nix
/
nixos-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
nixos-config/defaults.nix

207 lines
4.0 KiB
Nix
Raw Normal View History

Initial re-checki
2019-12-25 15:20:36 -08:00
# Ref: https://learnxinyminutes.com/docs/nix/
{ config, pkgs, ... }:
{
imports = [
./hardware-configuration.nix
./packages/postgresql_11_gssapi.nix
./packages/minecraft-server_1_15_1.nix
./config/fudo.nix
./config/postgresql_11.nix
];
nixpkgs.config.allowUnfree = true;
environment.systemPackages = with pkgs; [
asdf
atop
autoconf
automake
bash
bind
binutils
btrfs-progs
bundix
byobu
cdrtools
cargo
certbot
clang
curl
emacs
fail2ban
fortune
gcc
git
gnumake
gnupg
google-cloud-sdk
guile
heimdalFull
imagemagick
ipfs
iptables
jdk
kerberos
libisofs
lispPackages.alexandria
lispPackages.cl-ppcre
lispPackages.clx
lispPackages.quicklisp
lshw
mkpasswd
ncurses5
nmap
oidentd
openldap
openssh
openssl_1_1
openssh_gssapi
pciutils
pv
pwgen
racket
ruby
rustc
sbcl
screen
service-wrapper
stdenv
telnet
texlive.combined.scheme-basic
tmux
unzip
vim
wget
];
system.stateVersion = "19.09";
system.autoUpgrade.enable = true;
environment.etc.current-nixos-config.source = ./.;
krb5.enable = true;
krb5.libdefaults.default_realm = "FUDO.ORG";
krb5.kerberos = pkgs.heimdalFull;
i18n = {
# consoleFont = "Lat2-Terminus16";
consoleKeyMap = "dvp";
defaultLocale = "en_US.UTF-8";
# consoleUseXkbConfig = true;
};
programs = {
mosh.enable = true;
ssh = {
forwardX11 = true;
extraConfig = ''
GSSAPIAuthentication yes
GSSAPIDelegateCredentials yes
'';
};
bash.enableCompletion = true;
mtr.enable = true;
gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
};
services = {
emacs = {
defaultEditor = true;
enable = true;
};
cron = {
enable = true;
};
openssh = {
enable = true;
startWhenNeeded = true;
forwardX11 = true;
extraConfig = ''
GSSAPIAuthentication yes
GSSAPICleanupCredentials yes
'';
};
};
security.pam = {
enableSSHAgentAuth = true;
# TODO: add yubico?
services.sshd = {
# This should only ask for a code if ~/.google_authenticator exists, but it asks anyway.
# googleAuthenticator.enable = true;
makeHomeDir = true;
# Fails!
# requireWheel = true;
};
};
users.groups = {
fudosys = {
gid = 888;
};
};
users.ldap = {
enable = true;
base = "dc=fudo,dc=org";
bind.distinguishedName = "cn=auth_reader,dc=fudo,dc=org";
bind.passwordFile = "/srv/nslcd/bind.passwd";
bind.timeLimit = 5;
loginPam = false;
server = "ldap://france.fudo.org";
timeLimit = 5;
useTLS = true;
extraConfig = ''
TLS_CACERT /etc/nixos/static/fudo_ca.pem
'';
daemon = {
enable = true;
extraConfig = ''
tls_cacertfile /etc/nixos/static/fudo_ca.pem
'';
};
};
users.extraUsers = {
niten = {
isNormalUser = true;
uid = 10000;
createHome = true;
description = "Niten";
extraGroups = ["wheel" "audio" "video" "disk" "floppy" "lp" "cdrom" "tape" "dialout" "adm" "input" "systemd-journal" "fudosys" "libvirtd"];
group = "users";
home = "/home/niten";
hashedPassword = "$6$a1q2Duoe35hd5$IaZGXPfqyGv9uq5DQm7DZq0vIHsUs39sLktBiBBqMiwl/f/Z4jSvNZLJp9DZJYe5u2qGBYh1ca.jsXvQA8FPZ/";
};
reaper = {
isNormalUser = true;
uid = 10049;
createHome = true;
description = "Reaper";
extraGroups = ["wheel" "audio" "video" "disk" "floppy" "lp" "cdrom" "tape" "dialout" "adm" "input" "systemd-journal" "fudosys" "libvirtd"];
group = "users";
home = "/home/reaper";
hashedPassword = "$6$YVCI6kiGcG5EVMT$t9lYEXjAhbnh7YkvJJPAbrzL8XE/AASsKFlWWeS.fDjBi/8S7zwXTHF0j41nDUfC//3viysn0tIOQKyZTHhzG.";
};
fudo = {
isSystemUser = true;
uid = 888;
description = "Fudo System User";
group = "fudosys";
};
};
}