xin/installer.nix

174 lines
4.9 KiB
Nix

{ config
, lib
, pkgs
, ...
}:
let
managementKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDM2k2C6Ufx5RNf4qWA9BdQHJfAkskOaqEWf8yjpySwH Nix Manager";
in
{
imports = [ ./configs/colemak.nix ./configs/tmux.nix ./configs/neovim.nix ];
options.myconf = {
hwPubKeys = lib.mkOption rec {
type = lib.types.listOf lib.types.str;
default = [
managementKey
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIB1cBO17AFcS2NtIT+rIxR2Fhdu3HD4de4+IsFyKKuGQAAAACnNzaDpsZXNzZXI="
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIDEKElNAm/BhLnk4Tlo00eHN5bO131daqt2DIeikw0b2AAAABHNzaDo="
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBB/V8N5fqlSGgRCtLJMLDJ8Hd3JcJcY8skI0l+byLNRgQLZfTQRxlZ1yymRs36rXj+ASTnyw5ZDv+q2aXP7Lj0="
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIHrYWbbgBkGcOntDqdMaWVZ9xn+dHM+Ap6s1HSAalL28AAAACHNzaDptYWlu"
];
example = default;
description = "List of hardwar public keys to use";
};
zshPrompt = lib.mkOption rec {
type = lib.types.lines;
example = default;
description = "Base zsh prompt";
default = ''
autoload -U promptinit && promptinit
autoload -Uz vcs_info
autoload -Uz colors && colors
setopt prompt_subst
#setopt prompt_sp
zstyle ':vcs_info:*' enable git hg cvs
zstyle ':vcs_info:*' get-revision true
zstyle ':vcs_info:git:*' check-for-changes true
zstyle ':vcs_info:git:*' formats '(%b)'
precmd_vcs_info() { vcs_info }
precmd_functions+=( precmd_vcs_info )
prompt_char() {
if [ -z "$IN_NIX_SHELL" ]; then
echo -n "%#"
else
echo -n ";"
fi
}
PROMPT='%n@%m[%(?.%{$fg[default]%}.%{$fg[red]%})%?%{$reset_color%}]:%~$vcs_info_msg_0_$(prompt_char) '
eval "$(direnv hook zsh)"
'';
};
zshConf = lib.mkOption rec {
type = lib.types.lines;
example = default;
description = "Base zsh config";
default = ''
export NO_COLOR=1
# That sweet sweet ^W
WORDCHARS='*?_-.[]~=&;!#$%^(){}<>'
autoload -Uz compinit && compinit
set -o emacs
'';
};
};
config = {
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
# from https://github.com/dylanaraps/neofetch
users.motd = ''
::::. '::::: ::::'
'::::: ':::::. ::::'
::::: '::::.:::::
.......:::::..... ::::::::
::::::::::::::::::. :::::: ::::.
::::::::::::::::::::: :::::. ::::'
..... ::::' :::::'
::::: '::' :::::'
........::::: ' :::::::::::.
::::::::::::: :::::::::::::
::::::::::: .. :::::
.::::: .::: :::::
.::::: .....
::::: :::::. ......:::::::::::::'
::: ::::::. ':::::::::::::::::'
.:::::::: '::::::::::
.::::'''::::. '::::.
.::::' ::::. '::::.
.:::: :::: '::::.
'';
boot.tmp.cleanOnBoot = true;
environment = {
systemPackages = with pkgs; [ apg inetutils ];
interactiveShellInit = ''
alias vi=nvim
'';
};
time.timeZone = "US/Mountain";
systemd.services."setdate" =
if pkgs.system == "aarch64-linux"
then {
description = "Set date on boot";
wants =
[ "network-online.target" "multi-user.target" ];
before = [ "matrix-synapse.service" ];
wantedBy = [ "multi-user.target" ];
after = [ "network-online.target" ];
script = ''
. /etc/profile;
${pkgs.outils}/bin/rdate pool.ntp.org
'';
serviceConfig.Type = "oneshot";
}
else { };
programs = {
zsh.enable = true;
ssh = {
startAgent = true;
extraConfig = "";
};
};
users.users.root = {
openssh.authorizedKeys.keys = config.myconf.hwPubKeys;
};
environment = {
etc."configuration-template.nix" = {
source = ./install_template.nix;
mode = "0644";
};
systemPackages = [
jq
];
};
services = {
openntpd.enable = true;
pcscd.enable = true;
openssh = {
enable = true;
settings = {
PermitRootLogin = lib.mkForce "prohibit-password";
PasswordAuthentication = false;
KexAlgorithms = [ "curve25519-sha256" "curve25519-sha256@libssh.org" ];
Macs = [
"hmac-sha2-512-etm@openssh.com"
"hmac-sha2-256-etm@openssh.com"
"umac-128-etm@openssh.com"
];
};
};
};
system.stateVersion = "21.11";
};
}