xin/hosts/litr/default.nix

{ config, pkgs, lib, ... }:

let
  pubKeys = [
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIITjFpmWZVWixv2i9902R+g5B8umVhaqmjYEKs2nF3Lu qbit@tal.tapenet.org"
    "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIA7khawMK6P0fXjhXXPEUTA2rF2tYB2VhzseZA/EQ/OtAAAAC3NzaDpncmVhdGVy qbit@litr.bold.daemon"
    "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIB1cBO17AFcS2NtIT+rIxR2Fhdu3HD4de4+IsFyKKuGQAAAACnNzaDpsZXNzZXI= qbit@litr.bold.daemon"
    "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBB/V8N5fqlSGgRCtLJMLDJ8Hd3JcJcY8skI0l+byLNRgQLZfTQRxlZ1yymRs36rXj+ASTnyw5ZDv+q2aXP7Lj0= hosts@secretive.plq.local"
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7v+/xS8832iMqJHCWsxUZ8zYoMWoZhjj++e26g1fLT europa"
  ];

  userBase = { openssh.authorizedKeys.keys = pubKeys; };

in {
  _module.args.isUnstable = true;
  imports = [ ./hardware-configuration.nix ../../overlays/default.nix ];

  doas.enable = true;
  kde.enable = true;
  jetbrains.enable = true;
  sshFidoAgent.enable = true;

  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;
  boot.blacklistedKernelModules = [ "dvb_usb_rtl28xxu" ];

  boot.kernelPackages = pkgs.linuxPackages_latest;

  networking.hostName = "litr";
  networking.hosts."172.16.30.253" = [ "proxmox-02.vm.calyptix.local" ];
  networking.hosts."127.0.0.1" = [ "borg.calyptix.dev" "localhost" ];
  networking.hosts."192.168.122.133" = [ "arst.arst" "vm" ];

  networking.networkmanager.enable = true;

  preDNS.enable = false;

  sops.secrets = {
    tskey = {
      sopsFile = config.xin-secrets.litr.secrets;
      owner = "root";
      mode = "400";
    };
  };

  systemd.services = {
    "tailscale-init" = {
      wantedBy = [ "tailscaled.service" ];
      after = [ "tailscaled.service" ];
      serviceConfig = {
        ExecStart =
          "${pkgs.tailscale}/bin/tailscale up --auth-key file://${config.sops.secrets.tskey.path}";
      };
    };
  };

  environment.systemPackages = with pkgs; [
    arcanPackages.all-wrapped
    aircrack-ng
    apg
    barrier
    barrier
    firefox
    fzf
    gnome.gnome-keyring
    ispell
    jitsi-meet-electron
    keychain
    kismet
    matterhorn
    mercurial
    mosh
    mupdf
    nfs-utils
    nmap
    nodejs
    notejot
    oathToolkit
    obs-studio
    openvpn
    rbw
    rust-analyzer
    silver-searcher
    sshfs
    tcpdump
    teams
    tor
    uucp
    vlc
    vscode
    wireshark
    virt-manager

    google-chrome-dev
  ];

  nixpkgs.config.allowUnfree = true;

  virtualisation.libvirtd.enable = true;
  programs.dconf.enable = true;

  services = {
    fwupd.enable = true;
    unifi.enable = true;
    openntpd.enable = true;
    resolved = {
      enable = true;
      dnssec = "allow-downgrade";
    };
  };

  networking.firewall = {
    allowedTCPPorts = [ 22 ];
    checkReversePath = "loose";
  };

  users.users.root = userBase;
  users.users.abieber = userBase // {
    isNormalUser = true;
    shell = pkgs.zsh;
    extraGroups = [ "wheel" "networkmanager" "libvirtd" ];
  };

  programs.zsh.enable = true;

  system.stateVersion = "20.03"; # Did you read the comment?
}
hello world! 2022-08-25 12:21:35 -06:00			`{ config, pkgs, lib, ... }:`

			`let`
			`pubKeys = [`
			`"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIITjFpmWZVWixv2i9902R+g5B8umVhaqmjYEKs2nF3Lu qbit@tal.tapenet.org"`
			`"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIA7khawMK6P0fXjhXXPEUTA2rF2tYB2VhzseZA/EQ/OtAAAAC3NzaDpncmVhdGVy qbit@litr.bold.daemon"`
			`"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIB1cBO17AFcS2NtIT+rIxR2Fhdu3HD4de4+IsFyKKuGQAAAACnNzaDpsZXNzZXI= qbit@litr.bold.daemon"`
			`"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBB/V8N5fqlSGgRCtLJMLDJ8Hd3JcJcY8skI0l+byLNRgQLZfTQRxlZ1yymRs36rXj+ASTnyw5ZDv+q2aXP7Lj0= hosts@secretive.plq.local"`
			`"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7v+/xS8832iMqJHCWsxUZ8zYoMWoZhjj++e26g1fLT europa"`
			`];`

			`userBase = { openssh.authorizedKeys.keys = pubKeys; };`

			`in {`
			`_module.args.isUnstable = true;`
			`imports = [ ./hardware-configuration.nix ../../overlays/default.nix ];`

			`doas.enable = true;`
			`kde.enable = true;`
			`jetbrains.enable = true;`
			`sshFidoAgent.enable = true;`

			`boot.loader.systemd-boot.enable = true;`
			`boot.loader.efi.canTouchEfiVariables = true;`
			`boot.blacklistedKernelModules = [ "dvb_usb_rtl28xxu" ];`

			`boot.kernelPackages = pkgs.linuxPackages_latest;`

			`networking.hostName = "litr";`
			`networking.hosts."172.16.30.253" = [ "proxmox-02.vm.calyptix.local" ];`
			`networking.hosts."127.0.0.1" = [ "borg.calyptix.dev" "localhost" ];`
			`networking.hosts."192.168.122.133" = [ "arst.arst" "vm" ];`

			`networking.networkmanager.enable = true;`

			`preDNS.enable = false;`

			`sops.secrets = {`
			`tskey = {`
			`sopsFile = config.xin-secrets.litr.secrets;`
			`owner = "root";`
			`mode = "400";`
			`};`
			`};`

			`systemd.services = {`
			`"tailscale-init" = {`
			`wantedBy = [ "tailscaled.service" ];`
			`after = [ "tailscaled.service" ];`
			`serviceConfig = {`
			`ExecStart =`
			`"${pkgs.tailscale}/bin/tailscale up --auth-key file://${config.sops.secrets.tskey.path}";`
			`};`
			`};`
			`};`

			`environment.systemPackages = with pkgs; [`
			`arcanPackages.all-wrapped`
			`aircrack-ng`
			`apg`
			`barrier`
			`barrier`
			`firefox`
			`fzf`
			`gnome.gnome-keyring`
			`ispell`
			`jitsi-meet-electron`
			`keychain`
			`kismet`
			`matterhorn`
			`mercurial`
			`mosh`
			`mupdf`
			`nfs-utils`
			`nmap`
			`nodejs`
			`notejot`
			`oathToolkit`
			`obs-studio`
			`openvpn`
			`rbw`
			`rust-analyzer`
			`silver-searcher`
			`sshfs`
			`tcpdump`
			`teams`
			`tor`
			`uucp`
			`vlc`
			`vscode`
			`wireshark`
			`virt-manager`

			`google-chrome-dev`
			`];`

			`nixpkgs.config.allowUnfree = true;`

			`virtualisation.libvirtd.enable = true;`
			`programs.dconf.enable = true;`

			`services = {`
			`fwupd.enable = true;`
			`unifi.enable = true;`
			`openntpd.enable = true;`
			`resolved = {`
			`enable = true;`
			`dnssec = "allow-downgrade";`
			`};`
			`};`

			`networking.firewall = {`
			`allowedTCPPorts = [ 22 ];`
			`checkReversePath = "loose";`
			`};`

			`users.users.root = userBase;`
			`users.users.abieber = userBase // {`
			`isNormalUser = true;`
			`shell = pkgs.zsh;`
			`extraGroups = [ "wheel" "networkmanager" "libvirtd" ];`
			`};`

			`programs.zsh.enable = true;`

			`system.stateVersion = "20.03"; # Did you read the comment?`
			`}`