999spaces.cc - mu - Soul of a tiny new machine. More thorough tests → More comprehensible and rewrite-friendly software → More resilient society.

blob: 34017add01ec8f8fd9d45209d0f34f1c4c2d6b31 (plain) (tree)

be3fb4e1 ^

8a7ad05a ^

be3fb4e1 ^

8a7ad05a ^<{ config, pkgs, ... }: {
  imports = [
    ./hardware-configuration.nix
  ];

  boot.tmp.cleanOnBoot = true;
  zramSwap.enable = true;

  networking.hostName = "djmuk2";
  networking.firewall = {
    enable = true;
    allowedTCPPorts = [ 113 ];
  };

  services.openssh = {
    enable = true;
    settings = {
      PermitRootLogin = "no";
      PasswordAuthentication = false;
      KbdInteractiveAuthentication = false;
    };
    extraConfig = ''
      #AllowTcpForwarding yes
      X11Forwarding no
      AllowAgentForwarding no
      AllowStreamLocalForwarding no
      AuthenticationMethods publickey
      AllowUsers djm
    '';
  };
  services.sshguard.enable = true;
  services.oidentd.enable = true;

  services.locate = {
    enable = true;
    package = pkgs.plocate;
    localuser = null;
  };

  users.users.djm =
   { isNormalUser = true;
     home = "/home/djm";
     description = "David Morgan";
     extraGroups = [ "wheel" "plocate" ];
     shell = pkgs.zsh;
     openssh.authorizedKeys.keys = [
      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCurCpxZCHtByB5wXzsjTXwMyDSB4+B8rq5XY6EGss58NwD8jc5cII4i+QUbCOGTiAggSZUSC9YIP24hjpOeNT/IYs5m7Qn1B9MtBAiUSrIYew8eDwnMLlPzN+k2x9zCrJeCHIvGJaFHPXTh1Lf5Jt2fPVGW9lksE/XUVOe6ht4N/b+nqqszXFhc8Ug6le2bC1YeTCVEf8pjlh/I7DkDBl6IB8uEXc3X2vxxbV0Z4vlBrFkkAywcD3j5VlS/QYfBr4BICNmq/sO3fMkbMbtAPwuFxeL4+h6426AARQZiSS0qVEc8OoFRBVx3GEH5fqVAWfB1geyLzei22HbjUcT9+xN davidmo@gendros"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK9UDTaVnUOU/JknrNdihlhhGOk53LmHq9I1ASri3aga djm@gaius"
     ];
   };

   security.sudo.extraConfig = ''
     djm ALL=(ALL) NOPASSWD: ALL
   '';
   security.doas = {
     enable = true;
     extraRules = [ { users = [ "djm" ]; noPass = true; keepEnv = true; } ];
   };

   programs.zsh.enable = true;

   programs.vim.defaultEditor = true;

   environment.systemPackages = with pkgs; [
     #procmail
     git
     vim
     wget
   ];

   nix.settings.trusted-users = [ "root" "djm" ];
   nix.optimise.automatic = true;
   nix.optimise.dates = [ "03:00" ];

   i18n.defaultLocale = "en_GB.UTF-8";

   system.stateVersion = "22.05";
}

//: Since different layers all carve out different parts of various namespaces //: (recipes, memory, etc.) for their own use, there's no previous place where //: we can lay out the big picture of what uses what. So we'll do that here //: and just have to manually remember to update it when we move boundaries //: around. //: //:: Memory //: //: Location 0 - unused (since it can help uncover bugs) //: Locations 1-899 - reserved for tests //: Locations 900-999 - reserved for predefined globals in mu scenarios, like keyboard, screen, etc. :(before "End Setup") assert(Max_variables_in_scenarios == 900); //: Locations 1000 ('Reserved_for_tests') onward - available to the allocator in chunks of size Initial_memory_per_routine. assert(Reserved_for_tests == 1000); //:: Recipes //: //: 0 - unused (IDLE; do nothing) //: 1-199 - primitives assert(MAX_PRIMITIVE_RECIPES < 200); //: 200-999 - defined in .mu files as sequences of primitives assert(Next_recipe_ordinal == 1000); //: 1000 onwards - reserved for tests, cleared between tests //:: Depths for tracing //: //: 0 - unused //: 1-100 - app-level trace statements in mu //: 101-9989 - call-stack statements (mostly label run) assert(Initial_callstack_depth == 101); assert(Max_callstack_depth == 9989); //: 9990-9999 - intra-instruction lines (mostly label mem) //:: Summary of transforms and their dependencies //: begin transforms //: begin instruction inserting transforms //: 52 insert fragments //: ↳ 52.2 check fragments //: --- //: 53 rewrite 'stash' instructions //: end instruction inserting transforms //: //: begin instruction modifying transforms //: 56.2 check header ingredients //: ↳ 56.4 fill in reply ingredients //: 48 check or set types by name //: //: begin type modifying transforms //: 56.3 deduce types from header //: --- //: 30 check or set invalid containers //: end type modifying transforms //: ↱ 46 collect surrounding spaces //: ↳ 42 transform names //: ↳ 57 static dispatch //: --- //: 13 update instruction operation //: 40 transform braces //: 41 transform labels //: end instruction modifying transforms //: ↳ 60 check immutable ingredients //: //: begin checks //: --- //: 21 check instruction //: ↳ 61 check indirect calls against header //: ↳ 56 check calls against header //: ↳ 43 transform 'new' to 'allocate' //: 30 check merge calls //: 36 check types of reply instructions //: 43 check default space //: 56 check reply instructions against header //: end checks //: end transforms //:: Summary of type-checking in different phases //: when dispatching instructions we accept first recipe that: //: strictly matches all types //: maps literal 0 or literal 1 to boolean for some ingredients //: performs some other acceptable type conversion //: literal 0 -> address //: literal -> character //: when checking instructions we ensure that types match, and that literals map to some scalar //: (address can only map to literal 0) //: (boolean can only map to literal 0 or literal 1) //: (but conditionals can take any scalar) //: at runtime we perform no checks