diff options
Diffstat (limited to 'hosts/commons/system')
-rw-r--r-- | hosts/commons/system/boot.nix | 8 | ||||
-rw-r--r-- | hosts/commons/system/default.nix | 20 | ||||
-rw-r--r-- | hosts/commons/system/motd.nix | 12 | ||||
-rw-r--r-- | hosts/commons/system/network.nix | 19 | ||||
-rw-r--r-- | hosts/commons/system/nix.nix | 18 | ||||
-rw-r--r-- | hosts/commons/system/software.nix | 29 | ||||
-rw-r--r-- | hosts/commons/system/ssh.nix | 5 | ||||
-rw-r--r-- | hosts/commons/system/users.nix | 25 |
8 files changed, 136 insertions, 0 deletions
diff --git a/hosts/commons/system/boot.nix b/hosts/commons/system/boot.nix new file mode 100644 index 0000000..974b072 --- /dev/null +++ b/hosts/commons/system/boot.nix @@ -0,0 +1,8 @@ +{ pkgs, config, lib, ... }: + +{ + boot = { + kernelPackages = pkgs.linuxPackages_latest; + tmpOnTmpfs = true; + }; +} diff --git a/hosts/commons/system/default.nix b/hosts/commons/system/default.nix new file mode 100644 index 0000000..64cb51b --- /dev/null +++ b/hosts/commons/system/default.nix @@ -0,0 +1,20 @@ +{pkgs, ... }: + +{ + imports = [ + ./boot.nix + ./motd.nix + ./network.nix + ./nix.nix + ./software.nix + ./ssh.nix + ./users.nix + ]; + + # Select internationalisation properties. + i18n.defaultLocale = "en_US.UTF-8"; + console = { + font = "Lat2-Terminus16"; + keyMap = "us"; + }; +} diff --git a/hosts/commons/system/motd.nix b/hosts/commons/system/motd.nix new file mode 100644 index 0000000..898d03f --- /dev/null +++ b/hosts/commons/system/motd.nix @@ -0,0 +1,12 @@ +{config, ...}: +{ + users.motd = '' + Welcome + - This machine is managed with nix + + Hostname: ${config.networking.hostName} + OS: NixOS ${config.system.nixos.release} (${config.system.nixos.codeName}) + Version: ${config.system.nixos.version} + Kernel: ${config.boot.kernelPackages.kernel.version} + ''; +} diff --git a/hosts/commons/system/network.nix b/hosts/commons/system/network.nix new file mode 100644 index 0000000..df5aa27 --- /dev/null +++ b/hosts/commons/system/network.nix @@ -0,0 +1,19 @@ +{ config, pkgs, lib, hostname, ... }: + +{ + networking = { + hostName = hostname; + useNetworkd = true; + wireless.enable = false; + useDHCP = false; + }; + + services.nscd.enable = false; + system.nssModules = lib.mkForce [ ]; + + # Use systemd-resolved + services.resolved = { + enable = true; + dnssec = "false"; + }; +} diff --git a/hosts/commons/system/nix.nix b/hosts/commons/system/nix.nix new file mode 100644 index 0000000..48379a4 --- /dev/null +++ b/hosts/commons/system/nix.nix @@ -0,0 +1,18 @@ +{ lib, pkgs, ... }: + +{ + # Enable flakes and new 'nix' command + nix = { + package = pkgs.nixFlakes; + extraOptions = '' + experimental-features = nix-command flakes + ''; + autoOptimiseStore = true; + trustedUsers = [ "root" "@wheel" ]; + + gc = { + automatic = true; + options = "--delete-older-than 14d"; + }; + }; +} diff --git a/hosts/commons/system/software.nix b/hosts/commons/system/software.nix new file mode 100644 index 0000000..fa919ae --- /dev/null +++ b/hosts/commons/system/software.nix @@ -0,0 +1,29 @@ +{pkgs, config, lib, ...}: + +{ + environment.systemPackages = with pkgs; [ + curl + dmidecode + git + htop + hwdata + iftop + iptraf-ng + lm_sensors + lsb-release + mg + mtr + openssl + parted + pciutils + rsync + strace + tcpdump + tmux + traceroute + unzip + usbutils + vim + wget + ]; +} diff --git a/hosts/commons/system/ssh.nix b/hosts/commons/system/ssh.nix new file mode 100644 index 0000000..0ecca80 --- /dev/null +++ b/hosts/commons/system/ssh.nix @@ -0,0 +1,5 @@ +{ + # Enable the OpenSSH daemon. + services.openssh.enable = true; + services.openssh.permitRootLogin = "yes"; +} diff --git a/hosts/commons/system/users.nix b/hosts/commons/system/users.nix new file mode 100644 index 0000000..2b769c4 --- /dev/null +++ b/hosts/commons/system/users.nix @@ -0,0 +1,25 @@ +{ lib, pkgs, ... }: + +rec { + users.mutableUsers = false; + + users.groups.fcuny = { gid = 1000; }; + users.users.fcuny = { + isNormalUser = true; + uid = 1000; + group = "fcuny"; + home = "/home/fcuny"; + shell = pkgs.zsh; + extraGroups = [ "users" "wheel" ]; + hashedPassword = "$6$i.z1brxtb44JAEco$fDD2Izl.zRR9vBCB2VBKPScChGw38EEl7QEiBTJ/EwgP3oSL0X3ZHq0PJ.RtqzBsWTPUjl4F3MKOBMhnaAPr6."; + openssh.authorizedKeys.keys = [ + # aptops (laptop) + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1rWKrdSHxlAZnRv1F5jUsHgXSNmr1KzllWEn+JqA7p3zxmSEPBbfIUGxSzkFIQrSbKizJLdH6hGA8DcIm+e+ldQ2RYOdiYBxIkPm+aHB6dw7QGNbnSSdkr9gKThy65j0YOOcmuDExjqxfq6O/8AVstmPH36sUXEIks5F/+WiF+5ehzoJVFqClB1di6w1lml86d0ShrUacgM/ieFPe1vKrzW8ZOM+LaUoGWBTLla1y6UkIqnb7OinmgPu6QAzF6GA7tYJMoHkyV7Axzc2j1/VxVIrUrfY4b0k8lGAzi2GfByq+fXEHzePbaqi8Cy8Trn9eN/ls1WBMUQfSChQi3tM2Vx2BuiOpx/QkXsdgqwe7bTCijcQS7GoREL1qd8tR9sWWd4WMPUiC9kmzvyja5F39xHPgm0A5MtYY7GvQaUPbtBc6g8YuFLLnkqFVEKHSLFiGYP5jIDNvMd5rSSsBUrepCIzWdpprwnKxAjebw5Cyl5p/0MY2zppQRW7AZXehQa7Bv+OClbutEjBa+ioeUxBhezu2rB61XSenTbbUVB5DncD8ceD5AbL9aFz/Bcw6q0kAOGmR1G1MOLgxVHlqcnI5x0E1K2WMKWgQb+1BMek1p5+l3xWNDF4URhLqLupnP5CMrK9ifBOe/76zqyMVrA/mc6tNC58KHhME1IynC1zaLw== franck@fcuny.net" + ]; + }; + + users.users.root = { + hashedPassword = null; + openssh.authorizedKeys.keys = users.users.fcuny.openssh.authorizedKeys.keys; + }; +} |