summaryrefslogtreecommitdiffstats
path: root/makefu/2configs/minimal.nix
diff options
context:
space:
mode:
authorjeschli <jeschli@gmail.com>2018-10-26 12:25:40 +0200
committerjeschli <jeschli@gmail.com>2018-10-26 12:25:40 +0200
commita6670e5090dd71aacd7c7605b12d8d3410d25daa (patch)
tree8475a3cc3583d94959a1cc8b6effcd3b8c10a32a /makefu/2configs/minimal.nix
parentf6ad60a0c6cbac45e8ba715b24a7a37f8e2560dc (diff)
parent24f4e8dcf0eca55378fa018a9ed980625222653d (diff)
Merge remote-tracking branch 'origin/master'
Diffstat (limited to 'makefu/2configs/minimal.nix')
-rw-r--r--makefu/2configs/minimal.nix88
1 files changed, 88 insertions, 0 deletions
diff --git a/makefu/2configs/minimal.nix b/makefu/2configs/minimal.nix
new file mode 100644
index 000000000..d764e5624
--- /dev/null
+++ b/makefu/2configs/minimal.nix
@@ -0,0 +1,88 @@
+{ lib, pkgs, config, ... }:
+# minimal subset of sane configuration for stockholm
+{
+ # nobody needs this
+ programs.command-not-found.enable = false;
+
+ # the only true timezone (even after the the removal of DST)
+ time.timeZone = "Europe/Berlin";
+
+ networking.hostName = config.krebs.build.host.name;
+ nix.buildCores = config.krebs.build.host.cores;
+
+ # we use gpg if necessary (or nothing at all)
+ programs.ssh.startAgent = false;
+
+ # all boxes look the same
+ nix.useSandbox = true;
+ # we configure users via nix
+ users.mutableUsers = false;
+
+ # sane firewalling
+ networking.firewall.rejectPackets = true;
+ networking.firewall.allowPing = true;
+
+ # openssh all the way down
+ services.openssh.enable = true;
+
+ # we use stockholm via populate
+ nix.nixPath = [ "/var/src" ];
+
+ environment.variables = let
+ ca-bundle = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
+ in {
+ NIX_PATH = lib.mkForce "/var/src";
+ EDITOR = lib.mkForce "vim";
+ CURL_CA_BUNDLE = ca-bundle;
+ GIT_SSL_CAINFO = ca-bundle;
+ SSL_CERT_FILE = ca-bundle;
+ };
+
+ programs.bash = {
+ interactiveShellInit = ''
+ HISTCONTROL='erasedups:ignorespace'
+ HISTSIZE=900001
+ HISTFILESIZE=$HISTSIZE
+
+ shopt -s checkhash
+ shopt -s histappend histreedit histverify
+ shopt -s no_empty_cmd_completion
+ '';
+
+ promptInit = ''
+ case $UID in
+ 0) PS1='\[\e[1;31m\]\w\[\e[0m\] ' ;;
+ 9001) PS1='\[\e[1;32m\]\w\[\e[0m\] ' ;;
+ *) PS1='\[\e[1;35m\]\u \[\e[1;32m\]\w\[\e[0m\] ' ;;
+ esac
+ if test -n "$SSH_CLIENT"; then
+ PS1='\[\033[35m\]\h'" $PS1"
+ fi
+ '';
+ };
+
+ # trust the cool guys
+ networking.timeServers = [
+ "pool.ntp.org"
+ "time.nist.gov"
+ ];
+
+ # the only locale you will ever need
+ i18n = {
+ consoleKeyMap = "us";
+ defaultLocale = "en_US.UTF-8";
+ };
+
+ # suppress chrome autit event messages
+ security.audit = {
+ rules = [
+ "-a task,never"
+ ];
+ };
+
+ # Enable IPv6 Privacy Extensions
+ boot.kernel.sysctl = {
+ "net.ipv6.conf.all.use_tempaddr" = 2;
+ "net.ipv6.conf.default.use_tempaddr" = 2;
+ };
+}