diff options
author | tv <tv@krebsco.de> | 2015-11-06 22:05:36 +0100 |
---|---|---|
committer | tv <tv@krebsco.de> | 2015-11-06 22:07:12 +0100 |
commit | f559b19bec61730c537cdd76233304e66c3f497a (patch) | |
tree | 8c52431670222758c6da367fd0869ccce17feb59 /tv/2configs/base.nix | |
parent | 0bf6e55f77cffb4ca65c6926eea7bc77140574a5 (diff) |
stockholm: import default user config
Diffstat (limited to 'tv/2configs/base.nix')
-rw-r--r-- | tv/2configs/base.nix | 168 |
1 files changed, 0 insertions, 168 deletions
diff --git a/tv/2configs/base.nix b/tv/2configs/base.nix deleted file mode 100644 index d3f4eed0d..000000000 --- a/tv/2configs/base.nix +++ /dev/null @@ -1,168 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; - -{ - krebs.enable = true; - - networking.hostName = config.krebs.build.host.name; - - imports = [ - ./vim.nix - { - # stockholm dependencies - environment.systemPackages = with pkgs; [ - git - ]; - } - { - # TODO never put hashedPassword into the store - users.extraUsers = - mapAttrs (_: h: { hashedPassword = h; }) - (import <secrets/hashedPasswords.nix>); - } - { - users.groups.subusers.gid = 1093178926; # genid subusers - } - { - users.defaultUserShell = "/run/current-system/sw/bin/bash"; - users.mutableUsers = false; - } - { - users.extraUsers = { - root = { - openssh.authorizedKeys.keys = [ - config.krebs.users.tv.pubkey - config.krebs.users.tv_xu.pubkey - ]; - }; - tv = { - uid = 1337; - group = "users"; - home = "/home/tv"; - createHome = true; - useDefaultShell = true; - extraGroups = [ - "audio" - "video" - "wheel" - ]; - openssh.authorizedKeys.keys = [ - config.krebs.users.tv.pubkey - ]; - }; - }; - } - { - security.sudo.extraConfig = '' - Defaults mailto="${config.krebs.users.tv.mail}" - ''; - time.timeZone = "Europe/Berlin"; - } - { - # TODO check if both are required: - nix.chrootDirs = [ "/etc/protocols" pkgs.iana_etc.outPath ]; - - nix.trustedBinaryCaches = [ - "https://cache.nixos.org" - "http://cache.nixos.org" - "http://hydra.nixos.org" - ]; - - nix.useChroot = true; - } - { - environment.profileRelativeEnvVars.PATH = mkForce [ "/bin" ]; - - environment.systemPackages = with pkgs; [ - rxvt_unicode.terminfo - ]; - - environment.shellAliases = mkForce { - # alias cal='cal -m3' - gp = "${pkgs.pari}/bin/gp -q"; - df = "df -h"; - du = "du -h"; - # alias grep='grep --color=auto' - - # TODO alias cannot contain #\' - # "ps?" = "ps ax | head -n 1;ps ax | fgrep -v ' grep --color=auto ' | grep"; - - # alias la='ls -lA' - lAtr = "ls -lAtr"; - # alias ll='ls -l' - ls = "ls -h --color=auto --group-directories-first"; - dmesg = "dmesg -L --reltime"; - view = "vim -R"; - }; - - programs.bash = { - interactiveShellInit = '' - HISTCONTROL='erasedups:ignorespace' - HISTSIZE=65536 - HISTFILESIZE=$HISTSIZE - - shopt -s checkhash - shopt -s histappend histreedit histverify - shopt -s no_empty_cmd_completion - complete -d cd - - ${readFile ./bash_completion.sh} - - # TODO source bridge - ''; - promptInit = '' - case $UID in - 0) - PS1='\[\e[1;31m\]\w\[\e[0m\] ' - ;; - 1337) - PS1='\[\e[1;32m\]\w\[\e[0m\] ' - ;; - *) - PS1='\[\e[1;35m\]\u \[\e[1;32m\]\w\[\e[0m\] ' - ;; - esac - if test -n "$SSH_CLIENT"; then - PS1='\[\e[35m\]\h'" $PS1" - fi - if test -n "$SSH_AGENT_PID"; then - PS1="ssh-agent[$SSH_AGENT_PID] $PS1" - fi - ''; - }; - - programs.ssh.startAgent = false; - } - - { - services.cron.enable = false; - services.nscd.enable = false; - services.ntp.enable = false; - } - - { - boot.kernel.sysctl = { - # Enable IPv6 Privacy Extensions - "net.ipv6.conf.all.use_tempaddr" = 2; - "net.ipv6.conf.default.use_tempaddr" = 2; - }; - } - - { - services.openssh = { - enable = true; - hostKeys = [ - { type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; } - ]; - }; - } - - { - # TODO: exim - security.setuidPrograms = [ - "sendmail" # for sudo - ]; - } - ]; -} |