Add config for some machines

author: David Morgan <djm_uk@protonmail.com> 2022-11-08 16:19:24 +0000
committer: David Morgan <djm_uk@protonmail.com> 2022-11-08 16:19:24 +0000
commit: fe6cd64f9dde7f4876eaf941eb0cabb083e6375b (patch)
tree: b6b9e2a5de7527d4bf488192483c69208828819a /nix-conf/machines/djmuk1/configuration.nix
parent: 2e0a1f333cd40aba24c0ee7869691f6814a3d781 (diff)
download: dotfiles-fe6cd64f9dde7f4876eaf941eb0cabb083e6375b.tar.gz
1 files changed, 67 insertions, 0 deletions
diff --git a/nix-conf/machines/djmuk1/configuration.nix b/nix-conf/machines/djmuk1/configuration.nix
new file mode 100644
index 0000000..74e252a
--- /dev/null
+++ b/nix-conf/machines/djmuk1/configuration.nix
@@ -0,0 +1,67 @@
+{ config, pkgs, ... }: {
+  imports = [
+    ./hardware-configuration.nix
+  ];
+
+  boot.cleanTmpDir = true;
+
+  networking.hostName = "djmuk1";
+  networking.firewall = {
+    enable = true;
+    allowedTCPPorts = [ 113 ];
+  };
+
+  services.openssh = {
+    enable = true;
+    permitRootLogin = "no";
+    passwordAuthentication = false;
+    kbdInteractiveAuthentication = false;
+    extraConfig = ''
+      #AllowTcpForwarding yes
+      X11Forwarding no
+      AllowAgentForwarding no
+      AllowStreamLocalForwarding no
+      AuthenticationMethods publickey
+      AllowUsers djm
+    '';
+  };
+  services.sshguard.enable = true;
+  services.oidentd.enable = true;
+
+  services.locate = {
+    enable = true;
+    locate = pkgs.plocate;
+    localuser = null;
+  };
+
+  users.users.djm =
+   { isNormalUser = true;
+     home = "/home/djm";
+     description = "David Morgan";
+     extraGroups = [ "wheel" "plocate" ];
+     shell = pkgs.zsh;
+     openssh.authorizedKeys.keys = [
+      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCurCpxZCHtByB5wXzsjTXwMyDSB4+B8rq5XY6EGss58NwD8jc5cII4i+QUbCOGTiAggSZUSC9YIP24hjpOeNT/IYs5m7Qn1B9MtBAiUSrIYew8eDwnMLlPzN+k2x9zCrJeCHIvGJaFHPXTh1Lf5Jt2fPVGW9lksE/XUVOe6ht4N/b+nqqszXFhc8Ug6le2bC1YeTCVEf8pjlh/I7DkDBl6IB8uEXc3X2vxxbV0Z4vlBrFkkAywcD3j5VlS/QYfBr4BICNmq/sO3fMkbMbtAPwuFxeL4+h6426AARQZiSS0qVEc8OoFRBVx3GEH5fqVAWfB1geyLzei22HbjUcT9+xN davidmo@gendros" 
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK9UDTaVnUOU/JknrNdihlhhGOk53LmHq9I1ASri3aga djm@gaius"
+     ];
+   };
+
+   security.sudo.extraConfig = ''
+     djm ALL=(ALL) NOPASSWD: ALL
+   '';
+   security.doas = {
+     enable = true;
+     extraRules = [ { users = [ "djm" ]; noPass = true; keepEnv = true; } ];
+   };
+
+   environment.systemPackages = with pkgs; [
+     #procmail
+     vim
+     wget
+   ];
+   environment.variables = { EDITOR = "vim"; VISUAL = "vim"; };
+
+   nix.trustedUsers = [ "root" "djm" ];
+
+   system.stateVersion = "22.05";
+}
author	David Morgan <djm_uk@protonmail.com>	2022-11-08 16:19:24 +0000
committer	David Morgan <djm_uk@protonmail.com>	2022-11-08 16:19:24 +0000
commit	fe6cd64f9dde7f4876eaf941eb0cabb083e6375b (patch)
tree	b6b9e2a5de7527d4bf488192483c69208828819a /nix-conf/machines/djmuk1/configuration.nix
parent	2e0a1f333cd40aba24c0ee7869691f6814a3d781 (diff)
download	dotfiles-fe6cd64f9dde7f4876eaf941eb0cabb083e6375b.tar.gz