صفحهٔ اصلی گشت‌و‌گذار راهنما
ورود
djm
/
dotfiles
mirrorاز https://git.sr.ht/~djm/dotfiles/
دنبال کردن 1
ستاره دار 0
انشعاب 0
پرونده‌ها
شاخه: master
شاخه‌ها تگ‌ها
dotfiles
/
nix-conf
/
machines
/
djmuk1
/
configuration.nix

configuration.nix 2.1 KB
لینک دائمی تاريخچه خام

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293 
  1. { config, pkgs, ... }:
    2. 

  2. {
    3. 

  3.   imports = [ ./hardware-configuration.nix ];
    4. 

  4. 

  5.   boot.tmp.cleanOnBoot = true;
    6. 

  6. 

  7.   networking.hostName = "djmuk1";
    8. 

  8.   networking.firewall = {
    9. 

  9.     enable = true;
    10. 

  10.     allowedTCPPorts = [ 113 ];
    11. 

  11.   };
    12. 

  12. 

  13.   services.openssh = {
    14. 

  14.     enable = true;
    15. 

  15.     settings = {
    16. 

  16.       PermitRootLogin = "no";
    17. 

  17.       PasswordAuthentication = false;
    18. 

  18.       KbdInteractiveAuthentication = false;
    19. 

  19.     };
    20. 

  20.     extraConfig = ''
    21. 

  21.       #AllowTcpForwarding yes
    22. 

  22.       X11Forwarding no
    23. 

  23.       AllowAgentForwarding no
    24. 

  24.       AllowStreamLocalForwarding no
    25. 

  25.       AuthenticationMethods publickey
    26. 

  26.       AllowUsers djm
    27. 

  27.     '';
    28. 

  28.   };
    29. 

  29.   services.sshguard.enable = true;
    30. 

  30.   services.oidentd.enable = true;
    31. 

  31. 

  32.   services.locate = {
    33. 

  33.     enable = true;
    34. 

  34.     package = pkgs.plocate;
    35. 

  35.     localuser = null;
    36. 

  36.   };
    37. 

  37. 

  38.   users.users.djm = {
    39. 

  39.     isNormalUser = true;
    40. 

  40.     home = "/home/djm";
    41. 

  41.     description = "David Morgan";
    42. 

  42.     extraGroups = [
    43. 

  43.       "wheel"
    44. 

  44.       "plocate"
    45. 

  45.     ];
    46. 

  46.     shell = pkgs.zsh;
    47. 

  47.     openssh.authorizedKeys.keys = [
    48. 

  48.       "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCurCpxZCHtByB5wXzsjTXwMyDSB4+B8rq5XY6EGss58NwD8jc5cII4i+QUbCOGTiAggSZUSC9YIP24hjpOeNT/IYs5m7Qn1B9MtBAiUSrIYew8eDwnMLlPzN+k2x9zCrJeCHIvGJaFHPXTh1Lf5Jt2fPVGW9lksE/XUVOe6ht4N/b+nqqszXFhc8Ug6le2bC1YeTCVEf8pjlh/I7DkDBl6IB8uEXc3X2vxxbV0Z4vlBrFkkAywcD3j5VlS/QYfBr4BICNmq/sO3fMkbMbtAPwuFxeL4+h6426AARQZiSS0qVEc8OoFRBVx3GEH5fqVAWfB1geyLzei22HbjUcT9+xN davidmo@gendros"
    49. 

  49.       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK9UDTaVnUOU/JknrNdihlhhGOk53LmHq9I1ASri3aga djm@gaius"
    50. 

  50.     ];
    51. 

  51.   };
    52. 

  52. 

  53.   security.sudo.extraConfig = ''
    54. 

  54.     djm ALL=(ALL) NOPASSWD: ALL
    55. 

  55.   '';
    56. 

  56.   security.doas = {
    57. 

  57.     enable = true;
    58. 

  58.     extraRules = [
    59. 

  59.       {
    60. 

  60.         users = [ "djm" ];
    61. 

  61.         noPass = true;
    62. 

  62.         keepEnv = true;
    63. 

  63.       }
    64. 

  64.     ];
    65. 

  65.   };
    66. 

  66. 

  67.   programs.zsh.enable = true;
    68. 

  68. 

  69.   programs.vim = {
    70. 

  70.     enable = true;
    71. 

  71.     defaultEditor = true;
    72. 

  72.   };
    73. 

  73. 

  74.   environment.systemPackages = with pkgs; [
    75. 

  75.     #procmail
    76. 

  76.     wget
    77. 

  77.   ];
    78. 

  78. 

  79.   nix.settings.trusted-users = [
    80. 

  80.     "root"
    81. 

  81.     "djm"
    82. 

  82.   ];
    83. 

  83. 

  84.   i18n.defaultLocale = "en_GB.UTF-8";
    85. 

  85. 

  86.   swapDevices = [ {
    87. 

  87.     device = "/var/lib/swapfile";
    88. 

  88.     size = 2*1024;
    89. 

  89.   } ];
    90. 

  90. 

  91.   system.stateVersion = "23.11";
    92. 

  92. }
    93. 

  93.