174 lines
4.9 KiB
Nix
174 lines
4.9 KiB
Nix
{ config
|
|
, lib
|
|
, pkgs
|
|
, ...
|
|
}:
|
|
let
|
|
managementKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDM2k2C6Ufx5RNf4qWA9BdQHJfAkskOaqEWf8yjpySwH Nix Manager";
|
|
in
|
|
{
|
|
imports = [ ./configs/colemak.nix ./configs/tmux.nix ./configs/neovim.nix ];
|
|
|
|
options.myconf = {
|
|
hwPubKeys = lib.mkOption rec {
|
|
type = lib.types.listOf lib.types.str;
|
|
default = [
|
|
managementKey
|
|
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIB1cBO17AFcS2NtIT+rIxR2Fhdu3HD4de4+IsFyKKuGQAAAACnNzaDpsZXNzZXI="
|
|
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIDEKElNAm/BhLnk4Tlo00eHN5bO131daqt2DIeikw0b2AAAABHNzaDo="
|
|
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBB/V8N5fqlSGgRCtLJMLDJ8Hd3JcJcY8skI0l+byLNRgQLZfTQRxlZ1yymRs36rXj+ASTnyw5ZDv+q2aXP7Lj0="
|
|
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIHrYWbbgBkGcOntDqdMaWVZ9xn+dHM+Ap6s1HSAalL28AAAACHNzaDptYWlu"
|
|
];
|
|
example = default;
|
|
description = "List of hardwar public keys to use";
|
|
};
|
|
zshPrompt = lib.mkOption rec {
|
|
type = lib.types.lines;
|
|
example = default;
|
|
description = "Base zsh prompt";
|
|
default = ''
|
|
autoload -U promptinit && promptinit
|
|
autoload -Uz vcs_info
|
|
autoload -Uz colors && colors
|
|
|
|
setopt prompt_subst
|
|
#setopt prompt_sp
|
|
|
|
zstyle ':vcs_info:*' enable git hg cvs
|
|
zstyle ':vcs_info:*' get-revision true
|
|
zstyle ':vcs_info:git:*' check-for-changes true
|
|
zstyle ':vcs_info:git:*' formats '(%b)'
|
|
|
|
precmd_vcs_info() { vcs_info }
|
|
precmd_functions+=( precmd_vcs_info )
|
|
|
|
prompt_char() {
|
|
if [ -z "$IN_NIX_SHELL" ]; then
|
|
echo -n "%#"
|
|
else
|
|
echo -n ";"
|
|
fi
|
|
}
|
|
|
|
PROMPT='%n@%m[%(?.%{$fg[default]%}.%{$fg[red]%})%?%{$reset_color%}]:%~$vcs_info_msg_0_$(prompt_char) '
|
|
|
|
eval "$(direnv hook zsh)"
|
|
|
|
'';
|
|
};
|
|
zshConf = lib.mkOption rec {
|
|
type = lib.types.lines;
|
|
example = default;
|
|
description = "Base zsh config";
|
|
default = ''
|
|
export NO_COLOR=1
|
|
# That sweet sweet ^W
|
|
WORDCHARS='*?_-.[]~=&;!#$%^(){}<>'
|
|
|
|
autoload -Uz compinit && compinit
|
|
|
|
set -o emacs
|
|
|
|
'';
|
|
};
|
|
};
|
|
|
|
config = {
|
|
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
|
|
|
# from https://github.com/dylanaraps/neofetch
|
|
users.motd = ''
|
|
|
|
::::. '::::: ::::'
|
|
'::::: ':::::. ::::'
|
|
::::: '::::.:::::
|
|
.......:::::..... ::::::::
|
|
::::::::::::::::::. :::::: ::::.
|
|
::::::::::::::::::::: :::::. ::::'
|
|
..... ::::' :::::'
|
|
::::: '::' :::::'
|
|
........::::: ' :::::::::::.
|
|
::::::::::::: :::::::::::::
|
|
::::::::::: .. :::::
|
|
.::::: .::: :::::
|
|
.::::: .....
|
|
::::: :::::. ......:::::::::::::'
|
|
::: ::::::. ':::::::::::::::::'
|
|
.:::::::: '::::::::::
|
|
.::::'''::::. '::::.
|
|
.::::' ::::. '::::.
|
|
.:::: :::: '::::.
|
|
|
|
'';
|
|
boot.tmp.cleanOnBoot = true;
|
|
|
|
environment = {
|
|
systemPackages = with pkgs; [ apg inetutils ];
|
|
|
|
interactiveShellInit = ''
|
|
alias vi=nvim
|
|
'';
|
|
};
|
|
|
|
time.timeZone = "US/Mountain";
|
|
|
|
systemd.services."setdate" =
|
|
if pkgs.system == "aarch64-linux"
|
|
then {
|
|
description = "Set date on boot";
|
|
wants =
|
|
[ "network-online.target" "multi-user.target" ];
|
|
before = [ "matrix-synapse.service" ];
|
|
wantedBy = [ "multi-user.target" ];
|
|
after = [ "network-online.target" ];
|
|
script = ''
|
|
. /etc/profile;
|
|
${pkgs.outils}/bin/rdate pool.ntp.org
|
|
'';
|
|
serviceConfig.Type = "oneshot";
|
|
}
|
|
else { };
|
|
|
|
programs = {
|
|
zsh.enable = true;
|
|
ssh = {
|
|
startAgent = true;
|
|
extraConfig = "";
|
|
};
|
|
};
|
|
|
|
users.users.root = {
|
|
openssh.authorizedKeys.keys = config.myconf.hwPubKeys;
|
|
};
|
|
|
|
environment = {
|
|
etc."configuration-template.nix" = {
|
|
source = ./install_template.nix;
|
|
mode = "0644";
|
|
};
|
|
systemPackages = [
|
|
jq
|
|
];
|
|
};
|
|
|
|
services = {
|
|
openntpd.enable = true;
|
|
pcscd.enable = true;
|
|
openssh = {
|
|
enable = true;
|
|
settings = {
|
|
PermitRootLogin = lib.mkForce "prohibit-password";
|
|
PasswordAuthentication = false;
|
|
KexAlgorithms = [ "curve25519-sha256" "curve25519-sha256@libssh.org" ];
|
|
Macs = [
|
|
"hmac-sha2-512-etm@openssh.com"
|
|
"hmac-sha2-256-etm@openssh.com"
|
|
"umac-128-etm@openssh.com"
|
|
];
|
|
};
|
|
};
|
|
};
|
|
system.stateVersion = "21.11";
|
|
};
|
|
}
|