# Ref: https://learnxinyminutes.com/docs/nix/
{ config, pkgs, lib, ... }:
let state-version = "20.03";
in {
imports = [
./hardware-configuration.nix
./packages/local.nix
./config/local.nix
<home-manager/nixos>
];
nixpkgs.config.allowUnfree = true;
security.acme.acceptTerms = true;
environment.systemPackages = with pkgs; [
asdf
atop
autoconf
automake
bash
boot
bind
binutils
# bpytop
btrfs-progs
bundix
byobu
cdrtools
cargo
certbot
clang
curl
doomEmacsInit
dpkg
enca
fail2ban
file
fortune
gcc
git
gnumake
gnupg
google-cloud-sdk
guile
heimdalFull
home-manager
imagemagick
ipfs
iptables
jdk
jq
kerberos
leiningen
libisofs
libstdcxxHook
lispPackages.alexandria
lispPackages.cl-ppcre
lispPackages.clx
lispPackages.quicklisp
lsof
lshw
mkpasswd
ncurses5
nixfmt
nix-index
nix-prefetch-git
nmap
oidentd
openldap
openssh
openssl_1_1
openssh_gssapi
pciutils
pinentry.curses
pv
pwgen
ruby
rustc
sbcl
screen
service-wrapper
stdenv
telnet
texlive.combined.scheme-basic
tmux
unzip
vim
wget
yubikey-manager
yubikey-personalization
];
system.stateVersion = state-version;
system.autoUpgrade.enable = true;
environment.etc.current-nixos-config.source = ./.;
krb5.enable = true;
krb5.kerberos = pkgs.heimdalFull;
services.xserver = {
layout = "us";
xkbVariant = "dvp";
xkbOptions = "ctrl:nocaps";
};
console = { useXkbConfig = true; };
i18n = { defaultLocale = "en_US.UTF-8"; };
programs = {
mosh.enable = true;
ssh = {
startAgent = false;
extraConfig = ''
GSSAPIAuthentication yes
GSSAPIDelegateCredentials yes
'';
};
bash.enableCompletion = true;
mtr.enable = true;
gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
fish = { enable = true; };
};
services = {
emacs = {
defaultEditor = true;
enable = true;
};
cron = { enable = true; };
openssh = {
enable = true;
startWhenNeeded = true;
permitRootLogin = "prohibit-password";
extraConfig = ''
GSSAPIAuthentication yes
GSSAPICleanupCredentials yes
'';
};
pcscd = { enable = true; };
udev.packages = with pkgs; [ yubikey-personalization ];
};
environment.shellInit = ''
gpg-connect-agent /bye
export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)
'';
security.pam = {
# TODO: add yubico?
services = {
sshd = {
# This should only ask for a code if ~/.google_authenticator exists, but it asks anyway.
# googleAuthenticator.enable = true;
makeHomeDir = true;
sshAgentAuth = true;
};
};
};
users.extraUsers = {
node = {
isSystemUser = true;
group = "nogroup";
};
};
users.groups = { fudosys = { gid = 888; }; };
users.extraUsers = {
niten = {
isNormalUser = true;
uid = 10000;
createHome = true;
description = "Niten";
extraGroups = [
"wheel"
"audio"
"video"
"disk"
"floppy"
"lp"
"cdrom"
"tape"
"dialout"
"adm"
"input"
"systemd-journal"
"fudosys"
"libvirtd"
];
group = "users";
home = "/home/niten";
hashedPassword =
"$6$a1q2Duoe35hd5$IaZGXPfqyGv9uq5DQm7DZq0vIHsUs39sLktBiBBqMiwl/f/Z4jSvNZLJp9DZJYe5u2qGBYh1ca.jsXvQA8FPZ/";
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDoWkjyeIfgwm0b78weToVYOQSD0RQ0qbNzpsN5NokbIFv2/980kLtnYrQEgIJ/JwMLlT3uJYacbCT5/a6Fb8oLxNpj0AF1EKaWZ3Rrlg72Sq+9SEwJwWWmZizX83sovMwUBMaUp6jWLhAhPpzBW5pfc5YWoc89wxGbELSwzgt5EgHbSJgvDnaHSp3fVaY01wfDXbL/oO160iNe7wv2HLMZu/FkWBkIjz6HmoGJJzYM89bUpHbyYG28lmCHB/8UPog5/BsjOn3/qupgf4zh6mMdMsXLvbR2jVwVjxcEMj9N5nCvc+Y3oi7Mij6VNrWbhkaAJMEzeMhWYrF3/pFQxUqG37aK3d0gw9kp5tMDLIlAPX4y1lfA87pIzoa0+Alql0CJQA1IJvp9SFG7lBmSthWQLmZvwwfoGg/ZjF6rOgsVoZ8TizpQnydWJDr6NboU9LL9Oa64OM5Rs0AU3cR2UbOF4QIcWFJ/7oDe3dOnfZ8QYqx9eXJyxoAUpDanaaTHYBiAKkeOBwQU+MVLKCcONKw9FZclf/1TpDB5b3/JeUFANjHQTv0UXA4YYU7iCx6H7XB4qwwtU9O19CGQYYfCfULX12/fRpYJw6VJaQWyyU4Bn5dk/dcB2nGI36jwbLMfhbUTIApujioAnd/GQIMakHEZ1+syPhMx9BxMkZb99B0A1Q== openpgp:0x4EC95B64"
];
};
reaper = {
isNormalUser = true;
uid = 10049;
createHome = true;
description = "Reaper";
extraGroups = [
"wheel"
"audio"
"video"
"disk"
"floppy"
"lp"
"cdrom"
"tape"
"dialout"
"adm"
"input"
"systemd-journal"
"fudosys"
"libvirtd"
];
group = "users";
home = "/home/reaper";
hashedPassword =
"$6$YVCI6kiGcG5EVMT$t9lYEXjAhbnh7YkvJJPAbrzL8XE/AASsKFlWWeS.fDjBi/8S7zwXTHF0j41nDUfC//3viysn0tIOQKyZTHhzG.";
};
fudo = {
isSystemUser = true;
uid = 888;
description = "Fudo System User";
group = "fudosys";
};
};
home-manager.users = {
niten = import ./users/niten.nix { inherit config pkgs lib; };
root = import ./users/root.nix { inherit config pkgs lib; };
};
systemd.services.fudo-environment-init = {
enable = true;
description = "Fudo common settings.";
wantedBy = [ "default.target" ];
# Careful, this WILL run many times
script = ''
# Create a directory for system user homedirs if it doesn't already exist
if [ ! -d /var/home ]; then
mkdir -p /var/home
chmod +x /var/home
fi
'';
};
}