{ config, lib, pkgs, ... }: with builtins; with lib; let # "7.4.335" -> "74" majmin = x: concatStrings (take 2 (splitString "." x)); in { krebs.enable = true; networking.hostName = config.krebs.build.host.name; imports = [ { # TODO never put hashedPassword into the store users.extraUsers = mapAttrs (_: h: { hashedPassword = h; }) (import <secrets/hashedPasswords.nix>); } { users.defaultUserShell = "/run/current-system/sw/bin/bash"; users.mutableUsers = false; } { users.extraUsers = { root = { openssh.authorizedKeys.keys = [ config.krebs.users.tv.pubkey ]; }; tv = { uid = 1337; group = "users"; home = "/home/tv"; createHome = true; useDefaultShell = true; extraGroups = [ "audio" "video" "wheel" ]; openssh.authorizedKeys.keys = [ config.krebs.users.tv.pubkey ]; }; }; } { security.sudo.extraConfig = '' Defaults mailto="${config.krebs.users.tv.mail}" ''; time.timeZone = "Europe/Berlin"; } { # TODO check if both are required: nix.chrootDirs = [ "/etc/protocols" pkgs.iana_etc.outPath ]; nix.trustedBinaryCaches = [ "https://cache.nixos.org" "http://cache.nixos.org" "http://hydra.nixos.org" ]; nix.useChroot = true; } { # oldvim environment.systemPackages = with pkgs; [ vim ]; environment.etc."vim/vimrc".text = '' set nocp ''; environment.etc."vim/vim${majmin pkgs.vim.version}".source = "${pkgs.vim}/share/vim/vim${majmin pkgs.vim.version}"; environment.variables.EDITOR = mkForce "vim"; environment.variables.VIM = "/etc/vim"; } { environment.systemPackages = with pkgs; [ rxvt_unicode.terminfo ]; environment.shellAliases = mkForce { # alias cal='cal -m3' gp = "${pkgs.pari}/bin/gp -q"; df = "df -h"; du = "du -h"; # alias grep='grep --color=auto' # TODO alias cannot contain #\' # "ps?" = "ps ax | head -n 1;ps ax | fgrep -v ' grep --color=auto ' | grep"; # alias la='ls -lA' lAtr = "ls -lAtr"; # alias ll='ls -l' ls = "ls -h --color=auto --group-directories-first"; # alias vim='vim -p' # alias vi='vim' # alias view='vim -R' dmesg = "dmesg -L --reltime"; }; programs.bash = { interactiveShellInit = '' HISTCONTROL='erasedups:ignorespace' HISTSIZE=65536 HISTFILESIZE=$HISTSIZE shopt -s checkhash shopt -s histappend histreedit histverify shopt -s no_empty_cmd_completion complete -d cd ${readFile ./bash_completion.sh} # TODO source bridge ''; promptInit = '' case $UID in 0) PS1='\[\e[1;31m\]\w\[\e[0m\] ' ;; 1337) PS1='\[\e[1;32m\]\w\[\e[0m\] ' ;; *) PS1='\[\e[1;35m\]\u \[\e[1;32m\]\w\[\e[0m\] ' ;; esac if test -n "$SSH_CLIENT"; then PS1='\[\e[35m\]\h'" $PS1" fi if test -n "$SSH_AGENT_PID"; then PS1="ssh-agent[$SSH_AGENT_PID] $PS1" fi ''; }; programs.ssh.startAgent = false; } { nixpkgs.config.packageOverrides = pkgs: { nano = pkgs.runCommand "empty" {} "mkdir -p $out"; }; services.cron.enable = false; services.nscd.enable = false; services.ntp.enable = false; } { boot.kernel.sysctl = { # Enable IPv6 Privacy Extensions "net.ipv6.conf.all.use_tempaddr" = 2; "net.ipv6.conf.default.use_tempaddr" = 2; }; } { services.openssh = { enable = true; hostKeys = [ { type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; } ]; }; } { # TODO: exim security.setuidPrograms = [ "sendmail" # for sudo ]; } ]; }