summaryrefslogtreecommitdiffstats
path: root/makefu/2configs/default.nix
blob: 66c77e1eb4702ee1edafd618cccdfd90880f9cea (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
{ config, lib, pkgs, ... }:

with import <stockholm/lib>;
{
  imports = [
    {
      users.users =
        mapAttrs (_: h: { hashedPassword = h; })
                 (import <secrets/hashedPasswords.nix>);
    }
    ./editor/vim.nix
    ./binary-cache/nixos.nix
    ./minimal.nix
    ./security/hotfix.nix
  ];

  # users are super important
  users.users = {
    root = {
        openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ];
    };
    makefu = {
      uid = 9001;
      group = "users";
      home = "/home/makefu";
      createHome = true;
      isNormalUser = true;
      useDefaultShell = true;
      extraGroups = [ "wheel" ];
        openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ];
    };
  };
  nix.trustedUsers = [ config.krebs.build.user.name ];

  boot.kernelPackages = lib.mkDefault pkgs.linuxPackages;

  nixpkgs.config.allowUnfreePredicate = pkg: packageName pkg == "unrar";

  krebs = {
    enable = true;

    dns.providers.lan  = "hosts";
    build.user = config.krebs.users.makefu;
  };


  boot.tmpOnTmpfs = true;

  environment.systemPackages = with pkgs; [
      jq
      git
      gnumake
      rxvt_unicode.terminfo
      htop
      nix-output-monitor
  ];

  programs.bash.enableCompletion = true;

  environment.shellAliases = {
    # TODO: see .aliases
    lsl = "ls -lAtr";
    ip = "ip -c -br";
    dmesg = "dmesg -L --reltime";
    psg = "ps -ef | grep";
    nmap = "nmap -oN $HOME/loot/scan-`date +\%s`.nmap -oX $HOME/loot/scan-`date +%s`.xml";
    grep = "grep --color=auto";
  };

  nixpkgs.config.packageOverrides = pkgs: {
    nano = pkgs.runCommand "empty" {} "mkdir -p $out";
    tinc = pkgs.tinc_pre;
  };


  nix.extraOptions = ''
    auto-optimise-store = true
  '';

  #security.wrappers.sendmail = {
  #  source = "${pkgs.exim}/bin/sendmail";
  #  setuid = true;
  #};
  services.journald.extraConfig = ''
    SystemMaxUse=1G
    RuntimeMaxUse=128M
    '';
  environment.pathsToLink = [ "/share" ];
  security.acme = {
    defaults.email = "letsencrypt@syntax-fehler.de";
    acceptTerms = true;
  };
  system.stateVersion = lib.mkDefault "20.03";
  services.postgresql.package = pkgs.postgresql_14;
}