shelvacu/nix-stuff
1
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
fce17b26d4a836c6d39cad5fbcf36667f969bbdd
nix-stuff/common/nixos.nix
Shelvacu cbfe970ad4 stuff
2025-01-31 16:53:42 -08:00

108 lines
3.4 KiB
Nix
Raw Blame History

{
lib,
pkgs,
config,
vacuModuleType,
...
}:
lib.optionalAttrs (vacuModuleType == "nixos") {
options.vacu.underTest = lib.mkOption {
default = false;
type = lib.types.bool;
};
config = {
# the security warning might as well have said "its insecure maybe but there's nothing you can do about it"
# presumably needed by nheko
nixpkgs.config.permittedInsecurePackages = [ "olm-3.2.16" ];
# nixpkgs.overlays = [ inputs.self.overlays.default ];
console = {
keyMap = lib.mkDefault "us";
};
networking = if config.vacu.hostName == null then { } else { hostName = config.vacu.hostName; };
vacu.packages."xorg-xev" = {
enable = config.services.xserver.enable;
package = pkgs.xorg.xev;
};
vacu.ssh-hpn.enable = true;
environment.systemPackages = config.vacu.packageList;
programs.nix-ld.enable = true;
system.nixos.tags = [
"vacu${config.vacu.versionId}"
config.vacu.hostName
];
environment.etc."vacu/info.json".text = builtins.toJSON config.vacu.versionInfo;
environment.etc."chromium" = lib.mkIf (config.vacu.systemKind == "desktop") {
source = "/run/current-system/sw/etc/chromium";
};
i18n.defaultLocale = lib.mkDefault "en_US.UTF-8";
time.timeZone = "America/Los_Angeles";
users.users.shelvacu = lib.mkIf (config.vacu.systemKind != "container") {
openssh.authorizedKeys.keys = lib.attrValues config.vacu.ssh.authorizedKeys;
isNormalUser = true;
extraGroups = [ "wheel" ];
};
# # safety user: if something is super fucked up with my shell stuff, I can ssh in as shelvac2
# users.users.shelvac2 = {
# openssh.authorizedKeys.keys = config.vacu.ssh.authorizedKeys;
# isNormalUser = true;
# extraGroups = [ "wheel" ];
# shell = pkgs.bash;
# };
services.openssh = {
# require public key authentication for better security
settings.PasswordAuthentication = false;
settings.KbdInteractiveAuthentication = false;
settings.PermitRootLogin = "prohibit-password";
};
nix.settings.trusted-users = lib.mkIf (config.vacu.systemKind != "container") [ "shelvacu" ];
security.sudo.wheelNeedsPassword = lib.mkDefault false;
programs.screen = {
enable = true;
screenrc = ''
defscrollback 10000
termcapinfo xterm* ti@:te@
maptimeout 5
'';
};
programs.tmux = lib.mkIf (config.vacu.systemKind != "container") {
enable = true;
extraConfig = "setw mouse";
clock24 = true;
};
nix.settings = {
experimental-features = [
"nix-command"
"flakes"
];
substituters = lib.mkForce config.vacu.nix.substituterUrls;
extra-substituters = lib.mkForce [ ];
trusted-public-keys = lib.mkForce config.vacu.nix.trustedKeys;
extra-trusted-public-keys = lib.mkForce [ ];
};
nixpkgs.config.allowUnfree = lib.mkDefault true;
programs.mosh.enable = lib.mkIf (config.vacu.systemKind != "container") (lib.mkDefault true);
programs.ssh.extraConfig = config.vacu.ssh.config;
security.pki.certificates = config.vacu.rootCAs;
# commands.nix
environment.pathsToLink = [
"/share/vacufuncs"
"/etc/chromium"
];
programs.bash.interactiveShellInit = config.vacu.shell.interactiveLines;
programs.bash.promptInit = lib.mkForce "";
systemd.services.nix-daemon.serviceConfig.Nice = "10";
};
}
Reference in New Issue View Git Blame Copy Permalink