commit e47964b2b61d441a92b4a916a4e0ff929f118a53 Author: Malte Brandy Date: Thu Feb 8 23:16:23 2018 +0100 Initial commit diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 00000000..c7279f52 --- /dev/null +++ b/.gitmodules @@ -0,0 +1,6 @@ +[submodule "system/modules/cdarknet/nixdark"] + path = system/modules/cdarknet/nixdark + url = git@git.darmstadt.ccc.de:cdark.net/nixdark +[submodule "system/modules/cdarknet/hosts"] + path = system/modules/cdarknet/hosts + url = git@git.darmstadt.ccc.de:cdark.net/hosts diff --git a/home/hosts/apollo.nix b/home/hosts/apollo.nix new file mode 100644 index 00000000..7426122d --- /dev/null +++ b/home/hosts/apollo.nix @@ -0,0 +1,9 @@ +{ pkgs, ... }: +let + unstable = import (fetchTarball https://github.com/NixOS/nixpkgs-channels/archive/nixos-unstable.tar.gz) {}; +in { + imports = [ + ../snippets/everywhere.nix + ../snippets/my-systems.nix + ]; +} diff --git a/home/hosts/charon.nix b/home/hosts/charon.nix new file mode 100644 index 00000000..644c9817 --- /dev/null +++ b/home/hosts/charon.nix @@ -0,0 +1,70 @@ +{ pkgs, ... }: +let + unstable = import (fetchTarball https://github.com/NixOS/nixpkgs-channels/archive/nixos-unstable.tar.gz) {}; + habitask = with pkgs; with unstable.rustPlatform; buildRustPackage rec { + name = "habitask"; + version = "0.1.0"; + src = ~/data/aktuell/it/code/habitask; + depsSha256 = "0clac943ajxns64jkdcg312a4x4jgd239jb4yd5qm32nnkj62ym7"; + cargoSha256 = "0clac943ajxns64jkdcg312a4x4jgd239jb4yd5qm32nnkj62ym7"; + buildInputs = [ openssl pkgconfig ]; + }; +in { + imports = [ + ../snippets/everywhere.nix + ../snippets/my-systems.nix + ]; + home.packages = [ habitask ]; + + systemd.user = { + services.morgenreport = + let + morgenreport-script = pkgs.writeShellScriptBin "morgenreport" '' + cd $HOME/data/aktuell/media/ebooks/morgenreport/ + DATE=`date +%Y-%m-%d` + ${unstable.calibre}/bin/ebook-convert $HOME/data/aktuell/it/code/calibre-recipes/morgenreport.recipe morgenreport-$DATE.mobi --output-profile=kindle_pw3 + echo "File created, sending to kindle now …" + PATH=$PATH:/run/wrappers/bin/ + echo 'Siehe Anhang' | ${pkgs.mutt}/bin/mutt -s "Morgenreport $DATE" -a morgenreport-$DATE.mobi -- maralorn@kindle.com + ''; + in { + Unit = { + Description = "Send morgenreport to kindle"; + }; + + Service = { + Type = "oneshot"; + ExecStart="/bin/sh ${morgenreport-script}/bin/morgenreport"; + }; + }; + timers.morgenreport = { + Timer = { + OnCalendar = "20:00"; + }; + }; + + services.sort-mail = + let + sort-mail-script = pkgs.writeShellScriptBin "sort-mail" '' + ${unstable.isync}/bin/mbsync -a + mv $HOME/data/aktuell/it/mail/.Move.kiva/cur/* $HOME/data/aktuell/it/mail-accounts/fb4/INBOX/new/ + mv $HOME/data/aktuell/it/mail-accounts/fb4/Move/privat/cur/* $HOME/data/aktuell/it/mail/new/ + ${unstable.isync}/bin/mbsync -a + ''; + in { + Unit = { + Description = "Sort E-Mails"; + }; + + Service = { + Type = "oneshot"; + ExecStart="/bin/sh ${sort-mail-script}/bin/sort-mail"; + }; + }; + timers.sort-mail = { + Timer = { + OnCalendar = "minutely"; + }; + }; + }; +} diff --git a/home/hosts/fb4.nix b/home/hosts/fb4.nix new file mode 100644 index 00000000..ec133b8a --- /dev/null +++ b/home/hosts/fb4.nix @@ -0,0 +1,11 @@ +{ pkgs, ... }: +{ +imports = [ + ../snippets/everywhere.nix + ../snippets/graphical.nix + ]; + home.packages = with pkgs; [ + xautolock + syncthing + ]; +} diff --git a/home/snippets/everywhere.nix b/home/snippets/everywhere.nix new file mode 100644 index 00000000..28e50829 --- /dev/null +++ b/home/snippets/everywhere.nix @@ -0,0 +1,31 @@ +{ pkgs, ... }: +{ + programs.home-manager = { + enable = true; + path = https://github.com/rycee/home-manager/archive/release-17.09.tar.gz; + }; + systemd.user.startServices = true; + + home.packages = with pkgs; [ + htop + tree + rxvt_unicode.terminfo + + socat + nmap + tcpdump + + rcm + tmux + tig + + neovim + taskwarrior + + vimPlugins.vundle + vimPlugins.deoplete-nvim + vimPlugins.vim-nix + pythonPackages.qrcode + ranger + ]; +} diff --git a/home/snippets/graphical.nix b/home/snippets/graphical.nix new file mode 100644 index 00000000..c2695389 --- /dev/null +++ b/home/snippets/graphical.nix @@ -0,0 +1,21 @@ +{ pkgs, ... }: +let + unstable = import (fetchTarball https://github.com/NixOS/nixpkgs-channels/archive/nixos-unstable.tar.gz) {}; + tasktree = with pkgs; with rustPlatform; buildRustPackage rec { + name = "tasktree"; + version = "0.1.0"; + src = ~/data/aktuell/it/code/tasktree; + depsSha256 = ""; + cargoSha256 = ""; + buildInputs = [ gnome3.gtk atk cairo gdk_pixbuf glib pango ]; + }; +in { + home.packages = with pkgs; [ + vimPlugins.vimtex + redshift + python27Packages.syncthing-gtk + rxvt_unicode + tasktree + gnome3.gnome_terminal + ]; +} diff --git a/home/snippets/my-systems.nix b/home/snippets/my-systems.nix new file mode 100644 index 00000000..09ac0daf --- /dev/null +++ b/home/snippets/my-systems.nix @@ -0,0 +1,11 @@ +{ pkgs, ... }: +{ + home.packages = with pkgs; [ + gnupg + pass + mutt + sshuttle + mtr + youtubeDL + ]; +} diff --git a/system/hosts/apollo/configuration.nix b/system/hosts/apollo/configuration.nix new file mode 100644 index 00000000..aa27c754 --- /dev/null +++ b/system/hosts/apollo/configuration.nix @@ -0,0 +1,79 @@ +{ config, pkgs, ... }: +{ + +networking = { + hostName = "apollo"; + networkmanager.enable = true; + hostId = "38d29f92"; +}; + +i18n.consoleKeyMap = "neo"; + +imports = [ + ./hardware-configuration.nix + ../modules/cdarknet + ../snippets/common.nix +]; + +# Use the systemd-boot EFI boot loader. +boot = { + loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; + supportedFilesystems = [ "zfs" "exfat" ]; +}; + +environment.systemPackages = with pkgs; [ + zfstools + gnome3.caribou + xournal +]; + +security.rngd.enable = true; + +programs.gnupg.agent = { + enable = true; +}; + +cdark_net = { + enable = true; + hostName = "maralorn_apollo"; + ed25519PrivateKeyFile = /etc/nixos/local/tinc/ed25519_key.priv; + hostsDirectory = /etc/nixos/config/cdarknet/hosts; + ip6address = "fd23:42:cda:4342::2"; + ip4address = "172.20.71.2"; +}; + + +services = { + printing = { + enable = true; + drivers = [pkgs.hplip]; + }; + xserver = { + enable = true; + layout = "de"; + xkbVariant = "neo"; + desktopManager.gnome3.enable = true; + displayManager.gdm = { + autoLogin = { + delay = 3; + enable = true; + user = "maralorn"; + }; + wayland = false; + enable = true; + }; + libinput.enable = true; + config = '' + Section "InputClass" + Identifier "Enable libinput for TrackPoint" + MatchIsPointer "on" + Driver "libinput" + EndSection + ''; + }; +}; +#virtualisation.docker.enable = true; +} diff --git a/system/hosts/apollo/hardware-configuration.nix b/system/hosts/apollo/hardware-configuration.nix new file mode 100644 index 00000000..60b25595 --- /dev/null +++ b/system/hosts/apollo/hardware-configuration.nix @@ -0,0 +1,31 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, ... }: + +{ + imports = + [ + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/d01fd9f1-f5b1-4199-a736-54c1698682d7"; + fsType = "ext4"; + }; + + boot.initrd.luks.devices."nixos".device = "/dev/disk/by-uuid/d10217d6-d703-42d3-af7d-2f5d06095ff3"; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/F51A-2EE0"; + fsType = "vfat"; + }; + + swapDevices = [ ]; + + nix.maxJobs = lib.mkDefault 4; + powerManagement.cpuFreqGovernor = "powersave"; +} diff --git a/system/hosts/charon/configuration.nix b/system/hosts/charon/configuration.nix new file mode 100644 index 00000000..15d08456 --- /dev/null +++ b/system/hosts/charon/configuration.nix @@ -0,0 +1,297 @@ +{ config, pkgs, ... }: + +let + unstable = import (fetchTarball https://github.com/NixOS/nixpkgs-channels/archive/nixos-unstable.tar.gz) {}; +in +{ + system.stateVersion = "17.03"; + + networking = { + hostName = "charon.olymp.space"; + + interfaces.ens3 = { + ip4 = [ { address = "45.32.154.139"; prefixLength = 22; } ]; + ip6 = [ { address = "2001:19f0:6c01:b0d::1"; prefixLength = 64; } ]; + }; + defaultGateway = "45.32.152.1"; + nameservers = [ "108.61.10.10" "2001:19f0:300:1704::6" ]; + }; + + environment.systemPackages = with pkgs; [ + pandoc + ]; + + imports = [ + ./hardware-configuration.nix + ../snippets/common.nix + ../snippets/init_ssh.nix + /etc/nixos/local/config.nix + ]; + + boot.initrd.network.postCommands = "ip address add 2001:19f0:6c01:b0d::b007/64 dev eth0"; + boot.initrd.postMountCommands = "ip link set eth0 down"; + + networking.firewall.allowedTCPPorts = [ 25 80 587 443 993 8448 22000 ]; + + users.users = { + choreutes = { + description = "Tobias Schmalz"; + isNormalUser = true; + passwordFile = "/etc/nixos/local/pw-choreutes"; + }; + swantje = { + description = "Swantje Mahncke"; + isNormalUser = true; + passwordFile = "/etc/nixos/local/pw-swantje"; + }; + dovecot2.extraGroups = ["certs"]; + postfix.extraGroups = ["certs"]; + matrix-synapse.extraGroups = ["certs"]; + }; + users.groups = { + certs = {}; + }; + security.acme.certs = { + "charon.olymp.space" = { + email = "malte.brandy@maralorn.de"; + postRun = "systemctl restart postfix dovecot2"; + allowKeysForGroup = true; + group = "certs"; + extraDomains = { + "maralorn.de" = null; + }; + }; + "matrix.maralorn.de" = { + email = "malte.brandy@maralorn.de"; + postRun = "systemctl restart matrix-synapse"; + allowKeysForGroup = true; + group = "certs"; + extraDomains = { + "maralorn.de" = null; + }; + }; + }; + services = { + radicale = { + enable = true; + package = pkgs.radicale2; + config = '' + [auth] + type = http_x_remote_user + ''; + }; + nginx = { + enable = true; + virtualHosts."mathechor.de" = { + serverAliases = ["www.mathechor.de"]; + forceSSL = true; + enableACME = true; + locations = { + "~* Makefile".extraConfig = "deny all;"; + "/" = { + root = "/var/www/mathechor/public"; + index = "index.html"; + extraConfig = "location ~* \.(otf)$ {add_header Access-Control-Allow-Origin *;}"; + }; + }; + }; + virtualHosts."intern.mathechor.de" = { + forceSSL = true; + enableACME = true; + # See /etc/nixos/local/ für basic_auth pw. + locations = { + "~* Makefile".extraConfig = "deny all;"; + "/" = { + root = "/var/www/mathechor/intern"; + index = "index.html"; + }; + "/mathechor.ics" = { + proxyPass ="http://127.0.0.1:5232/maralorn/23e21619-29c6-17eb-043f-8ab5af00b46b/"; + extraConfig = '' + proxy_set_header X-Remote-User maralorn; + ''; + }; + }; + }; + virtualHosts."dav.maralorn.de" = { + forceSSL = true; + enableACME = true; + # See /etc/nixos/local/ für basic_auth pw. + locations."/" = { + proxyPass = "http://127.0.0.1:5232"; + extraConfig = "proxy_set_header X-Remote-User $remote_user;"; + }; + }; + virtualHosts."blog.maralorn.de" = { + forceSSL = true; + enableACME = true; + locations = { + "/" = { + root = "/var/www/blog/output"; + index = "index.html"; + }; + }; + }; + virtualHosts."charon.olymp.space" = { + forceSSL = true; + enableACME = true; + default = true; + locations = { + "/ved.ics" = { + proxyPass ="http://127.0.0.1:5232/maralorn/5a155c2c-1d87-e50d-874c-63f8858d1302/"; + extraConfig = '' + proxy_set_header X-Remote-User maralorn; + ''; + }; + }; + }; + virtualHosts."matrix.maralorn.de" = { + forceSSL = true; + enableACME = true; + locations = { + "/_matrix" = { + proxyPass = "http://[::1]:8008"; + extraConfig = '' + proxy_http_version 1.1; + proxy_set_header X-Forwarded-For $remote_addr; + ''; + }; + }; + }; + }; + + # Postgres + postgresql = { + enable = true; + package = pkgs.postgresql96; + }; + + # Synapse + matrix-synapse = { + enable = true; + package = unstable.matrix-synapse; + server_name = "maralorn.de"; + database_type = "psycopg2"; + max_upload_size = "30M"; + database_args = { + user = "matrix-synapse"; + database = "matrix-synapse"; + cp_min = "5"; + cp_max = "10"; + }; + report_stats = true; + tls_certificate_path = "/var/lib/acme/matrix.maralorn.de/fullchain.pem"; + tls_private_key_path = "/var/lib/acme/matrix.maralorn.de/key.pem"; + listeners = [ + { + port = 8448; + bind_address = "::"; + resources = [ { compress = true; names = [ "client" ]; } { compress = false; names = [ "federation" ]; } ]; + x_forwarded = false; + } + { + port = 8008; + bind_address = "::1"; + resources = [ { compress = false; names = [ "client" ]; } { compress = false; names = [ "federation" ]; } ]; + x_forwarded = true; + tls = false; + } + ]; + }; + + # Taskserver + # taskserver = { + # enable = true; + # fqdn = config.networking.hostName; + # listenHost = "::"; + # organisations.users.users = [ "maralorn" ]; + # config = { request.limit = 0; }; + # }; + + # Mailserver + rspamd.enable = true; + rmilter = { + enable = true; + socketActivation = false; + rspamd = { + extraConfig = '' + extended_spam_headers = yes; + ''; + enable = true; + }; + postfix.enable = true; + }; + dovecot2 = { + enable = true; + enablePop3 = false; + modules = [ pkgs.dovecot_pigeonhole ]; + sslServerCert = "/var/lib/acme/charon.olymp.space/fullchain.pem"; + sslServerKey = "/var/lib/acme/charon.olymp.space/key.pem"; + extraConfig = + '' + ssl = required + service auth { + unix_listener /var/lib/postfix/queue/private/auth { + mode = 0660 + user = postfix + group = postfix + } + } + protocol lda { + mail_plugins = $mail_plugins sieve + } + plugin { + sieve_extensions = +vnd.dovecot.duplicate + } + ''; + }; + postfix = { + enable = true; + enableSubmission = true; + rootAlias = "maralorn"; + sslCert = "/var/lib/acme/charon.olymp.space/fullchain.pem"; + sslKey = "/var/lib/acme/charon.olymp.space/key.pem"; + extraAliases = + '' +junge-erwachsene: :include:/etc/nixos/local/lists/junge-erwachsene +je-orga: :include:/etc/nixos/local/lists/je-orga + ''; + lookupMX = true; + extraConfig = + '' +message_size_limit = 30720000 + +mailbox_command = ${pkgs.dovecot}/libexec/dovecot/dovecot-lda -f "$SENDER" -a "$RECIPIENT" -d "$USER" + +virtual_alias_domains = maralorn.de, choreutes.de, olymp.space, mathechor.de +smtp_bind_address6 = 2001:19f0:6c01:b0d::1 +smtp_tls_security_level = may +smtpd_tls_security_level = may + ''; + virtual = + '' +junge-erwachsene@maralorn.de junge-erwachsene +je-orga@maralorn.de je-orga +@maralorn.de maralorn +@mathechor.de maralorn +@olymp.space maralorn +@choreutes.de choreutes + ''; + submissionOptions = { + milter_macro_daemon_name = "ORIGINATING"; + smtpd_tls_security_level = "encrypt"; + smtpd_sasl_type = "dovecot"; + smtpd_sasl_auth_enable = "yes"; + smtpd_sasl_path = "private/auth"; + smtpd_recipient_restrictions = "permit_sasl_authenticated,reject"; + }; + }; + }; + + boot.loader.grub = { + enable = true; + version = 2; + device = "/dev/vda"; + }; + +} diff --git a/system/hosts/charon/hardware-configuration.nix b/system/hosts/charon/hardware-configuration.nix new file mode 100644 index 00000000..28b83c47 --- /dev/null +++ b/system/hosts/charon/hardware-configuration.nix @@ -0,0 +1,30 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, ... }: + +{ + imports = + [ + ]; + + boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk" ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/c0311786-f760-4834-bb92-6c6c0dd8943a"; + fsType = "ext4"; + }; + + boot.initrd.luks.devices."root".device = "/dev/disk/by-uuid/051f74d2-c0dd-4fbe-b007-0d728acf3a91"; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/211c5a28-7243-4bfe-982c-7c31186ec9b7"; + fsType = "ext4"; + }; + + swapDevices = [ ]; + + nix.maxJobs = lib.mkDefault 1; +} diff --git a/system/modules/cdarknet/default.nix b/system/modules/cdarknet/default.nix new file mode 120000 index 00000000..035431df --- /dev/null +++ b/system/modules/cdarknet/default.nix @@ -0,0 +1 @@ +nixdark/default.nix \ No newline at end of file diff --git a/system/modules/cdarknet/hosts b/system/modules/cdarknet/hosts new file mode 160000 index 00000000..2bc5760b --- /dev/null +++ b/system/modules/cdarknet/hosts @@ -0,0 +1 @@ +Subproject commit 2bc5760b0c12502073a26314156e5afc1a6800a0 diff --git a/system/modules/cdarknet/nixdark b/system/modules/cdarknet/nixdark new file mode 160000 index 00000000..8f95a4a0 --- /dev/null +++ b/system/modules/cdarknet/nixdark @@ -0,0 +1 @@ +Subproject commit 8f95a4a050889afe687fceb6875fd0d4006630df diff --git a/system/snippets/common.nix b/system/snippets/common.nix new file mode 100644 index 00000000..15f727d6 --- /dev/null +++ b/system/snippets/common.nix @@ -0,0 +1,101 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ config, pkgs, ... }: +let + unstable = import {}; +in +{ + + i18n = { + defaultLocale = "en_US.UTF-8"; + }; + time.timeZone = "Europe/Berlin"; + boot.kernel.sysctl = { "fs.inotify.max_user_watches" = 204800; }; + boot.loader.grub.configurationLimit = 5; + + nix = { + gc = { + automatic = true; + options = "--delete-older-than 5d"; + }; + optimise.automatic = true; + package = pkgs.nixUnstable; + }; + system.autoUpgrade.enable = true; + system.autoUpgrade.dates = "22:00"; + + users = { + defaultUserShell = pkgs.zsh; + mutableUsers = false; + users = + let keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+jbK/gzzarMHQc9R++i+llMHIh34lXr7FjIyjCdVjnLjKDE3mdJ6mh7JTJc9njn7s+6kZ7FAoDWe9QValR0OUlE3TRAD3wtu0Kud7LUPsR961Go84yRw3mVMZpJFJHYb4p2bTPcMMgFnj8+b5RfWJ1GU5gMOT7EIkpmytpien/IvBig8dzNQ152YQU9xiQ9dZspsMiSMP0pt5mU5tqGGA/5WCXgUPk19OhhEkak/VMNFPnRysk5ofmYWbitShciMAnTx1UHyDYCzbiHHN8Ud9UxkSVoR+q9RYbMfXsW04z5z8sRna1xDo8N9c3bZgcUXIBlIVBJPOaABpXO6+Ke3X pegasus" + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+r1uf2Wuw3CwXS8HaU5fl99LL74Xnblr0SWoUGKHKoRqgtNg/a+Z++l87UhqBGm9eYuFLSYGRzzQiffGbtfRT/18G/pixiPYPQCOQp7lWRguGjs4ejGzgIy9CrAXEKDwI6294tvX/8WiQLckROYE2gVKyA70yM0QmlozwqU9mzsky81EwDOtltsQGbBTswVuzNHqMgZsDTg+aBd66qUSRWMgh3PfvQyJPd+EUrsQzdt6lTx1A/Vg2oPXP3xZIKpbgQzDXxtzz1a7H/QYkJkkjefAFeMa3Z+PpP4zFV0Wnrn3Ny4sC4kjgywt1CPwJX7WnrZxpQ3cmg3G/08MAl+wp maralorn@apollo" + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCvKq3AkhHDKTPMKhXZfZhLhgwqk186h1R/j2rDNYPqsh73AnfiyTZQQqX4O7chkFCEFsBmDrpaOg1fnzIA0OGYIx02KwUQa8W/1eC4AsgDVQGdRCVKNQ+LFrtFQB0yjzO1zzXMpp3/BhfkwftyrAPP431icum/bMgpfz+QexeSbmmQUXVydcSK02YLJHbDwaF2FxTD1gfoLcCdW36VCp6xBPDVrvlp6z9mU+TZS0UxG8ruh3Q9FFGQqJ6NTy14dj4H5pHW9toFB3uDqBltfoN6azW+DylyxgM6/0PwQn3rALmPv3Ye/Wp/p12o0YhFXWbFRhnrSv1zomU/xjSm0LXz brandy@fb04217" ]; + pw-file = "/etc/nixos/local/pw-maralorn"; + in { + maralorn = { + description = "Malte Brandy"; + isNormalUser = true; + uid = 1000; + extraGroups = [ "wheel" "systemd-journal" "networkmanager" "docker" ]; + openssh.authorizedKeys.keys = keys; + passwordFile = pw-file; + }; + root = { + openssh.authorizedKeys.keys = keys; + passwordFile = pw-file; + }; + }; + }; + + networking.firewall.allowPing = true; + + services = { + sshd.enable = true; + syncthing = { + dataDir = "/home/maralorn/.config/syncthing"; + enable = true; + group = "users"; + user = "maralorn"; + openDefaultPorts = true; + useInotify = true; + package = unstable.syncthing; + }; + }; + + environment = { + systemPackages = with pkgs; [ + git + gnumake + python3 + python + pandoc + mkpasswd + rxvt_unicode.terminfo + htop + file + tmux + socat + tcpdump + wget + curl + neovim + ]; + sessionVariables = { + TERMINFO = "/run/current-system/sw/share/terminfo"; + }; + }; + + programs = { + zsh = { + enable = true; + enableAutosuggestions = true; + enableCompletion = true; + syntaxHighlighting.enable = true; + }; + vim.defaultEditor = true; + }; +} diff --git a/system/snippets/init_ssh.nix b/system/snippets/init_ssh.nix new file mode 100644 index 00000000..4e031b43 --- /dev/null +++ b/system/snippets/init_ssh.nix @@ -0,0 +1,16 @@ +{ config, pkgs, ... }: + +{ + boot.initrd.network = { + enable = true; + ssh = { + enable = true; + authorizedKeys = config.users.users.root.openssh.authorizedKeys.keys; + + # generate file with + # dropbearkey -t rsa -f /etc/nixos/boot_rsa + # nix-env -iA nixos.dropbear + hostRSAKey = /etc/nixos/local/boot_rsa; + }; + }; +} diff --git a/system/snippets/server.nix b/system/snippets/server.nix new file mode 100644 index 00000000..7278641f --- /dev/null +++ b/system/snippets/server.nix @@ -0,0 +1,4 @@ +{ config, pkgs, ... }: + +{ +}