treewide: minor cleanups
This commit is contained in:
parent
f2af8d0a75
commit
4334b5ef50
GPG key ID:
B95E8FE6B11C4D09
|
|
@ -12,23 +12,11 @@
|
||||||
boot.loader.efi.canTouchEfiVariables = true;
|
boot.loader.efi.canTouchEfiVariables = true;
|
||||||
boot.supportedFilesystems = [ "zfs" ];
|
boot.supportedFilesystems = [ "zfs" ];
|
||||||
boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
|
boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
|
||||||
boot.zfs = {
|
|
||||||
forceImportRoot = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
# services.qemuGuest.enable = true;
|
|
||||||
|
|
||||||
# Set your time zone.
|
# Set your time zone.
|
||||||
time.timeZone = "Europe/Berlin";
|
time.timeZone = "Europe/Berlin";
|
||||||
i18n.defaultLocale = "en_US.UTF-8";
|
i18n.defaultLocale = "en_US.UTF-8";
|
||||||
|
|
||||||
# List packages installed in system profile. To search, run:
|
|
||||||
environment.systemPackages = with pkgs; [
|
|
||||||
vim
|
|
||||||
wget
|
|
||||||
git
|
|
||||||
];
|
|
||||||
|
|
||||||
# prevent fork bombs
|
# prevent fork bombs
|
||||||
security.pam.loginLimits = [
|
security.pam.loginLimits = [
|
||||||
{
|
{
|
||||||
|
|
@ -58,18 +46,6 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
# Open ports in the firewall.
|
|
||||||
networking.firewall.allowedTCPPorts = [ 443 80 ];
|
|
||||||
# networking.firewall.allowedUDPPorts = [ ... ];
|
|
||||||
# Or disable the firewall altogether.
|
|
||||||
# networking.firewall.enable = false;
|
|
||||||
|
|
||||||
# Copy the NixOS configuration file and link it from the resulting system
|
|
||||||
# (/run/current-system/configuration.nix). This is useful in case you
|
|
||||||
# accidentally delete configuration.nix.
|
|
||||||
# system.copySystemConfiguration = true;
|
|
||||||
|
|
||||||
# This value determines the NixOS release from which the default
|
# This value determines the NixOS release from which the default
|
||||||
# settings for stateful data, like file locations and database versions
|
# settings for stateful data, like file locations and database versions
|
||||||
# on your system were taken. It‘s perfectly fine and recommended to leave
|
# on your system were taken. It‘s perfectly fine and recommended to leave
|
||||||
|
|
|
||||||
|
|
@ -1,112 +0,0 @@
|
||||||
{ pkgs, config, ... }: {
|
|
||||||
nix = {
|
|
||||||
package = pkgs.nixUnstable; # or versioned attributes like nix_2_4
|
|
||||||
extraOptions = ''
|
|
||||||
experimental-features = nix-command flakes
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
system.activationScripts.report-nixos-changes = ''
|
|
||||||
if [ -e /run/current-system ] && [ -e $systemConfig ]; then
|
|
||||||
echo System package diff:
|
|
||||||
${config.nix.package}/bin/nix store diff-closures /run/current-system $systemConfig || true
|
|
||||||
fi
|
|
||||||
|
|
||||||
NO_FORMAT="\033[0m"
|
|
||||||
F_BOLD="\033[1m"
|
|
||||||
C_RED="\033[38;5;9m"
|
|
||||||
${pkgs.diffutils}/bin/cmp --silent \
|
|
||||||
<(readlink /run/current-system/{initrd,kernel,kernel-modules}) \
|
|
||||||
<(readlink $systemConfig/{initrd,kernel,kernel-modules}) \
|
|
||||||
|| echo -e "''${F_BOLD}''${C_RED}Kernel version changed, reboot is advised.''${NO_FORMAT}"
|
|
||||||
'';
|
|
||||||
|
|
||||||
# Select internationalisation properties.
|
|
||||||
console = {
|
|
||||||
#font = "Lat2-Terminus16";
|
|
||||||
font = "${pkgs.terminus_font}/share/consolefonts/ter-u28n.psf.gz";
|
|
||||||
keyMap = pkgs.lib.mkForce "uk";
|
|
||||||
};
|
|
||||||
|
|
||||||
# Enable the OpenSSH daemon.
|
|
||||||
services.openssh.enable = true;
|
|
||||||
programs.mosh.enable = true;
|
|
||||||
|
|
||||||
# vs code server
|
|
||||||
services.vscode-server.enable = true;
|
|
||||||
|
|
||||||
# set root ssh keys
|
|
||||||
users.users.root.openssh.authorizedKeys = {
|
|
||||||
keys = [
|
|
||||||
# RSA keys go into keyFiles because they're shamefully long
|
|
||||||
# "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPS8xkNH7JvKblekx5oel4HVKCz3uBbQYEaR9Z9nzTAr manuel@ifsr.de"
|
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINogGKyXieCXQvVTa1z3ArS1TlqcVl2sSqvMpOjQo/Um jakob@krbs.me"
|
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICjNYNRBsY/Dc+/XOaGDui9tRa4VGPsHwYo3irGnMRbR felix@tycho"
|
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDdOcXORg+akeN2t3yZlKWdoTURKxtV29eQ7UrIMkCHv felix@entropy"
|
|
||||||
# "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH73n+ZfJqNzIh9rPh6JYQaI4OAw9WKkPeqj2XRFmRfQ pascal@ifsr.de"
|
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAmb1kv+7HU1QKE53+gNxUhrggbwomC40Xjxd9hACkoo bennofs@d-cube"
|
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA0X6L7NwTHiOmFzo8mJBCy6H+DKUePAAXU4amm32DAQ fugi@arch"
|
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHD1ZkrAmC9g5eJPDgv4zuEM+UIIEWromDzM1ltHt4TM fugi@macbook"
|
|
||||||
# "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICBtP2ltExnQL5llOvfSKp6OCZKbPWsa2s6P0i00XyrH helene_emilia.hausmann@mailbox.tu-dresden.de"
|
|
||||||
# "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEXMHwy4AZ9B4pMRBa/P/rb7N3SCas9e7Lp89plTHdFS halcyon@eisvogel.moe"
|
|
||||||
# "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAJ7qUGZUjiDhQ6Se+aXr9DbgRTG2tx69owqVMkd2bna simon@mayushii"
|
|
||||||
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLlITzcTVnSi8EpEW3leSuqYCDhbnJyoGCjFOtIJ0Dl5uRNm0UNXS7AbQtLLylEeI1+/qinQDEWAJ6cBDAaPfNw= rouven@thinkpad"
|
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINJgYI2rXmw4uPXAMmOgqgJEwYfwj/IBExTCzs9Dgo+R w0lff"
|
|
||||||
];
|
|
||||||
keyFiles = [
|
|
||||||
../../keys/ssh/marcus-sapphire
|
|
||||||
../../keys/ssh/schrader
|
|
||||||
../../keys/ssh/jannusch
|
|
||||||
../../keys/ssh/jannusch-arch
|
|
||||||
../../keys/ssh/tassilo
|
|
||||||
../../keys/ssh/jonasga
|
|
||||||
../../keys/ssh/rouven
|
|
||||||
../../keys/ssh/joachim
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
time.timeZone = "Europe/Berlin";
|
|
||||||
|
|
||||||
# basic shell & editor
|
|
||||||
programs.vim.defaultEditor = true;
|
|
||||||
|
|
||||||
# List packages installed in system profile. To search, run:
|
|
||||||
# $ nix search wget
|
|
||||||
environment.systemPackages = with pkgs; [
|
|
||||||
atop
|
|
||||||
btop
|
|
||||||
bat
|
|
||||||
git
|
|
||||||
htop
|
|
||||||
fd
|
|
||||||
ripgrep
|
|
||||||
tldr
|
|
||||||
tmux
|
|
||||||
usbutils
|
|
||||||
wget
|
|
||||||
neovim
|
|
||||||
helix
|
|
||||||
nmap
|
|
||||||
tcpdump
|
|
||||||
bat
|
|
||||||
dig
|
|
||||||
ethtool
|
|
||||||
iftop
|
|
||||||
ipcalc
|
|
||||||
iperf3
|
|
||||||
ipv6calc
|
|
||||||
lsof
|
|
||||||
ltrace
|
|
||||||
strace
|
|
||||||
mtr
|
|
||||||
traceroute
|
|
||||||
smartmontools
|
|
||||||
sysstat
|
|
||||||
tree
|
|
||||||
whois
|
|
||||||
eza
|
|
||||||
zsh
|
|
||||||
unzip
|
|
||||||
];
|
|
||||||
}
|
|
||||||
|
|
||||||
114
modules/core/default.nix
Normal file → Executable file
114
modules/core/default.nix
Normal file → Executable file
|
|
@ -1,5 +1,5 @@
|
||||||
{ ... }:
|
{ pkgs, config, ... }: {
|
||||||
{
|
|
||||||
imports = [
|
imports = [
|
||||||
./base.nix
|
./base.nix
|
||||||
./logging.nix
|
./logging.nix
|
||||||
|
|
@ -12,4 +12,114 @@
|
||||||
./sssd.nix
|
./sssd.nix
|
||||||
./zsh.nix
|
./zsh.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
|
nix = {
|
||||||
|
extraOptions = ''
|
||||||
|
experimental-features = nix-command flakes
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
system.activationScripts.report-nixos-changes = ''
|
||||||
|
if [ -e /run/current-system ] && [ -e $systemConfig ]; then
|
||||||
|
echo System package diff:
|
||||||
|
${config.nix.package}/bin/nix store diff-closures /run/current-system $systemConfig || true
|
||||||
|
fi
|
||||||
|
|
||||||
|
NO_FORMAT="\033[0m"
|
||||||
|
F_BOLD="\033[1m"
|
||||||
|
C_RED="\033[38;5;9m"
|
||||||
|
${pkgs.diffutils}/bin/cmp --silent \
|
||||||
|
<(readlink /run/current-system/{initrd,kernel,kernel-modules}) \
|
||||||
|
<(readlink $systemConfig/{initrd,kernel,kernel-modules}) \
|
||||||
|
|| echo -e "''${F_BOLD}''${C_RED}Kernel version changed, reboot is advised.''${NO_FORMAT}"
|
||||||
|
'';
|
||||||
|
|
||||||
|
# Select internationalisation properties.
|
||||||
|
console = {
|
||||||
|
#font = "Lat2-Terminus16";
|
||||||
|
font = "${pkgs.terminus_font}/share/consolefonts/ter-u28n.psf.gz";
|
||||||
|
keyMap = pkgs.lib.mkForce "uk";
|
||||||
|
};
|
||||||
|
|
||||||
|
# Enable the OpenSSH daemon.
|
||||||
|
services.openssh.enable = true;
|
||||||
|
programs.mosh.enable = true;
|
||||||
|
|
||||||
|
# vs code server
|
||||||
|
services.vscode-server.enable = true;
|
||||||
|
|
||||||
|
# set root ssh keys
|
||||||
|
users.users.root.openssh.authorizedKeys = {
|
||||||
|
keys = [
|
||||||
|
# RSA keys go into keyFiles because they're shamefully long
|
||||||
|
# "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPS8xkNH7JvKblekx5oel4HVKCz3uBbQYEaR9Z9nzTAr manuel@ifsr.de"
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINogGKyXieCXQvVTa1z3ArS1TlqcVl2sSqvMpOjQo/Um jakob@krbs.me"
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICjNYNRBsY/Dc+/XOaGDui9tRa4VGPsHwYo3irGnMRbR felix@tycho"
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDdOcXORg+akeN2t3yZlKWdoTURKxtV29eQ7UrIMkCHv felix@entropy"
|
||||||
|
# "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH73n+ZfJqNzIh9rPh6JYQaI4OAw9WKkPeqj2XRFmRfQ pascal@ifsr.de"
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAmb1kv+7HU1QKE53+gNxUhrggbwomC40Xjxd9hACkoo bennofs@d-cube"
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA0X6L7NwTHiOmFzo8mJBCy6H+DKUePAAXU4amm32DAQ fugi@arch"
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHD1ZkrAmC9g5eJPDgv4zuEM+UIIEWromDzM1ltHt4TM fugi@macbook"
|
||||||
|
# "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICBtP2ltExnQL5llOvfSKp6OCZKbPWsa2s6P0i00XyrH helene_emilia.hausmann@mailbox.tu-dresden.de"
|
||||||
|
# "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEXMHwy4AZ9B4pMRBa/P/rb7N3SCas9e7Lp89plTHdFS halcyon@eisvogel.moe"
|
||||||
|
# "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAJ7qUGZUjiDhQ6Se+aXr9DbgRTG2tx69owqVMkd2bna simon@mayushii"
|
||||||
|
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLlITzcTVnSi8EpEW3leSuqYCDhbnJyoGCjFOtIJ0Dl5uRNm0UNXS7AbQtLLylEeI1+/qinQDEWAJ6cBDAaPfNw= rouven@thinkpad"
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINJgYI2rXmw4uPXAMmOgqgJEwYfwj/IBExTCzs9Dgo+R w0lff"
|
||||||
|
];
|
||||||
|
keyFiles = [
|
||||||
|
../../keys/ssh/marcus-sapphire
|
||||||
|
../../keys/ssh/schrader
|
||||||
|
../../keys/ssh/jannusch
|
||||||
|
../../keys/ssh/jannusch-arch
|
||||||
|
../../keys/ssh/tassilo
|
||||||
|
../../keys/ssh/jonasga
|
||||||
|
../../keys/ssh/rouven
|
||||||
|
../../keys/ssh/joachim
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
time.timeZone = "Europe/Berlin";
|
||||||
|
|
||||||
|
# basic shell & editor
|
||||||
|
programs.vim.defaultEditor = true;
|
||||||
|
|
||||||
|
# List packages installed in system profile. To search, run:
|
||||||
|
# $ nix search wget
|
||||||
|
environment.systemPackages = with pkgs; [
|
||||||
|
atop
|
||||||
|
btop
|
||||||
|
bat
|
||||||
|
git
|
||||||
|
htop-vim
|
||||||
|
fd
|
||||||
|
ripgrep
|
||||||
|
tldr
|
||||||
|
tmux
|
||||||
|
usbutils
|
||||||
|
wget
|
||||||
|
neovim
|
||||||
|
helix
|
||||||
|
nmap
|
||||||
|
tcpdump
|
||||||
|
bat
|
||||||
|
dig
|
||||||
|
ethtool
|
||||||
|
iftop
|
||||||
|
ipcalc
|
||||||
|
iperf3
|
||||||
|
ipv6calc
|
||||||
|
lsof
|
||||||
|
ltrace
|
||||||
|
strace
|
||||||
|
mtr
|
||||||
|
traceroute
|
||||||
|
smartmontools
|
||||||
|
sysstat
|
||||||
|
tree
|
||||||
|
whois
|
||||||
|
eza
|
||||||
|
zsh
|
||||||
|
unzip
|
||||||
|
];
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -18,6 +18,7 @@
|
||||||
};
|
};
|
||||||
|
|
||||||
config = {
|
config = {
|
||||||
|
networking.firewall.allowedTCPPorts = [ 443 80 ];
|
||||||
services.nginx = {
|
services.nginx = {
|
||||||
additionalModules = [ pkgs.nginxModules.pam ];
|
additionalModules = [ pkgs.nginxModules.pam ];
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue