nixos-config/defaults.nix

# Ref: https://learnxinyminutes.com/docs/nix/

{ config, pkgs, ... }:

{
  imports = [
    ./hardware-configuration.nix
    ./packages/local.nix
    ./config/local.nix
  ];

  nixpkgs.config.allowUnfree = true;

  environment.systemPackages = with pkgs; [
    asdf
    atop
    autoconf
    automake
    bash
    bind
    binutils
    btrfs-progs
    bundix
    byobu
    cdrtools
    cargo
    certbot
    clang
    curl
    emacs
    fail2ban
    fortune
    gcc
    git
    gnumake
    gnupg
    google-cloud-sdk
    guile
    heimdalFull
    imagemagick
    ipfs
    iptables
    jdk
    kerberos
    libisofs
    lispPackages.alexandria
    lispPackages.cl-ppcre
    lispPackages.clx
    lispPackages.quicklisp
    lshw
    mkpasswd
    ncurses5
    nmap
    oidentd
    openldap
    openssh
    openssl_1_1
    openssh_gssapi
    pciutils
    pv
    pwgen
    racket
    ruby
    rustc
    sbcl
    screen
    service-wrapper
    stdenv
    telnet
    texlive.combined.scheme-basic
    tmux
    unzip
    vim
    wget
    yubikey-manager
  ];

  system.stateVersion = "19.09";

  system.autoUpgrade.enable = true;

  environment.etc.current-nixos-config.source = ./.;

  krb5.enable = true;
  krb5.libdefaults.default_realm = "FUDO.ORG";
  krb5.kerberos = pkgs.heimdalFull;

  i18n = {
    # consoleFont = "Lat2-Terminus16";
    consoleKeyMap = "dvp";
    defaultLocale = "en_US.UTF-8";
    # consoleUseXkbConfig = true;
  };

  programs = {
    mosh.enable = true;

    ssh = {
      extraConfig = ''
        GSSAPIAuthentication yes
        GSSAPIDelegateCredentials yes
      '';
    };

    bash.enableCompletion = true;
    mtr.enable = true;

    gnupg.agent = {
      enable = true;
      enableSSHSupport = true;
    };

  };

  services = {
    emacs = {
      defaultEditor = true;
      enable = true;
    };

    cron = {
      enable = true;
    };
    openssh = {
      enable = true;
      startWhenNeeded = true;
      extraConfig = ''
        GSSAPIAuthentication yes
        GSSAPICleanupCredentials yes
    '';
    };
  };

  security.pam = {
    enableSSHAgentAuth = true;
    # TODO: add yubico?
    services.sshd = {
      # This should only ask for a code if ~/.google_authenticator exists, but it asks anyway.
      # googleAuthenticator.enable = true;
      makeHomeDir = true;
      # Fails!
      # requireWheel = true;
    };
  };

  users.extraUsers = {
    node = {
      isSystemUser = true;
      group = "nogroup";
    };
  };

  users.groups = {
    fudosys = {
      gid = 888;
    };
  };

  users.extraUsers = {
    niten = {
      isNormalUser = true;
      uid = 10000;
      createHome = true;
      description = "Niten";
      extraGroups = ["wheel" "audio" "video" "disk" "floppy" "lp" "cdrom" "tape" "dialout" "adm" "input" "systemd-journal" "fudosys" "libvirtd"];
      group = "users";
      home = "/home/niten";
      hashedPassword = "$6$a1q2Duoe35hd5$IaZGXPfqyGv9uq5DQm7DZq0vIHsUs39sLktBiBBqMiwl/f/Z4jSvNZLJp9DZJYe5u2qGBYh1ca.jsXvQA8FPZ/";
    };
    reaper = {
      isNormalUser = true;
      uid = 10049;
      createHome = true;
      description = "Reaper";
      extraGroups = ["wheel" "audio" "video" "disk" "floppy" "lp" "cdrom" "tape" "dialout" "adm" "input" "systemd-journal" "fudosys" "libvirtd"];
      group = "users";
      home = "/home/reaper";
      hashedPassword = "$6$YVCI6kiGcG5EVMT$t9lYEXjAhbnh7YkvJJPAbrzL8XE/AASsKFlWWeS.fDjBi/8S7zwXTHF0j41nDUfC//3viysn0tIOQKyZTHhzG.";
    };
    fudo = {
      isSystemUser = true;
      uid = 888;
      description = "Fudo System User";
      group = "fudosys";
    };
  };

}
Initial re-checki 2019-12-25 15:20:36 -08:00			`# Ref: https://learnxinyminutes.com/docs/nix/`

			`{ config, pkgs, ... }:`

			`{`
			`imports = [`
			`./hardware-configuration.nix`
Currently broken config... 2020-01-15 09:24:11 -08:00			`./packages/local.nix`
			`./config/local.nix`
Initial re-checki 2019-12-25 15:20:36 -08:00			`];`

			`nixpkgs.config.allowUnfree = true;`

			`environment.systemPackages = with pkgs; [`
			`asdf`
			`atop`
			`autoconf`
			`automake`
			`bash`
			`bind`
			`binutils`
			`btrfs-progs`
			`bundix`
			`byobu`
			`cdrtools`
			`cargo`
			`certbot`
			`clang`
			`curl`
			`emacs`
			`fail2ban`
			`fortune`
			`gcc`
			`git`
			`gnumake`
			`gnupg`
			`google-cloud-sdk`
			`guile`
			`heimdalFull`
			`imagemagick`
			`ipfs`
			`iptables`
			`jdk`
			`kerberos`
			`libisofs`
			`lispPackages.alexandria`
			`lispPackages.cl-ppcre`
			`lispPackages.clx`
			`lispPackages.quicklisp`
			`lshw`
			`mkpasswd`
			`ncurses5`
			`nmap`
			`oidentd`
			`openldap`
			`openssh`
			`openssl_1_1`
			`openssh_gssapi`
			`pciutils`
			`pv`
			`pwgen`
			`racket`
			`ruby`
			`rustc`
			`sbcl`
			`screen`
			`service-wrapper`
			`stdenv`
			`telnet`
			`texlive.combined.scheme-basic`
			`tmux`
			`unzip`
			`vim`
			`wget`
Changes for SEA 2020-02-18 10:58:47 -08:00			`yubikey-manager`
Initial re-checki 2019-12-25 15:20:36 -08:00			`];`

			`system.stateVersion = "19.09";`

			`system.autoUpgrade.enable = true;`

			`environment.etc.current-nixos-config.source = ./.;`

			`krb5.enable = true;`
			`krb5.libdefaults.default_realm = "FUDO.ORG";`
			`krb5.kerberos = pkgs.heimdalFull;`

			`i18n = {`
			`# consoleFont = "Lat2-Terminus16";`
			`consoleKeyMap = "dvp";`
			`defaultLocale = "en_US.UTF-8";`
			`# consoleUseXkbConfig = true;`
			`};`

			`programs = {`
			`mosh.enable = true;`

			`ssh = {`
			`extraConfig = ''`
			`GSSAPIAuthentication yes`
			`GSSAPIDelegateCredentials yes`
			`'';`
			`};`

			`bash.enableCompletion = true;`
			`mtr.enable = true;`

			`gnupg.agent = {`
			`enable = true;`
			`enableSSHSupport = true;`
			`};`

			`};`

			`services = {`
			`emacs = {`
			`defaultEditor = true;`
			`enable = true;`
			`};`

			`cron = {`
			`enable = true;`
			`};`
			`openssh = {`
			`enable = true;`
			`startWhenNeeded = true;`
			`extraConfig = ''`
			`GSSAPIAuthentication yes`
			`GSSAPICleanupCredentials yes`
			`'';`
			`};`
			`};`

			`security.pam = {`
			`enableSSHAgentAuth = true;`
			`# TODO: add yubico?`
			`services.sshd = {`
			`# This should only ask for a code if ~/.google_authenticator exists, but it asks anyway.`
			`# googleAuthenticator.enable = true;`
			`makeHomeDir = true;`
			`# Fails!`
			`# requireWheel = true;`
			`};`
			`};`

Currently broken config... 2020-01-15 09:24:11 -08:00			`users.extraUsers = {`
			`node = {`
			`isSystemUser = true;`
			`group = "nogroup";`
Initial re-checki 2019-12-25 15:20:36 -08:00			`};`
			`};`

Currently broken config... 2020-01-15 09:24:11 -08:00			`users.groups = {`
			`fudosys = {`
			`gid = 888;`
Initial re-checki 2019-12-25 15:20:36 -08:00			`};`
			`};`

			`users.extraUsers = {`
			`niten = {`
			`isNormalUser = true;`
			`uid = 10000;`
			`createHome = true;`
			`description = "Niten";`
			`extraGroups = ["wheel" "audio" "video" "disk" "floppy" "lp" "cdrom" "tape" "dialout" "adm" "input" "systemd-journal" "fudosys" "libvirtd"];`
			`group = "users";`
			`home = "/home/niten";`
			`hashedPassword = "$6$a1q2Duoe35hd5$IaZGXPfqyGv9uq5DQm7DZq0vIHsUs39sLktBiBBqMiwl/f/Z4jSvNZLJp9DZJYe5u2qGBYh1ca.jsXvQA8FPZ/";`
			`};`
			`reaper = {`
			`isNormalUser = true;`
			`uid = 10049;`
			`createHome = true;`
			`description = "Reaper";`
			`extraGroups = ["wheel" "audio" "video" "disk" "floppy" "lp" "cdrom" "tape" "dialout" "adm" "input" "systemd-journal" "fudosys" "libvirtd"];`
			`group = "users";`
			`home = "/home/reaper";`
			`hashedPassword = "$6$YVCI6kiGcG5EVMT$t9lYEXjAhbnh7YkvJJPAbrzL8XE/AASsKFlWWeS.fDjBi/8S7zwXTHF0j41nDUfC//3viysn0tIOQKyZTHhzG.";`
			`};`
			`fudo = {`
			`isSystemUser = true;`
			`uid = 888;`
			`description = "Fudo System User";`
			`group = "fudosys";`
			`};`
			`};`

			`}`