pub-solar/os
5
0
Fork 2
Code Issues 4 Pull requests Packages Projects 1 Releases Wiki Activity

Initial hensoko

Browse source
This commit is contained in:
Hendrik Sokolowski 2022-08-21 23:56:42 +02:00
parent 4a7b5f3bb2
commit cd0cd79f97
17 changed files with 713 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

41
flake.nix
View file

@ -133,25 +133,40 @@
iso = base ++ [base-user graphical pub-solar-iso]; iso = base ++ [base-user graphical pub-solar-iso];
pubsolaros = [full-install base-user users.root]; pubsolaros = [full-install base-user users.root];
anonymous = [pubsolaros users.pub-solar]; anonymous = [pubsolaros users.pub-solar];
pubsolaros-light = [ core-light base-user users.root ];
hensoko = pubsolaros ++ [ users.hensoko ];
hensoko-iot = [ server base-user users.root users.iot ];
# server
cube = hensoko-iot;
# home-controller
companion = hensoko-iot;
cox = hensoko-iot;
giggles = hensoko-iot;
# laptop
ringo = hensoko;
# vm
redpanda = hensoko;
}; };
}; };
}; };
home = { home = {
imports = [(digga.lib.importExportableModules ./users/modules)]; imports = [ (digga.lib.importExportableModules ./users/modules) ];
modules = []; modules = [ ];
importables = rec { importables = rec {
profiles = digga.lib.rakeLeaves ./users/profiles; profiles = digga.lib.rakeLeaves ./users/profiles;
suites = with profiles; rec { suites = with profiles; rec {
base = [direnv git]; base = [ direnv git ];
}; };
}; };
users = { users = {
pub-solar = {suites, ...}: { pub-solar = {suites, ...}: { imports = suites.base; home.stateVersion = "21.03"; };
imports = suites.base; hensoko = {suites, ...}: { imports = suites.base; home.stateVersion = "21.03"; };
iot = {suites, ...}: { imports = suites.base; home.stateVersion = "21.03"; };
home.stateVersion = "21.03";
};
}; # digga.lib.importers.rakeLeaves ./users/hm; }; # digga.lib.importers.rakeLeaves ./users/hm;
}; };
@ -170,6 +185,16 @@
# path = self.pkgs.x86_64-linux.nixos.deploy-rs.lib.x86_64-linux.activate.home-manager self.homeConfigurationsPortable.x86_64-linux.bartender; # path = self.pkgs.x86_64-linux.nixos.deploy-rs.lib.x86_64-linux.activate.home-manager self.homeConfigurationsPortable.x86_64-linux.bartender;
# }; # };
#}; #};
redpanda = {
hostname = "192.168.42.71:22";
sshUser = "hensoko";
fastConnect = true;
profilesOrder = [ "system" "direnv" ];
profiles.direnv = {
user = "hensoko";
path = deploy.lib.x86_64-linux.activate.home-manager self.homeConfigurationsPortable.x86_64-linux.hensoko;
};
};
}; };
}; };
} }

110
hosts/redpanda/configuration.nix Normal file
View file

@ -0,0 +1,110 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, pkgs, lib, ... }:
{
imports =
[
# Include the results of the hardware scan.
./hardware-configuration.nix
];
boot.loader.systemd-boot.enable = lib.mkForce false;
# Use the GRUB 2 boot loader.
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
# boot.loader.grub.efiSupport = true;
# boot.loader.grub.efiInstallAsRemovable = true;
# boot.loader.efi.efiSysMountPoint = "/boot/efi";
# Define on which hard drive you want to install Grub.
boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only
# networking.hostName = "nixos"; # Define your hostname.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# Set your time zone.
# time.timeZone = "Europe/Amsterdam";
# The global useDHCP flag is deprecated, therefore explicitly set to false here.
# Per-interface useDHCP will be mandatory in the future, so this generated config
# replicates the default behaviour.
networking.useDHCP = false;
networking.interfaces.enp0s3.useDHCP = true;
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
nix = {
#package = pkgs.nixFlakes;
extraOptions = lib.optionalString (config.nix.package == pkgs.nixFlakes) "experimental-features = nix-command flakes";
};
# Select internationalisation properties.
# i18n.defaultLocale = "en_US.UTF-8";
# console = {
# font = "Lat2-Terminus16";
# keyMap = "us";
# };
# Enable the X11 windowing system.
# services.xserver.enable = true;
# Configure keymap in X11
# services.xserver.layout = "us";
# services.xserver.xkbOptions = "eurosign:e";
# Enable CUPS to print documents.
# services.printing.enable = true;
# Enable sound.
# sound.enable = true;
# hardware.pulseaudio.enable = true;
# Enable touchpad support (enabled default in most desktopManager).
# services.xserver.libinput.enable = true;
# Define a user account. Don't forget to set a password with passwd.
# users.users.jane = {
# isNormalUser = true;
# extraGroups = [ "wheel" ]; # Enable sudo for the user.
# };
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
vim
wget
firefox
];
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# List services that you want to enable:
# Open ports in the firewall.
networking.firewall.allowedTCPPorts = [ 22 ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "21.05"; # Did you read the comment?
}

6
hosts/redpanda/default.nix Normal file
View file

@ -0,0 +1,6 @@
{ suites, ... }:
{
imports = [
./redpanda.nix
] ++ suites.redpanda;
}

21
hosts/redpanda/hardware-configuration.nix Normal file
View file

@ -0,0 +1,21 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports = [ ];
boot.initrd.availableKernelModules = [ "ohci_pci" "virtio_pci" "sd_mod" "sr_mod" "virtio_scsi" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{
device = "/dev/disk/by-label/nixos";
fsType = "ext4";
};
#virtualisation.virtualbox.guest.enable = true;
}

17
hosts/redpanda/redpanda.nix Normal file
View file

@ -0,0 +1,17 @@
{ config, pkgs, lib, ... }:
with lib;
let
psCfg = config.pub-solar;
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
in
{
imports = [
./configuration.nix
];
#pub-solar.nextcloud.enable = lib.mkForce false;
config = {
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
};
}

10
modules/user/default.nix
View file

@ -44,6 +44,16 @@ in {
type = types.nullOr types.str; type = types.nullOr types.str;
default = null; default = null;
}; };
latitude = mkOption {
description = "Latitude";
type = types.nullOr types.str;
default = null;
};
longitude = mkOption {
description = "Longitude";
type = types.nullOr types.str;
default = null;
};
}; };
}; };
} }

22
secrets/email_gssws_password.age Normal file
View file

@ -0,0 +1,22 @@
age-encryption.org/v1
-> ssh-ed25519 hPyiJw 1+o3Kv3nXAiMEyY8GVW7ZMCILH/SToajDAYM0HR3/FU
YgmC4YvrNidF5sr3h2KtByL/ehS8RC2yEKQf8pkcruE
-> ssh-ed25519 YFSOsg Ju5LywricieLjgr6GeaXyN6RwrT2rf1ypjyvABtYkEE
TeZO7TBBIK58XTN5Bi9UdAde8vlEeIuiRnnYuTWV3Ds
-> ssh-rsa 42S2Dw
YR3lIzLqv6FZlKHgPYc2uVo8kiuEStoP+wZqMsNJwlpT9VIUn2n7V3Pj7gsRUtN7
dYjVEnXCXOYJiT1cKitbsQ/uvO7pDh7Ol4cve4yCt5OTXqux4MsZRBTvBXmbom7v
BZCOruqKIViWChXLo6s1vhJ2Rv3LzY12h1IGlDrVqyTHAxUga7aQmKnFzICwsb2M
6A7JDryveWA3AWntHOgw6G/OzL6TlZxa51w6UAW3z+cckEttmwfLaaOhT2xuhAvJ
3SH856B5Xtx7qWyooN7Cq2XQAlZ3DKJVmjIJvI1y9DdpZlO29kXZXI6FZJb6ZJMM
c0GntItUK2VXGwR+a+PIDg
-> ssh-ed25519 iHV63A 68iPatktmiT9enmwFBH0O2KS7Iu5ZR3vEdrD6OKTwyg
IyRwEOu+/ThnqIG42fYxr65rpniPqvS5HYNP3xQgYfU
-> ssh-ed25519 VApqug rYWmUWJxn6FnnZGopYUzrTcbTBsr+zHuhrSisHl6LXM
7XANpzZrrZlsPILu0UhNh3s1UoUwhGXVUhhmMfZuBqw
-> -.bX&'x-grease mStW!.EH *+Q`QW/
0jNHMBJOkpVUD7xoEr7ymD2f3kCEIU0SZkPJ8wJfxYSg4F/4Pwc19+tHChEjOHCC
svyV
--- rCetdRQgIw8CPjfsojxST3lEYYbxGMRhBi9rBfIpQx0
÷
ƒS!À>¤8çþÁ] §'ÚiÚ Ë÷áª[˜cw¯<1B>ó†a îõ1·öÊÄ€™'¬SË¡“

3
users/hensoko/.config/sway/config.d/input-language.conf Normal file
View file

@ -0,0 +1,3 @@
input * {
xkb_layout us(intl)
}

170
users/hensoko/browser.nix Normal file
View file

@ -0,0 +1,170 @@
{ config, pkgs, lib, self, ... }:
with lib;
let
psCfg = config.pub-solar;
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
in
{
home-manager = pkgs.lib.setAttrByPath [ "users" psCfg.user.name ] {
programs.firefox = {
enable = true;
package = pkgs.firefox-wayland;
extensions = [
];
profiles = {
default = {
id = 0;
path = "xunofzn6.default-default";
settings = {
"browser.startup.homepage" = "https://duckduckgo.com";
"browser.search.region" = "DE";
"browser.search.isUS" = false;
"distribution.searchplugins.defaultLocale" = "en-US";
"general.useragent.locale" = "en-US";
};
extraConfig = ''
# Mozilla User Preferences
# kuketz-blog.de | Firefox-Kompendium | 10.11.2021 | Firefox 94.0.1
# Download: https://www.kuketz-blog.de/firefox-aboutconfig-user-js-firefox-kompendium-teil10/
#############
## PRIVACY ##
#############
## Disable Domain Guessing
user_pref("browser.fixup.alternate.enabled", false);
## Disable Normandy/Shield (FF60+)
user_pref("app.normandy.enabled", false);
user_pref("app.shield.optoutstudies.enabled", false);
## Disable Activity Stream (AS)
user_pref("browser.newtabpage.activity-stream.feeds.snippets", false);
user_pref("browser.newtabpage.activity-stream.feeds.topsites", false);
user_pref("browser.newtabpage.activity-stream.feeds.system.topsites", false);
user_pref("browser.newtabpage.activity-stream.showSponsored", false);
user_pref("browser.newtabpage.activity-stream.showSponsoredTopSites", false);
user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons", false);
user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features", false);
user_pref("browser.newtabpage.activity-stream.section.highlights.includePocket", false);
user_pref("browser.newtabpage.activity-stream.feeds.telemetry", false);
user_pref("browser.newtabpage.activity-stream.telemetry", false);
## Disable PingCentre Telemetry
user_pref("browser.ping-centre.telemetry", false);
## Disable NewTabPage
user_pref("browser.newtabpage.enabled", false);
user_pref("browser.messaging-system.whatsNewPanel.enabled", false);
## Disable Safe Browsing
# Disable binaries NOT in local lists being checked by Google (real-time checking)
user_pref("browser.safebrowsing.downloads.remote.enabled", false);
user_pref("browser.safebrowsing.downloads.remote.url", "");
# Disable "Block dangerous downloads" (under Options>Privacy & Security)
user_pref("browser.safebrowsing.downloads.enabled", false);
# This covers deceptive sites such as phishing and social engineering
user_pref("browser.safebrowsing.phishing.enabled", false);
user_pref("browser.safebrowsing.malware.enabled", false);
# Disable "Warn me about unwanted and uncommon software" (under Options>Privacy & Security)
user_pref("browser.safebrowsing.downloads.remote.block_potentially_unwanted", false);
user_pref("browser.safebrowsing.downloads.remote.block_uncommon", false);
user_pref("browser.safebrowsing.downloads.remote.block_dangerous", false);
user_pref("browser.safebrowsing.downloads.remote.block_dangerous_host", false);
# Disable Mozilla's blocklist for known Flash tracking/fingerprinting
user_pref("browser.safebrowsing.blockedURIs.enabled", false);
# Disable reporting URLs
user_pref("browser.safebrowsing.provider.google.reportURL", "");
user_pref("browser.safebrowsing.reportPhishURL", "");
user_pref("browser.safebrowsing.provider.google4.reportURL", "");
user_pref("browser.safebrowsing.provider.google.reportMalwareMistakeURL", "");
user_pref("browser.safebrowsing.provider.google.reportPhishMistakeURL", "");
user_pref("browser.safebrowsing.provider.google4.reportMalwareMistakeURL", "");
user_pref("browser.safebrowsing.provider.google4.reportPhishMistakeURL", "");
# Disable data sharing (FF58+)
user_pref("browser.safebrowsing.provider.google4.dataSharing.enabled", false);
user_pref("browser.safebrowsing.provider.google4.dataSharingURL", "");
## Disable location bar LIVE search suggestions
user_pref("browser.search.suggest.enabled", false);
user_pref("browser.urlbar.suggest.searches", false);
## Disable Slow Startup Notifications and Telemetry
user_pref("browser.slowStartup.notificationDisabled", true);
user_pref("browser.slowStartup.maxSamples", 0);
user_pref("browser.slowStartup.samples", 0);
## Disable sending of crash reports (FF44+)
user_pref("browser.tabs.crashReporting.sendReport", false);
user_pref("browser.crashReports.unsubmittedCheck.enabled", false);
user_pref("browser.crashReports.unsubmittedCheck.autoSubmit2", false);
## Disable Health Report
user_pref("datareporting.healthreport.uploadEnabled", false);
user_pref("datareporting.policy.dataSubmissionEnabled", false);
## Disable Extension Metadata updating to addons.mozilla.org
user_pref("extensions.getAddons.cache.enabled", false);
## Disable Telemetry
user_pref("toolkit.coverage.endpoint.base", "");
user_pref("toolkit.coverage.opt-out", true);
user_pref("toolkit.telemetry.archive.enabled", false);
user_pref("toolkit.telemetry.coverage.opt-out", true);
user_pref("toolkit.telemetry.hybridContent.enabled", false);
user_pref("toolkit.telemetry.bhrPing.enabled", false);
user_pref("toolkit.telemetry.firstShutdownPing.enabled", false);
user_pref("toolkit.telemetry.newProfilePing.enabled", false);
user_pref("toolkit.telemetry.shutdownPingSender.enabled", false);
user_pref("toolkit.telemetry.updatePing.enabled", false);
user_pref("toolkit.telemetry.unified", false);
##############
## SECURITY ##
##############
## Enforce Punycode for Internationalized Domain Names to eliminate possible spoofing
user_pref("network.IDN_show_punycode", true);
## Display all parts of the URL in the location bar eg. http(s)://
user_pref("browser.urlbar.trimURLs", false);
## Display "insecure" icon (FF59+) and "Not Secure" text (FF60+) on HTTP sites
user_pref("security.insecure_connection_icon.enabled", true);
user_pref("security.insecure_connection_icon.pbmode.enabled", true);
user_pref("security.insecure_connection_text.enabled", true);
user_pref("security.insecure_connection_text.pbmode.enabled", true);
'';
#search.default = "DuckDuckGo";
# force = true;
# order = [ "DuckDuckGo" "Google" ];
# engines = {
# "Nix Packages" = {
# urls = [{
# template = "https://search.nixos.org/packages";
# params = [
# { name = "type"; value = "packages"; }
# { name = "query"; value = "{searchTerms}"; }
# ];
# }];
#
# icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
# definedAliases = [ "@np" ];
# };
# "NixOS Wiki" = {
# urls = [{ template = "https://nixos.wiki/index.php?search={searchTerms}"; }];
# iconUpdateURL = "https://nixos.wiki/favicon.png";
# updateInterval = 24 * 60 * 60 * 1000; # every day
# definedAliases = [ "@nw" ];
# };
# "Bing".metaData.hidden = true;
# "Google".metaData.alias = "@g"; # builtin engines only support specifying one additional alias
# };
#};
};
};
};
};
}

37
users/hensoko/default.nix Normal file
View file

@ -0,0 +1,37 @@
{ config, hmUsers, pkgs, lib, ... }:
let
psCfg = config.pub-solar;
in
{
imports = [
./browser.nix
./email.nix
./gammastep.nix
./home.nix
./htop.nix
./ssh.nix
];
config = {
home-manager.users = { inherit (hmUsers) hensoko; };
pub-solar = {
user = {
name = "hensoko";
description = "hensoko";
password = "$6$BBUvcGQBFBjBmRLw$VQgMxaVPInM0S/nr3rkWvCvzlI/oSZ0Kj8wb25k4Fx6aHJkxYzurXh4deslVgGKvz0O2LScBamt7M2pV81EWx0";
fullName = "Hendrik Sokolowski";
email = "hensoko@gssws.de";
latitude = "50.9";
longitude = "6.5";
gpgKeyId = "5C36A01B80BCCC59";
publicKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEbaQdxp7Flz6ttELe63rn+Nt9g43qJOLih6VCMP4gPb hensoko@harrison"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII/58A18EtxnLYHu63c/+AyTSkJQSso/VVdHUFGp1CTk cardno:FFFE34353135"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+euxPp6bHXw61UeUqTGHH8Ub2L+Sy1iteupv/AGudgoVNp2GebqJy1cxQ74mgnL8eWMlaA9jZlKQ1xFFhgtolCsoAKTE9AE8X0egvmEM18fEUR3EWWchmX4MXUhUiOtwitkl4+EpSsp5rh/kIxcpQFz1dpBibroq6jDLKlrVou+2LppR8nMfFT2sqg3694Ltxz4CWMdAfitLax05ckKMAnzz+TgpXK5OyfQSBvl18Qu1SWITYa6AVNXQ7/ovWBDIUfg25GWouzWqkSUpLdCVIcXPe2X7g6X1QsHXnnhaMAhvYH54GZ4wU2kBwIJ6KvplfZdbJ09KAltPVt08evafb hendriksokolowski@hsokolowski-pc"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAqkqMYgncrnczcW/0PY+Z+FmNXXpgw6D9JWTTwiainy hensoko@hensoko-tp-work"
];
};
};
};
}

64
users/hensoko/email.nix Normal file
View file

@ -0,0 +1,64 @@
{ config, pkgs, lib, self, ... }:
with lib;
let
psCfg = config.pub-solar;
in
{
age.secrets.email_gssws_password = {
file = "${self}/secrets/email_gssws_password.age";
owner = "hensoko";
};
home-manager = pkgs.lib.setAttrByPath [ "users" psCfg.user.name ] {
services.imapnotify.enable = true;
programs.mbsync.enable = true;
programs.neomutt.enable = true;
programs.notmuch = {
enable = true;
hooks = {
preNew = "mbsync --all";
};
};
programs.msmtp.enable = true;
accounts.email.accounts."gssws" = {
primary = true;
address = "hensoko@gssws.de";
realName = "Hendrik Sokolowski";
userName = "hensoko";
passwordCommand = "cat /run/agenix/email_gssws_password";
imapnotify.enable = true;
imapnotify.onNotify = ''${pkgs.notmuch}/bin/notmuch new && ${pkgs.libnotify}/bin/notify-send "You got mail!" "imapnotify gssws"'';
mbsync = {
enable = true;
create = "maildir";
extraConfig.channel = {
MaxMessages = 50000;
MaxSize = "5m";
};
};
msmtp.enable = true;
notmuch.enable = true;
neomutt.enable = true;
imap = {
host = "mail.gssws.de";
port = 993;
tls.enable = true;
};
smtp = {
host = "mail.gssws.de";
port = 465;
tls.enable = true;
};
};
};
}

15
users/hensoko/gammastep.nix Normal file
View file

@ -0,0 +1,15 @@
{ config, pkgs, lib, self, ... }:
with lib;
let
psCfg = config.pub-solar;
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
in
{
home-manager = pkgs.lib.setAttrByPath [ "users" psCfg.user.name ] {
services.gammastep = {
enable = true;
latitude = psCfg.user.latitude;
longitude = psCfg.user.longitude;
};
};
}

51
users/hensoko/home.nix Normal file
View file

@ -0,0 +1,51 @@
{ config, pkgs, lib, self, ... }:
with lib;
let
psCfg = config.pub-solar;
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
in
{
pub-solar.nextcloud.enable = true;
services.fwupd.enable = true;
pub-solar.graphical.autologin.enable = false;
security.sudo.extraRules = [
{
users = [ "${psCfg.user.name}" ];
commands = [
{
command = "ALL";
options = [ "NOPASSWD" ];
}
];
}
];
home-manager = pkgs.lib.setAttrByPath [ "users" psCfg.user.name ] {
xdg.configFile = mkIf psCfg.sway.enable {
"sway/config.d/10-input-language.conf".source = ./.config/sway/config.d/input-language.conf;
};
home.packages = with pkgs; [
nix-output-monitor
obsidian
btop
dig
fping
keepassxc
ncdu
sysstat
pv
lazygit
tig
thunderbird
wakeonlan
wlr-randr
];
};
}

32
users/hensoko/htop.nix Normal file
View file

@ -0,0 +1,32 @@
{ config, pkgs, lib, self, ... }:
with pkgs lib;
let
psCfg = config.pub-solar;
in
{
home-manager = pkgs.lib.setAttrByPath [ "users" psCfg.user.name ] {
programs.htop = {
enable = true;
settings = {
color_scheme = 6;
delay = 5;
account_guest_in_cpu_meter = true;
enable_mouse = false;
cpu_count_from_one = 0;
detailed_cpu_time = true;
highlight_base_name = 1;
highlight_megabytes = 1;
highlight_threads = 1;
shadow_other_users = true;
tree_view = true;
update_process_names = true;
vim_mode = true;
left_meters = [ "AllCPUs" "Memory" "Swap" ];
right_meters = [ "Hostname" "Tasks" "LoadAverage" "Uptime" ];
};
};
};
}

58
users/hensoko/ssh.nix Normal file
View file

@ -0,0 +1,58 @@
{ config, pkgs, lib, self, ... }:
with lib;
let
psCfg = config.pub-solar;
in
{
home-manager = pkgs.lib.setAttrByPath [ "users" psCfg.user.name ] {
programs.ssh = {
enable = true;
matchBlocks = {
"hsha" = {
hostname = "192.168.42.5";
user = "root";
port = 2222;
};
"ringo" = {
hostname = "192.168.42.231";
user = "hensoko";
port = 22;
};
"giggles" = {
hostname = "192.168.42.232";
user = "iot";
port = 22;
};
"norman" = {
hostname = "192.168.42.233";
user = "hensoko";
port = 22;
};
"cox" = {
hostname = "192.168.42.234";
user = "iot";
port = 22;
};
"companion" = {
user = "iot";
};
"cube" = {
hostname = "80.244.242.2";
user = "iot";
port = 2222;
};
"mail" = {
hostname = "mail.gssws.de";
user = "root";
port = 2222;
};
"git" = {
hostname = "git.gssws.de";
user = "git";
port = 2222;
};
};
extraConfig = "PubKeyAcceptedKeyTypes +ssh-rsa";
};
};
}

28
users/iot/default.nix Normal file
View file

@ -0,0 +1,28 @@
{ config, hmUsers, pkgs, lib, ... }:
let
psCfg = config.pub-solar;
in
{
imports = [
./home.nix
];
config = {
home-manager.users = { inherit (hmUsers) iot; };
pub-solar = {
user = {
name = "iot";
description = "hensoko iot user";
password = "$6$BBUvcGQBFBjBmRLw$VQgMxaVPInM0S/nr3rkWvCvzlI/oSZ0Kj8wb25k4Fx6aHJkxYzurXh4deslVgGKvz0O2LScBamt7M2pV81EWx0";
fullName = "Hendrik Sokolowski";
email = "hensoko@gssws.de";
publicKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEbaQdxp7Flz6ttELe63rn+Nt9g43qJOLih6VCMP4gPb hensoko@harrison"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII/58A18EtxnLYHu63c/+AyTSkJQSso/VVdHUFGp1CTk cardno:FFFE34353135"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAqkqMYgncrnczcW/0PY+Z+FmNXXpgw6D9JWTTwiainy hensoko@hensoko-tp-work"
];
};
};
};
}

36
users/iot/home.nix Normal file
View file

@ -0,0 +1,36 @@
{ config, pkgs, lib, self, ... }:
with lib;
let
psCfg = config.pub-solar;
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
in
{
imports = [ ];
pub-solar.graphical.autologin.enable = false;
security.sudo.extraRules = [
{
users = [ "${psCfg.user.name}" ];
commands = [
{
command = "ALL";
options = [ "NOPASSWD" ];
}
];
}
];
home-manager = pkgs.lib.setAttrByPath [ "users" psCfg.user.name ] {
home.packages = with pkgs; [
dig
fping
btop
htop
ncdu
sysstat
tig
wakeonlan
];
};
}