From fe6cd64f9dde7f4876eaf941eb0cabb083e6375b Mon Sep 17 00:00:00 2001 From: David Morgan Date: Tue, 8 Nov 2022 16:19:24 +0000 Subject: Add config for some machines --- nix-conf/machines/edrahil/configuration.nix | 82 ++++++++++++++++++++++ .../machines/edrahil/hardware-configuration.nix | 9 +++ 2 files changed, 91 insertions(+) create mode 100644 nix-conf/machines/edrahil/configuration.nix create mode 100644 nix-conf/machines/edrahil/hardware-configuration.nix (limited to 'nix-conf/machines/edrahil') diff --git a/nix-conf/machines/edrahil/configuration.nix b/nix-conf/machines/edrahil/configuration.nix new file mode 100644 index 0000000..a23c420 --- /dev/null +++ b/nix-conf/machines/edrahil/configuration.nix @@ -0,0 +1,82 @@ +{ config, pkgs,... }: { + imports = [ + ./hardware-configuration.nix + ]; + + boot.cleanTmpDir = true; + zramSwap.enable = true; + + networking.hostName = "edrahil"; + networking.firewall = { + enable = true; + allowedTCPPorts = [ 113 2222 ]; + }; + networking = { + interfaces.ens3.ipv6.addresses = [{ + address = "2a01:4f8:c0c:2be9::1"; + prefixLength = 64; + }]; + defaultGateway6 = { + address = "fe80::1"; + interface = "ens3"; + }; +}; + + services.openssh = { + enable = true; + ports = [ 2222 ]; + permitRootLogin = "no"; + passwordAuthentication = false; + allowSFTP = true; + kbdInteractiveAuthentication = false; + extraConfig = '' + #AllowTcpForwarding yes + X11Forwarding no + AllowAgentForwarding no + AllowStreamLocalForwarding no + AuthenticationMethods publickey + AllowUsers djm + ''; + }; + services.sshguard.enable = true; + services.oidentd.enable = true; + + services.locate = { + enable = true; + locate = pkgs.plocate; + localuser = null; + }; + + users.users.djm = + { isNormalUser = true; + home = "/home/djm"; + description = "David Morgan"; + extraGroups = [ "wheel" "plocate" ]; + shell = pkgs.zsh; + openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCurCpxZCHtByB5wXzsjTXwMyDSB4+B8rq5XY6EGss58NwD8jc5cII4i+QUbCOGTiAggSZUSC9YIP24hjpOeNT/IYs5m7Qn1B9MtBAiUSrIYew8eDwnMLlPzN+k2x9zCrJeCHIvGJaFHPXTh1Lf5Jt2fPVGW9lksE/XUVOe6ht4N/b+nqqszXFhc8Ug6le2bC1YeTCVEf8pjlh/I7DkDBl6IB8uEXc3X2vxxbV0Z4vlBrFkkAywcD3j5VlS/QYfBr4BICNmq/sO3fMkbMbtAPwuFxeL4+h6426AARQZiSS0qVEc8OoFRBVx3GEH5fqVAWfB1geyLzei22HbjUcT9+xN davidmo@gendros" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK9UDTaVnUOU/JknrNdihlhhGOk53LmHq9I1ASri3aga djm@gaius" + ]; + }; + + security.sudo.extraConfig = '' + djm ALL=(ALL) NOPASSWD: ALL + ''; + security.doas = { + enable = true; + extraRules = [ { users = [ "djm" ]; noPass = true; keepEnv = true; } ]; + }; + + environment.systemPackages = with pkgs; [ + #procmail + git + vim + wget + ]; + environment.variables = { EDITOR = "vim"; VISUAL = "vim"; }; + + nix.trustedUsers = [ "root" "djm" ]; + + system.stateVersion = "22.05"; + +} diff --git a/nix-conf/machines/edrahil/hardware-configuration.nix b/nix-conf/machines/edrahil/hardware-configuration.nix new file mode 100644 index 0000000..f67b9f4 --- /dev/null +++ b/nix-conf/machines/edrahil/hardware-configuration.nix @@ -0,0 +1,9 @@ +{ modulesPath, ... }: +{ + imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; + boot.loader.grub.device = "/dev/sda"; + boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "vmw_pvscsi" "xen_blkfront" ]; + boot.initrd.kernelModules = [ "nvme" ]; + fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; }; + +} -- cgit 1.4.1-2-gfad0