
||||
};
|
||||
|
||||
i18n.consoleKeyMap = "neo";
|
||||
|
||||
imports = [
|
||||
./hardware-configuration.nix
|
||||
../modules/cdarknet
|
||||
../snippets/common.nix
|
||||
];
|
||||
|
||||
# Use the systemd-boot EFI boot loader.
|
||||
boot = {
|
||||
loader = {
|
||||
systemd-boot.enable = true;
|
||||
efi.canTouchEfiVariables = true;
|
||||
};
|
||||
supportedFilesystems = [ "zfs" "exfat" ];
|
||||
};
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
zfstools
|
||||
gnome3.caribou
|
||||
xournal
|
||||
];
|
||||
|
||||
security.rngd.enable = true;
|
||||
|
||||
programs.gnupg.agent = {
|
||||
enable = true;
|
||||
};
|
||||
|
||||
cdark_net = {
|
||||
enable = true;
|
||||
hostName = "maralorn_apollo";
|
||||
ed25519PrivateKeyFile = /etc/nixos/local/tinc/ed25519_key.priv;
|
||||
hostsDirectory = /etc/nixos/config/cdarknet/hosts;
|
||||
ip6address = "fd23:42:cda:4342::2";
|
||||
ip4address = "172.20.71.2";
|
||||
};
|
||||
|
||||
|
||||
services = {
|
||||
printing = {
|
||||
enable = true;
|
||||
drivers = [pkgs.hplip];
|
||||
};
|
||||
xserver = {
|
||||
enable = true;
|
||||
layout = "de";
|
||||
xkbVariant = "neo";
|
||||
desktopManager.gnome3.enable = true;
|
||||
displayManager.gdm = {
|
||||
autoLogin = {
|
||||
delay = 3;
|
||||
enable = true;
|
||||
user = "maralorn";
|
||||
};
|
||||
wayland = false;
|
||||
enable = true;
|
||||
};
|
||||
libinput.enable = true;
|
||||
config = ''
|
||||
Section "InputClass"
|
||||
Identifier "Enable libinput for TrackPoint"
|
||||
MatchIsPointer "on"
|
||||
Driver "libinput"
|
||||
EndSection
|
||||
'';
|
||||
};
|
||||
};
|
||||
#virtualisation.docker.enable = true;
|
||||
}
|
31
system/hosts/apollo/hardware-configuration.nix
Normal file
31
system/hosts/apollo/hardware-configuration.nix
Normal file
|
@ -0,0 +1,31 @@
|
|||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||
# and may be overwritten by future invocations. Please make changes
|
||||
# to /etc/nixos/configuration.nix instead.
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
|
||||
];
|
||||
|
||||
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
|
||||
boot.kernelModules = [ "kvm-intel" ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
fileSystems."/" =
|
||||
{ device = "/dev/disk/by-uuid/d01fd9f1-f5b1-4199-a736-54c1698682d7";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
boot.initrd.luks.devices."nixos".device = "/dev/disk/by-uuid/d10217d6-d703-42d3-af7d-2f5d06095ff3";
|
||||
|
||||
fileSystems."/boot" =
|
||||
{ device = "/dev/disk/by-uuid/F51A-2EE0";
|
||||
fsType = "vfat";
|
||||
};
|
||||
|
||||
swapDevices = [ ];
|
||||
|
||||
nix.maxJobs = lib.mkDefault 4;
|
||||
powerManagement.cpuFreqGovernor = "powersave";
|
||||
}
|
297
system/hosts/charon/configuration.nix
Normal file
297
system/hosts/charon/configuration.nix
Normal file
|
@ -0,0 +1,297 @@
|
|||
{ config, pkgs, ... }:
|
||||
|
||||
let
|
||||
unstable = import (fetchTarball https://github.com/NixOS/nixpkgs-channels/archive/nixos-unstable.tar.gz) {};
|
||||
in
|
||||
{
|
||||
system.stateVersion = "17.03";
|
||||
|
||||
networking = {
|
||||
hostName = "charon.olymp.space";
|
||||
|
||||
interfaces.ens3 = {
|
||||
ip4 = [ { address = "45.32.154.139"; prefixLength = 22; } ];
|
||||
ip6 = [ { address = "2001:19f0:6c01:b0d::1"; prefixLength = 64; } ];
|
||||
};
|
||||
defaultGateway = "45.32.152.1";
|
||||
nameservers = [ "108.61.10.10" "2001:19f0:300:1704::6" ];
|
||||
};
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
pandoc
|
||||
];
|
||||
|
||||
imports = [
|
||||
./hardware-configuration.nix
|
||||
../snippets/common.nix
|
||||
../snippets/init_ssh.nix
|
||||
/etc/nixos/local/config.nix
|
||||
];
|
||||
|
||||
boot.initrd.network.postCommands = "ip address add 2001:19f0:6c01:b0d::b007/64 dev eth0";
|
||||
boot.initrd.postMountCommands = "ip link set eth0 down";
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 25 80 587 443 993 8448 22000 ];
|
||||
|
||||
users.users = {
|
||||
choreutes = {
|
||||
description = "Tobias Schmalz";
|
||||
isNormalUser = true;
|
||||
passwordFile = "/etc/nixos/local/pw-choreutes";
|
||||
};
|
||||
swantje = {
|
||||
description = "Swantje Mahncke";
|
||||
isNormalUser = true;
|
||||
passwordFile = "/etc/nixos/local/pw-swantje";
|
||||
};
|
||||
dovecot2.extraGroups = ["certs"];
|
||||
postfix.extraGroups = ["certs"];
|
||||
matrix-synapse.extraGroups = ["certs"];
|
||||
};
|
||||
users.groups = {
|
||||
certs = {};
|
||||
};
|
||||
security.acme.certs = {
|
||||
"charon.olymp.space" = {
|
||||
email = "malte.brandy@maralorn.de";
|
||||
postRun = "systemctl restart postfix dovecot2";
|
||||
allowKeysForGroup = true;
|
||||
group = "certs";
|
||||
extraDomains = {
|
||||
"maralorn.de" = null;
|
||||
};
|
||||
};
|
||||
"matrix.maralorn.de" = {
|
||||
email = "malte.brandy@maralorn.de";
|
||||
postRun = "systemctl restart matrix-synapse";
|
||||
allowKeysForGroup = true;
|
||||
group = "certs";
|
||||
extraDomains = {
|
||||
"maralorn.de" = null;
|
||||
};
|
||||
};
|
||||
};
|
||||
services = {
|
||||
radicale = {
|
||||
enable = true;
|
||||
package = pkgs.radicale2;
|
||||
config = ''
|
||||
[auth]
|
||||
type = http_x_remote_user
|
||||
'';
|
||||
};
|
||||
nginx = {
|
||||
enable = true;
|
||||
virtualHosts."mathechor.de" = {
|
||||
serverAliases = ["www.mathechor.de"];
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations = {
|
||||
"~* Makefile".extraConfig = "deny all;";
|
||||
"/" = {
|
||||
root = "/var/www/mathechor/public";
|
||||
index = "index.html";
|
||||
extraConfig = "location ~* \.(otf)$ {add_header Access-Control-Allow-Origin *;}";
|
||||
};
|
||||
};
|
||||
};
|
||||
virtualHosts."intern.mathechor.de" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
# See /etc/nixos/local/ für basic_auth pw.
|
||||
locations = {
|
||||
"~* Makefile".extraConfig = "deny all;";
|
||||
"/" = {
|
||||
root = "/var/www/mathechor/intern";
|
||||
index = "index.html";
|
||||
};
|
||||
"/mathechor.ics" = {
|
||||
proxyPass ="http://127.0.0.1:5232/maralorn/23e21619-29c6-17eb-043f-8ab5af00b46b/";
|
||||
extraConfig = ''
|
||||
proxy_set_header X-Remote-User maralorn;
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
virtualHosts."dav.maralorn.de" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
# See /etc/nixos/local/ für basic_auth pw.
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:5232";
|
||||
extraConfig = "proxy_set_header X-Remote-User $remote_user;";
|
||||
};
|
||||
};
|
||||
virtualHosts."blog.maralorn.de" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations = {
|
||||
"/" = {
|
||||
root = "/var/www/blog/output";
|
||||
index = "index.html";
|
||||
};
|
||||
};
|
||||
};
|
||||
virtualHosts."charon.olymp.space" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
default = true;
|
||||
locations = {
|
||||
"/ved.ics" = {
|
||||
proxyPass ="http://127.0.0.1:5232/maralorn/5a155c2c-1d87-e50d-874c-63f8858d1302/";
|
||||
extraConfig = ''
|
||||
proxy_set_header X-Remote-User maralorn;
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
virtualHosts."matrix.maralorn.de" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations = {
|
||||
"/_matrix" = {
|
||||
proxyPass = "http://[::1]:8008";
|
||||
extraConfig = ''
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
# Postgres
|
||||
postgresql = {
|
||||
enable = true;
|
||||
package = pkgs.postgresql96;
|
||||
};
|
||||
|
||||
# Synapse
|
||||
matrix-synapse = {
|
||||
enable = true;
|
||||
package = unstable.matrix-synapse;
|
||||
server_name = "maralorn.de";
|
||||
database_type = "psycopg2";
|
||||
max_upload_size = "30M";
|
||||
database_args = {
|
||||
user = "matrix-synapse";
|
||||
database = "matrix-synapse";
|
||||
cp_min = "5";
|
||||
cp_max = "10";
|
||||
};
|
||||
report_stats = true;
|
||||
tls_certificate_path = "/var/lib/acme/matrix.maralorn.de/fullchain.pem";
|
||||
tls_private_key_path = "/var/lib/acme/matrix.maralorn.de/key.pem";
|
||||
listeners = [
|
||||
{
|
||||
port = 8448;
|
||||
bind_address = "::";
|
||||
resources = [ { compress = true; names = [ "client" ]; } { compress = false; names = [ "federation" ]; } ];
|
||||
x_forwarded = false;
|
||||
}
|
||||
{
|
||||
port = 8008;
|
||||
bind_address = "::1";
|
||||
resources = [ { compress = false; names = [ "client" ]; } { compress = false; names = [ "federation" ]; } ];
|
||||
x_forwarded = true;
|
||||
tls = false;
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
# Taskserver
|
||||
# taskserver = {
|
||||
# enable = true;
|
||||
# fqdn = config.networking.hostName;
|
||||
# listenHost = "::";
|
||||
# organisations.users.users = [ "maralorn" ];
|
||||
# config = { request.limit = 0; };
|
||||
# };
|
||||
|
||||
# Mailserver
|
||||
rspamd.enable = true;
|
||||
rmilter = {
|
||||
enable = true;
|
||||
socketActivation = false;
|
||||
rspamd = {
|
||||
extraConfig = ''
|
||||
extended_spam_headers = yes;
|
||||
'';
|
||||
enable = true;
|
||||
};
|
||||
postfix.enable = true;
|
||||
};
|
||||
dovecot2 = {
|
||||
enable = true;
|
||||
enablePop3 = false;
|
||||
modules = [ pkgs.dovecot_pigeonhole ];
|
||||
sslServerCert = "/var/lib/acme/charon.olymp.space/fullchain.pem";
|
||||
sslServerKey = "/var/lib/acme/charon.olymp.space/key.pem";
|
||||
extraConfig =
|
||||
''
|
||||
ssl = required
|
||||
service auth {
|
||||
unix_listener /var/lib/postfix/queue/private/auth {
|
||||
mode = 0660
|
||||
user = postfix
|
||||
group = postfix
|
||||
}
|
||||
}
|
||||
protocol lda {
|
||||
mail_plugins = $mail_plugins sieve
|
||||
}
|
||||
plugin {
|
||||
sieve_extensions = +vnd.dovecot.duplicate
|
||||
}
|
||||
'';
|
||||
};
|
||||
postfix = {
|
||||
enable = true;
|
||||
enableSubmission = true;
|
||||
rootAlias = "maralorn";
|
||||
sslCert = "/var/lib/acme/charon.olymp.space/fullchain.pem";
|
||||
sslKey = "/var/lib/acme/charon.olymp.space/key.pem";
|
||||
extraAliases =
|
||||
''
|
||||
junge-erwachsene: :include:/etc/nixos/local/lists/junge-erwachsene
|
||||
je-orga: :include:/etc/nixos/local/lists/je-orga
|
||||
'';
|
||||
lookupMX = true;
|
||||
extraConfig =
|
||||
''
|
||||
message_size_limit = 30720000
|
||||
|
||||
mailbox_command = ${pkgs.dovecot}/libexec/dovecot/dovecot-lda -f "$SENDER" -a "$RECIPIENT" -d "$USER"
|
||||
|
||||
virtual_alias_domains = maralorn.de, choreutes.de, olymp.space, mathechor.de
|
||||
smtp_bind_address6 = 2001:19f0:6c01:b0d::1
|
||||
smtp_tls_security_level = may
|
||||
smtpd_tls_security_level = may
|
||||
'';
|
||||
virtual =
|
||||
''
|
||||
junge-erwachsene@maralorn.de junge-erwachsene
|
||||
je-orga@maralorn.de je-orga
|
||||
@maralorn.de maralorn
|
||||
@mathechor.de maralorn
|
||||
@olymp.space maralorn
|
||||
@choreutes.de choreutes
|
||||
'';
|
||||
submissionOptions = {
|
||||
milter_macro_daemon_name = "ORIGINATING";
|
||||
smtpd_tls_security_level = "encrypt";
|
||||
smtpd_sasl_type = "dovecot";
|
||||
smtpd_sasl_auth_enable = "yes";
|
||||
smtpd_sasl_path = "private/auth";
|
||||
smtpd_recipient_restrictions = "permit_sasl_authenticated,reject";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
boot.loader.grub = {
|
||||
enable = true;
|
||||
version = 2;
|
||||
device = "/dev/vda";
|
||||
};
|
||||
|
||||
}
|
30
system/hosts/charon/hardware-configuration.nix
Normal file
30
system/hosts/charon/hardware-configuration.nix
Normal file
|
@ -0,0 +1,30 @@
|
|||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||
# and may be overwritten by future invocations. Please make changes
|
||||
# to /etc/nixos/configuration.nix instead.
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[ <nixpkgs/nixos/modules/profiles/qemu-guest.nix>
|
||||
];
|
||||
|
||||
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk" ];
|
||||
boot.kernelModules = [ ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
fileSystems."/" =
|
||||
{ device = "/dev/disk/by-uuid/c0311786-f760-4834-bb92-6c6c0dd8943a";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
boot.initrd.luks.devices."root".device = "/dev/disk/by-uuid/051f74d2-c0dd-4fbe-b007-0d728acf3a91";
|
||||
|
||||
fileSystems."/boot" =
|
||||
{ device = "/dev/disk/by-uuid/211c5a28-7243-4bfe-982c-7c31186ec9b7";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
swapDevices = [ ];
|
||||
|
||||
nix.maxJobs = lib.mkDefault 1;
|
||||
}
|
1
system/modules/cdarknet/default.nix
Symbolic link
1
system/modules/cdarknet/default.nix
Symbolic link
|
@ -0,0 +1 @@
|
|||
nixdark/default.nix
|
1
system/modules/cdarknet/hosts
Submodule
1
system/modules/cdarknet/hosts
Submodule
|
@ -0,0 +1 @@
|
|||
Subproject commit 2bc5760b0c12502073a26314156e5afc1a6800a0
|
1
system/modules/cdarknet/nixdark
Submodule
1
system/modules/cdarknet/nixdark
Submodule
|
@ -0,0 +1 @@
|
|||
Subproject commit 8f95a4a050889afe687fceb6875fd0d4006630df
|
101
system/snippets/common.nix
Normal file
101
system/snippets/common.nix
Normal file
|
@ -0,0 +1,101 @@
|
|||
# Edit this configuration file to define what should be installed on
|
||||
# your system. Help is available in the configuration.nix(5) man page
|
||||
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||
|
||||
{ config, pkgs, ... }:
|
||||
let
|
||||
unstable = import <unstable> {};
|
||||
in
|
||||
{
|
||||
|
||||
i18n = {
|
||||
defaultLocale = "en_US.UTF-8";
|
||||
};
|
||||
time.timeZone = "Europe/Berlin";
|
||||
boot.kernel.sysctl = { "fs.inotify.max_user_watches" = 204800; };
|
||||
boot.loader.grub.configurationLimit = 5;
|
||||
|
||||
nix = {
|
||||
gc = {
|
||||
automatic = true;
|
||||
options = "--delete-older-than 5d";
|
||||
};
|
||||
optimise.automatic = true;
|
||||
package = pkgs.nixUnstable;
|
||||
};
|
||||
system.autoUpgrade.enable = true;
|
||||
system.autoUpgrade.dates = "22:00";
|
||||
|
||||
users = {
|
||||
defaultUserShell = pkgs.zsh;
|
||||
mutableUsers = false;
|
||||
users =
|
||||
let keys = [
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+jbK/gzzarMHQc9R++i+llMHIh34lXr7FjIyjCdVjnLjKDE3mdJ6mh7JTJc9njn7s+6kZ7FAoDWe9QValR0OUlE3TRAD3wtu0Kud7LUPsR961Go84yRw3mVMZpJFJHYb4p2bTPcMMgFnj8+b5RfWJ1GU5gMOT7EIkpmytpien/IvBig8dzNQ152YQU9xiQ9dZspsMiSMP0pt5mU5tqGGA/5WCXgUPk19OhhEkak/VMNFPnRysk5ofmYWbitShciMAnTx1UHyDYCzbiHHN8Ud9UxkSVoR+q9RYbMfXsW04z5z8sRna1xDo8N9c3bZgcUXIBlIVBJPOaABpXO6+Ke3X pegasus"
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+r1uf2Wuw3CwXS8HaU5fl99LL74Xnblr0SWoUGKHKoRqgtNg/a+Z++l87UhqBGm9eYuFLSYGRzzQiffGbtfRT/18G/pixiPYPQCOQp7lWRguGjs4ejGzgIy9CrAXEKDwI6294tvX/8WiQLckROYE2gVKyA70yM0QmlozwqU9mzsky81EwDOtltsQGbBTswVuzNHqMgZsDTg+aBd66qUSRWMgh3PfvQyJPd+EUrsQzdt6lTx1A/Vg2oPXP3xZIKpbgQzDXxtzz1a7H/QYkJkkjefAFeMa3Z+PpP4zFV0Wnrn3Ny4sC4kjgywt1CPwJX7WnrZxpQ3cmg3G/08MAl+wp maralorn@apollo"
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCvKq3AkhHDKTPMKhXZfZhLhgwqk186h1R/j2rDNYPqsh73AnfiyTZQQqX4O7chkFCEFsBmDrpaOg1fnzIA0OGYIx02KwUQa8W/1eC4AsgDVQGdRCVKNQ+LFrtFQB0yjzO1zzXMpp3/BhfkwftyrAPP431icum/bMgpfz+QexeSbmmQUXVydcSK02YLJHbDwaF2FxTD1gfoLcCdW36VCp6xBPDVrvlp6z9mU+TZS0UxG8ruh3Q9FFGQqJ6NTy14dj4H5pHW9toFB3uDqBltfoN6azW+DylyxgM6/0PwQn3rALmPv3Ye/Wp/p12o0YhFXWbFRhnrSv1zomU/xjSm0LXz brandy@fb04217" ];
|
||||
pw-file = "/etc/nixos/local/pw-maralorn";
|
||||
in {
|
||||
maralorn = {
|
||||
description = "Malte Brandy";
|
||||
isNormalUser = true;
|
||||
uid = 1000;
|
||||
extraGroups = [ "wheel" "systemd-journal" "networkmanager" "docker" ];
|
||||
openssh.authorizedKeys.keys = keys;
|
||||
passwordFile = pw-file;
|
||||
};
|
||||
root = {
|
||||
openssh.authorizedKeys.keys = keys;
|
||||
passwordFile = pw-file;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
networking.firewall.allowPing = true;
|
||||
|
||||
services = {
|
||||
sshd.enable = true;
|
||||
syncthing = {
|
||||
dataDir = "/home/maralorn/.config/syncthing";
|
||||
enable = true;
|
||||
group = "users";
|
||||
user = "maralorn";
|
||||
openDefaultPorts = true;
|
||||
useInotify = true;
|
||||
package = unstable.syncthing;
|
||||
};
|
||||
};
|
||||
|
||||
environment = {
|
||||
systemPackages = with pkgs; [
|
||||
git
|
||||
gnumake
|
||||
python3
|
||||
python
|
||||
pandoc
|
||||
mkpasswd
|
||||
rxvt_unicode.terminfo
|
||||
htop
|
||||
file
|
||||
tmux
|
||||
socat
|
||||
tcpdump
|
||||
wget
|
||||
curl
|
||||
neovim
|
||||
];
|
||||
sessionVariables = {
|
||||
TERMINFO = "/run/current-system/sw/share/terminfo";
|
||||
};
|
||||
};
|
||||
|
||||
programs = {
|
||||
zsh = {
|
||||
enable = true;
|
||||
enableAutosuggestions = true;
|
||||
enableCompletion = true;
|
||||
syntaxHighlighting.enable = true;
|
||||
};
|
||||
vim.defaultEditor = true;
|
||||
};
|
||||
}
|
16
system/snippets/init_ssh.nix
Normal file
16
system/snippets/init_ssh.nix
Normal file
|
@ -0,0 +1,16 @@
|
|||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
boot.initrd.network = {
|
||||
enable = true;
|
||||
ssh = {
|
||||
enable = true;
|
||||
authorizedKeys = config.users.users.root.openssh.authorizedKeys.keys;
|
||||
|
||||
# generate file with
|
||||
# dropbearkey -t rsa -f /etc/nixos/boot_rsa
|
||||
# nix-env -iA nixos.dropbear
|
||||
hostRSAKey = /etc/nixos/local/boot_rsa;
|
||||
};
|
||||
};
|
||||
}
|
4
system/snippets/server.nix
Normal file
4
system/snippets/server.nix
Normal file
|
@ -0,0 +1,4 @@
|
|||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
}
|
Loading…
Reference in a new issue