about summary refs log tree commit diff
path: root/hosts/commons/system
diff options
context:
space:
mode:
Diffstat (limited to 'hosts/commons/system')
-rw-r--r--hosts/commons/system/boot.nix8
-rw-r--r--hosts/commons/system/default.nix20
-rw-r--r--hosts/commons/system/motd.nix12
-rw-r--r--hosts/commons/system/network.nix19
-rw-r--r--hosts/commons/system/nix.nix18
-rw-r--r--hosts/commons/system/software.nix29
-rw-r--r--hosts/commons/system/ssh.nix5
-rw-r--r--hosts/commons/system/users.nix25
8 files changed, 136 insertions, 0 deletions
diff --git a/hosts/commons/system/boot.nix b/hosts/commons/system/boot.nix
new file mode 100644
index 0000000..974b072
--- /dev/null
+++ b/hosts/commons/system/boot.nix
@@ -0,0 +1,8 @@
+{ pkgs, config, lib, ... }:
+
+{
+  boot = {
+    kernelPackages = pkgs.linuxPackages_latest;
+    tmpOnTmpfs = true;
+  };
+}
diff --git a/hosts/commons/system/default.nix b/hosts/commons/system/default.nix
new file mode 100644
index 0000000..64cb51b
--- /dev/null
+++ b/hosts/commons/system/default.nix
@@ -0,0 +1,20 @@
+{pkgs, ... }:
+
+{
+  imports = [
+    ./boot.nix
+    ./motd.nix
+    ./network.nix
+    ./nix.nix
+    ./software.nix
+    ./ssh.nix
+    ./users.nix
+  ];
+
+  # Select internationalisation properties.
+  i18n.defaultLocale = "en_US.UTF-8";
+  console = {
+    font = "Lat2-Terminus16";
+    keyMap = "us";
+  };
+}
diff --git a/hosts/commons/system/motd.nix b/hosts/commons/system/motd.nix
new file mode 100644
index 0000000..898d03f
--- /dev/null
+++ b/hosts/commons/system/motd.nix
@@ -0,0 +1,12 @@
+{config, ...}:
+{
+  users.motd = ''
+    Welcome
+    - This machine is managed with nix
+
+    Hostname: ${config.networking.hostName}
+    OS:       NixOS ${config.system.nixos.release} (${config.system.nixos.codeName})
+    Version:  ${config.system.nixos.version}
+    Kernel:   ${config.boot.kernelPackages.kernel.version}
+  '';
+}
diff --git a/hosts/commons/system/network.nix b/hosts/commons/system/network.nix
new file mode 100644
index 0000000..df5aa27
--- /dev/null
+++ b/hosts/commons/system/network.nix
@@ -0,0 +1,19 @@
+{ config, pkgs, lib, hostname, ... }:
+
+{
+  networking = {
+    hostName = hostname;
+    useNetworkd = true;
+    wireless.enable = false;
+    useDHCP = false;
+  };
+
+  services.nscd.enable = false;
+  system.nssModules = lib.mkForce [ ];
+
+  # Use systemd-resolved
+  services.resolved = {
+    enable = true;
+    dnssec = "false";
+  };
+}
diff --git a/hosts/commons/system/nix.nix b/hosts/commons/system/nix.nix
new file mode 100644
index 0000000..48379a4
--- /dev/null
+++ b/hosts/commons/system/nix.nix
@@ -0,0 +1,18 @@
+{ lib, pkgs, ... }:
+
+{
+  # Enable flakes and new 'nix' command
+  nix = {
+    package = pkgs.nixFlakes;
+    extraOptions = ''
+      experimental-features = nix-command flakes
+    '';
+    autoOptimiseStore = true;
+    trustedUsers = [ "root" "@wheel" ];
+
+    gc = {
+      automatic = true;
+      options = "--delete-older-than 14d";
+    };
+  };
+}
diff --git a/hosts/commons/system/software.nix b/hosts/commons/system/software.nix
new file mode 100644
index 0000000..fa919ae
--- /dev/null
+++ b/hosts/commons/system/software.nix
@@ -0,0 +1,29 @@
+{pkgs, config, lib, ...}:
+
+{
+  environment.systemPackages = with pkgs; [
+    curl
+    dmidecode
+    git
+    htop
+    hwdata
+    iftop
+    iptraf-ng
+    lm_sensors
+    lsb-release
+    mg
+    mtr
+    openssl
+    parted
+    pciutils
+    rsync
+    strace
+    tcpdump
+    tmux
+    traceroute
+    unzip
+    usbutils
+    vim
+    wget
+  ];
+}
diff --git a/hosts/commons/system/ssh.nix b/hosts/commons/system/ssh.nix
new file mode 100644
index 0000000..0ecca80
--- /dev/null
+++ b/hosts/commons/system/ssh.nix
@@ -0,0 +1,5 @@
+{
+  # Enable the OpenSSH daemon.
+  services.openssh.enable = true;
+  services.openssh.permitRootLogin = "yes";
+}
diff --git a/hosts/commons/system/users.nix b/hosts/commons/system/users.nix
new file mode 100644
index 0000000..2b769c4
--- /dev/null
+++ b/hosts/commons/system/users.nix
@@ -0,0 +1,25 @@
+{ lib, pkgs, ... }:
+
+rec {
+  users.mutableUsers = false;
+
+  users.groups.fcuny = { gid = 1000; };
+  users.users.fcuny = {
+    isNormalUser = true;
+    uid = 1000;
+    group = "fcuny";
+    home = "/home/fcuny";
+    shell = pkgs.zsh;
+    extraGroups = [ "users" "wheel" ];
+    hashedPassword = "$6$i.z1brxtb44JAEco$fDD2Izl.zRR9vBCB2VBKPScChGw38EEl7QEiBTJ/EwgP3oSL0X3ZHq0PJ.RtqzBsWTPUjl4F3MKOBMhnaAPr6.";
+    openssh.authorizedKeys.keys = [
+      # aptops (laptop)
+      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1rWKrdSHxlAZnRv1F5jUsHgXSNmr1KzllWEn+JqA7p3zxmSEPBbfIUGxSzkFIQrSbKizJLdH6hGA8DcIm+e+ldQ2RYOdiYBxIkPm+aHB6dw7QGNbnSSdkr9gKThy65j0YOOcmuDExjqxfq6O/8AVstmPH36sUXEIks5F/+WiF+5ehzoJVFqClB1di6w1lml86d0ShrUacgM/ieFPe1vKrzW8ZOM+LaUoGWBTLla1y6UkIqnb7OinmgPu6QAzF6GA7tYJMoHkyV7Axzc2j1/VxVIrUrfY4b0k8lGAzi2GfByq+fXEHzePbaqi8Cy8Trn9eN/ls1WBMUQfSChQi3tM2Vx2BuiOpx/QkXsdgqwe7bTCijcQS7GoREL1qd8tR9sWWd4WMPUiC9kmzvyja5F39xHPgm0A5MtYY7GvQaUPbtBc6g8YuFLLnkqFVEKHSLFiGYP5jIDNvMd5rSSsBUrepCIzWdpprwnKxAjebw5Cyl5p/0MY2zppQRW7AZXehQa7Bv+OClbutEjBa+ioeUxBhezu2rB61XSenTbbUVB5DncD8ceD5AbL9aFz/Bcw6q0kAOGmR1G1MOLgxVHlqcnI5x0E1K2WMKWgQb+1BMek1p5+l3xWNDF4URhLqLupnP5CMrK9ifBOe/76zqyMVrA/mc6tNC58KHhME1IynC1zaLw== franck@fcuny.net"
+    ];
+  };
+
+  users.users.root = {
+    hashedPassword = null;
+    openssh.authorizedKeys.keys = users.users.fcuny.openssh.authorizedKeys.keys;
+  };
+}