pwntie: init

This commit is contained in:
Aaron Bieber 2022-12-31 05:53:50 -07:00
parent 1749fc237a
commit 5b61f1d7f6
No known key found for this signature in database
4 changed files with 150 additions and 0 deletions

View File

@ -180,6 +180,7 @@
] "europa";
pwntie = buildSys "x86_64-linux" unstable [ ] "pwntie";
stan = buildSys "x86_64-linux" unstable [ ] "stan";
weather = buildSys "aarch64-linux" stable
[ nixos-hardware.nixosModules.raspberry-pi-4 ] "weather";

hosts/pwntie/default.nix Normal file
View File

@ -0,0 +1,64 @@
{ config, pkgs, ... }:
pubKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7v+/xS8832iMqJHCWsxUZ8zYoMWoZhjj++e26g1fLT europa"
in {
_module.args.isUnstable = true;
imports = [ ./hardware-configuration.nix ];
# Bootloader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.efi.efiSysMountPoint = "/boot/efi";
networking = {
hostName = "pwntie";
networkmanager.enable = true;
firewall = {
enable = true;
allowedTCPPorts = [ 22 ];
checkReversePath = "loose";
virtualisation.libvirtd.enable = true;
environment.sessionVariables = {
XDG_BIN_HOME = "\${HOME}/.local/bin";
XDG_CACHE_HOME = "\${HOME}/.cache";
XDG_CONFIG_HOME = "\${HOME}/.config";
XDG_DATA_HOME = "\${HOME}/.local/share";
PATH = [ "\${XDG_BIN_HOME}" ];
kde.enable = true;
users.users.qbit.extraGroups = [ "dialout" "libvirtd" "docker" ];
nixpkgs.config.allowUnfree = true;
programs = {
steam.enable = true;
_1password.enable = true;
_1password-gui = {
enable = true;
polkitPolicyOwners = [ "qbit" ];
dconf.enable = true;
environment.systemPackages = with pkgs; [ neovim nixfmt jq ];
services.openssh = {
enable = true;
permitRootLogin = "prohibit-password";
users.users.root = { openssh.authorizedKeys.keys = pubKeys; };
system.stateVersion = "22.11";

View File

@ -0,0 +1,40 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules =
[ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/dd7f2225-4c7a-4f40-8452-0aebf1a75aec";
fsType = "ext4";
fileSystems."/boot/efi" = {
device = "/dev/disk/by-uuid/2079-D1CE";
fsType = "vfat";
swapDevices =
[{ device = "/dev/disk/by-uuid/e14ac85b-d7b0-4a76-b9ab-a2c61fd67a5d"; }];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp10s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode =
lib.mkDefault config.hardware.enableRedistributableFirmware;
# high-resolution display = lib.mkDefault true;

modules/mu.nix Normal file
View File

@ -0,0 +1,45 @@
{ config, lib, pkgs, ... }:
cfg = config.muServer;
mu = "${}/bin/mu";
muInitScript = pkgs.writeScriptBin "mu-init-script" ''
set -eu
while true; do
if [ ! -d ${cfg.muHome} ]; then
${mu} init --muhome="${cfg.muHome}" --maildir="${cfg.mailDir}" --my-address="${cfg.emailAddress}"
in {
options = with lib; {
muServer = {
enable = lib.mkEnableOption "Enable mu server";
muHome = lib.mkOption {
type = types.path;
default = "~/.mu";
mailDir = lib.mkOption {
type = types.path;
default = "~/Maildir";
emailAddress = lib.mkOption {
type = types.string;
default = "";
config = lib.mkIf config.muServer.enable {
environment.systemPackages = [ muInitScript ]; = {
script = "${muInitScript}";
wantedBy = [ "" ];
partOf = [ "" ];
after = [ "" ];
serviceConfig = { Restart = "on-failure"; };