Compare commits

..

16 commits

Author SHA1 Message Date
44036f804a Fixed commas Gonne requested [#9] 2023-10-05 21:30:33 +00:00
191083f526 fixed Typos Gonne found see [#8] 2023-10-05 21:30:33 +00:00
8a87066837 added documentation for new systems 2023-10-05 21:30:33 +00:00
b91c5b0a2a [#7] polished the README 2023-10-05 21:30:33 +00:00
c0d03be602 some documentation I wrote without proofreading at 2 in the morning 2023-10-05 21:30:33 +00:00
dennis
33519a678a Merge pull request 'nerf/defaultRoles' (#12) from dennis/nixConfig:nerf/defaultRoles into main
Reviewed-on: Fachschaft/nixConfig#12
Reviewed-by: Gonne <gonne@noreply.localhost>
2023-10-05 21:15:31 +00:00
4f414fa1d7
use the nixpkgs xen module 2023-10-05 00:16:25 +02:00
3dc8c90a27
[#11] default role setup 2023-09-30 17:33:12 +02:00
4ccc9c83e6
removed leftover merge marker 2023-09-30 17:31:19 +02:00
d0d7237fa6
disable root login 2023-09-30 17:30:27 +02:00
c7825cbd01
make /tmp/ a tmpfs 2023-09-30 17:29:22 +02:00
16fee6f1f9
refactored xen_guest.nix 2023-09-30 17:23:56 +02:00
44a0ef0ecd
fixed small error in trusted nix keys handling 2023-09-30 17:22:39 +02:00
cba8cb1ce8
added nix_keys 2023-09-30 17:21:30 +02:00
4d7d32f7b6
first roles/default 2023-09-30 17:19:33 +02:00
d7b8d63f83
added sensible credentials to nerf user 2023-09-30 17:14:30 +02:00
3 changed files with 89 additions and 1 deletions

30
nixos/roles/admins.nix Normal file
View file

@ -0,0 +1,30 @@
{lib, ...} :
with lib;
let
admins = {
nerf = {
hashedPassword =
"$y$j9T$SJcjUIcs3JYuM5oyxfEQa/$tUBQT07FK4cb9xm.A6ZKVnFIPNOYMOKC6Dt6hadCuJ7";
keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEdA4LpEGUUmN8esFyrNZXFb2GiBID9/S6zzhcnofQuP nerf@nerflap2"
];
};
};
mkAdmin = name :
{hashedPassword, keys}: {
"${name}" = {
isNormalUser = true;
createHome = true;
extraGroups = [ "wheel" ];
group = "users";
home = "/home/${name}";
openssh.authorizedKeys = { inherit keys; };
inherit hashedPassword;
};
};
in {
users.users = mkMerge (mapAttrsToList mkAdmin admins);
}

View file

@ -1,4 +1,56 @@
{ ... } : {
{pkgs, config, lib, modulesPath, ...} : {
imports = [
./admins.nix
./nix_keys.nix
(modulesPath + "/virtualisation/xen-domU.nix")
];
nix = {
extraOptions = ''
experimental-features = nix-command flakes
builders-use-substitutes = true
'';
};
networking = {
firewall = { # these shoud be default, but better make sure!
enable = true;
allowPing = true;
};
nftables.enable = true;
useDHCP = false; # We don't speak DHCP and even if we would, we should enable it per interface
# hosts = # TODO write something to autogenerate ip adresses!
};
users = {
mutableUsers = false;
users.root.hashedPassword = "!";
};
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
environment = {
systemPackages = builtins.attrValues {
inherit (pkgs)
htop lsof tmux btop;
};
};
services = {
journald.extraConfig = "SystemMaxUse=5G";
nginx = {
recommendedOptimisation = true;
recommendedGzipSettings = true;
recommendedTlsSettings = true;
};
openssh = {
enable = true;
settings = {
PermitRootLogin = "no";
PasswordAuthentication = false;
};
};
};
}

6
nixos/roles/nix_keys.nix Normal file
View file

@ -0,0 +1,6 @@
{
imports = [ ];
nix.settings.trusted-public-keys = [
"nerflap2-1:pDZCg0oo9PxNQxwVSQSvycw7WXTl53PGvVeZWvxuqJc="
];
}