116 lines
3.2 KiB
Nix
116 lines
3.2 KiB
Nix
# Configuration common to all my servers
|
|
|
|
{ config, pkgs, lib, ... }:
|
|
|
|
{
|
|
|
|
imports =
|
|
[
|
|
];
|
|
|
|
# Select internationalisation properties.
|
|
i18n = {
|
|
consoleFont = "Lat2-Terminus16";
|
|
consoleKeyMap = "us";
|
|
defaultLocale = "en_AU.UTF-8";
|
|
};
|
|
|
|
time.timeZone = "Australia/Brisbane"; # Set your preferred timezone:
|
|
|
|
# Set security options:
|
|
security.sudo.enable = true;
|
|
security.sudo.wheelNeedsPassword = false;
|
|
|
|
# Enable Nix garbage collection:
|
|
nix.gc.automatic = true;
|
|
nix.gc.dates = "weekly";
|
|
nix.gc.options = "--delete-older-than 90d";
|
|
nix.autoOptimiseStore = true;
|
|
|
|
# Set the system-wide environment
|
|
environment = {
|
|
systemPackages = with pkgs; [
|
|
byobu # text-based window manager and terminal multiplexer.
|
|
htop # interactive process viewer
|
|
tmux # Terminal multiplexer required by byobu
|
|
git # Distributed version control system
|
|
powerline-fonts # For zsh themes
|
|
lsof # list open files
|
|
direnv # A shell extension that manages your environment
|
|
(
|
|
import ../roles/vim.nix
|
|
)
|
|
];
|
|
};
|
|
|
|
# Program defauls for Linode VMs
|
|
programs.zsh = {
|
|
enable = true;
|
|
autosuggestions = {
|
|
enable = true;
|
|
};
|
|
interactiveShellInit = ''
|
|
eval "$(direnv hook zsh)"
|
|
'';
|
|
# List of strings concatenated with "\n"
|
|
#loginShellInit = ''
|
|
# _byobu_sourced=1 . byobu 2>/dev/null || true
|
|
#'';
|
|
ohMyZsh = {
|
|
enable = true;
|
|
plugins = [ "git" "tmux" ];
|
|
theme = "agnoster";
|
|
};
|
|
};
|
|
programs.mosh = {
|
|
enable = true;
|
|
withUtempter = true;
|
|
};
|
|
|
|
# List services that you want to enable:
|
|
services.openssh = {
|
|
enable = true; # Enable the OpenSSH daemon.
|
|
permitRootLogin = "without-password";
|
|
challengeResponseAuthentication = false;
|
|
passwordAuthentication = false;
|
|
openFirewall = true;
|
|
hostKeys = [
|
|
{
|
|
path = "/etc/ssh/ssh_host_ed25519_key";
|
|
type = "ed25519";
|
|
}
|
|
];
|
|
};
|
|
|
|
# Set the default shell for all users
|
|
users.defaultUserShell = "/run/current-system/sw/bin/zsh";
|
|
|
|
# Users common across MIO Ops:
|
|
users.mutableUsers = false; # Remove any users not defined in here
|
|
|
|
users.users.root = {
|
|
hashedPassword = "$6$yak.T2uXItw5j2tU$E5kW9iDMXBc86voxJjxnrUcY0DrW/7WaQY0aGZ5sIJ2JPYZOhDslTKqOYK8sDSJGhM/mCxjPbJq4JGFsObN7D1";
|
|
openssh.authorizedKeys.keys = [
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDtjE0YstRzlh+Zhlj03th9DYOkMqJ5xHUcderBq151K craige@mcwhirter.io"
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID7qAXTCAnqq+3ks4L8/2f4J8RxmrFaMOCA7m9ImbW2m craige@sealgair"
|
|
];
|
|
};
|
|
|
|
# MIO Ops groups:
|
|
users.groups.craige.gid = 1000;
|
|
|
|
# MIO Ops Users
|
|
users.users.craige = {
|
|
isNormalUser = true;
|
|
uid = 1000;
|
|
group = "craige";
|
|
extraGroups = ["wheel" ];
|
|
hashedPassword = "$6$ZNvCXNzwtdeV0pd$iKraghNGImwzx3IhVk6.wi6Bl7yFS6jLbxm9zeE4xq6.WLkYtVnnP323bstos8sVhD4L9Z21gMGVY3MLtmvlH0";
|
|
openssh.authorizedKeys.keys = [
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDtjE0YstRzlh+Zhlj03th9DYOkMqJ5xHUcderBq151K craige@mcwhirter.io"
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID7qAXTCAnqq+3ks4L8/2f4J8RxmrFaMOCA7m9ImbW2m craige@sealgair"
|
|
];
|
|
};
|
|
|
|
}
|