summaryrefslogtreecommitdiffstats
path: root/tv/2configs/default.nix
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2015-11-06 22:05:36 +0100
committertv <tv@krebsco.de>2015-11-06 22:07:12 +0100
commitf559b19bec61730c537cdd76233304e66c3f497a (patch)
tree8c52431670222758c6da367fd0869ccce17feb59 /tv/2configs/default.nix
parent0bf6e55f77cffb4ca65c6926eea7bc77140574a5 (diff)
stockholm: import default user config
Diffstat (limited to 'tv/2configs/default.nix')
-rw-r--r--tv/2configs/default.nix168
1 files changed, 168 insertions, 0 deletions
diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix
new file mode 100644
index 000000000..d3f4eed0d
--- /dev/null
+++ b/tv/2configs/default.nix
@@ -0,0 +1,168 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+{
+ krebs.enable = true;
+
+ networking.hostName = config.krebs.build.host.name;
+
+ imports = [
+ ./vim.nix
+ {
+ # stockholm dependencies
+ environment.systemPackages = with pkgs; [
+ git
+ ];
+ }
+ {
+ # TODO never put hashedPassword into the store
+ users.extraUsers =
+ mapAttrs (_: h: { hashedPassword = h; })
+ (import <secrets/hashedPasswords.nix>);
+ }
+ {
+ users.groups.subusers.gid = 1093178926; # genid subusers
+ }
+ {
+ users.defaultUserShell = "/run/current-system/sw/bin/bash";
+ users.mutableUsers = false;
+ }
+ {
+ users.extraUsers = {
+ root = {
+ openssh.authorizedKeys.keys = [
+ config.krebs.users.tv.pubkey
+ config.krebs.users.tv_xu.pubkey
+ ];
+ };
+ tv = {
+ uid = 1337;
+ group = "users";
+ home = "/home/tv";
+ createHome = true;
+ useDefaultShell = true;
+ extraGroups = [
+ "audio"
+ "video"
+ "wheel"
+ ];
+ openssh.authorizedKeys.keys = [
+ config.krebs.users.tv.pubkey
+ ];
+ };
+ };
+ }
+ {
+ security.sudo.extraConfig = ''
+ Defaults mailto="${config.krebs.users.tv.mail}"
+ '';
+ time.timeZone = "Europe/Berlin";
+ }
+ {
+ # TODO check if both are required:
+ nix.chrootDirs = [ "/etc/protocols" pkgs.iana_etc.outPath ];
+
+ nix.trustedBinaryCaches = [
+ "https://cache.nixos.org"
+ "http://cache.nixos.org"
+ "http://hydra.nixos.org"
+ ];
+
+ nix.useChroot = true;
+ }
+ {
+ environment.profileRelativeEnvVars.PATH = mkForce [ "/bin" ];
+
+ environment.systemPackages = with pkgs; [
+ rxvt_unicode.terminfo
+ ];
+
+ environment.shellAliases = mkForce {
+ # alias cal='cal -m3'
+ gp = "${pkgs.pari}/bin/gp -q";
+ df = "df -h";
+ du = "du -h";
+ # alias grep='grep --color=auto'
+
+ # TODO alias cannot contain #\'
+ # "ps?" = "ps ax | head -n 1;ps ax | fgrep -v ' grep --color=auto ' | grep";
+
+ # alias la='ls -lA'
+ lAtr = "ls -lAtr";
+ # alias ll='ls -l'
+ ls = "ls -h --color=auto --group-directories-first";
+ dmesg = "dmesg -L --reltime";
+ view = "vim -R";
+ };
+
+ programs.bash = {
+ interactiveShellInit = ''
+ HISTCONTROL='erasedups:ignorespace'
+ HISTSIZE=65536
+ HISTFILESIZE=$HISTSIZE
+
+ shopt -s checkhash
+ shopt -s histappend histreedit histverify
+ shopt -s no_empty_cmd_completion
+ complete -d cd
+
+ ${readFile ./bash_completion.sh}
+
+ # TODO source bridge
+ '';
+ promptInit = ''
+ case $UID in
+ 0)
+ PS1='\[\e[1;31m\]\w\[\e[0m\] '
+ ;;
+ 1337)
+ PS1='\[\e[1;32m\]\w\[\e[0m\] '
+ ;;
+ *)
+ PS1='\[\e[1;35m\]\u \[\e[1;32m\]\w\[\e[0m\] '
+ ;;
+ esac
+ if test -n "$SSH_CLIENT"; then
+ PS1='\[\e[35m\]\h'" $PS1"
+ fi
+ if test -n "$SSH_AGENT_PID"; then
+ PS1="ssh-agent[$SSH_AGENT_PID] $PS1"
+ fi
+ '';
+ };
+
+ programs.ssh.startAgent = false;
+ }
+
+ {
+ services.cron.enable = false;
+ services.nscd.enable = false;
+ services.ntp.enable = false;
+ }
+
+ {
+ boot.kernel.sysctl = {
+ # Enable IPv6 Privacy Extensions
+ "net.ipv6.conf.all.use_tempaddr" = 2;
+ "net.ipv6.conf.default.use_tempaddr" = 2;
+ };
+ }
+
+ {
+ services.openssh = {
+ enable = true;
+ hostKeys = [
+ { type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
+ ];
+ };
+ }
+
+ {
+ # TODO: exim
+ security.setuidPrograms = [
+ "sendmail" # for sudo
+ ];
+ }
+ ];
+}