diff options
Diffstat (limited to 'nix-conf/machines/edrahil/configuration.nix')
| -rw-r--r-- | nix-conf/machines/edrahil/configuration.nix | 82 |
1 files changed, 82 insertions, 0 deletions
diff --git a/nix-conf/machines/edrahil/configuration.nix b/nix-conf/machines/edrahil/configuration.nix new file mode 100644 index 0000000..a23c420 --- /dev/null +++ b/nix-conf/machines/edrahil/configuration.nix @@ -0,0 +1,82 @@ +{ config, pkgs,... }: { + imports = [ + ./hardware-configuration.nix + ]; + + boot.cleanTmpDir = true; + zramSwap.enable = true; + + networking.hostName = "edrahil"; + networking.firewall = { + enable = true; + allowedTCPPorts = [ 113 2222 ]; + }; + networking = { + interfaces.ens3.ipv6.addresses = [{ + address = "2a01:4f8:c0c:2be9::1"; + prefixLength = 64; + }]; + defaultGateway6 = { + address = "fe80::1"; + interface = "ens3"; + }; +}; + + services.openssh = { + enable = true; + ports = [ 2222 ]; + permitRootLogin = "no"; + passwordAuthentication = false; + allowSFTP = true; + kbdInteractiveAuthentication = false; + extraConfig = '' + #AllowTcpForwarding yes + X11Forwarding no + AllowAgentForwarding no + AllowStreamLocalForwarding no + AuthenticationMethods publickey + AllowUsers djm + ''; + }; + services.sshguard.enable = true; + services.oidentd.enable = true; + + services.locate = { + enable = true; + locate = pkgs.plocate; + localuser = null; + }; + + users.users.djm = + { isNormalUser = true; + home = "/home/djm"; + description = "David Morgan"; + extraGroups = [ "wheel" "plocate" ]; + shell = pkgs.zsh; + openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCurCpxZCHtByB5wXzsjTXwMyDSB4+B8rq5XY6EGss58NwD8jc5cII4i+QUbCOGTiAggSZUSC9YIP24hjpOeNT/IYs5m7Qn1B9MtBAiUSrIYew8eDwnMLlPzN+k2x9zCrJeCHIvGJaFHPXTh1Lf5Jt2fPVGW9lksE/XUVOe6ht4N/b+nqqszXFhc8Ug6le2bC1YeTCVEf8pjlh/I7DkDBl6IB8uEXc3X2vxxbV0Z4vlBrFkkAywcD3j5VlS/QYfBr4BICNmq/sO3fMkbMbtAPwuFxeL4+h6426AARQZiSS0qVEc8OoFRBVx3GEH5fqVAWfB1geyLzei22HbjUcT9+xN davidmo@gendros" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK9UDTaVnUOU/JknrNdihlhhGOk53LmHq9I1ASri3aga djm@gaius" + ]; + }; + + security.sudo.extraConfig = '' + djm ALL=(ALL) NOPASSWD: ALL + ''; + security.doas = { + enable = true; + extraRules = [ { users = [ "djm" ]; noPass = true; keepEnv = true; } ]; + }; + + environment.systemPackages = with pkgs; [ + #procmail + git + vim + wget + ]; + environment.variables = { EDITOR = "vim"; VISUAL = "vim"; }; + + nix.trustedUsers = [ "root" "djm" ]; + + system.stateVersion = "22.05"; + +} |