2015-04-09 23:36:40 +00:00
|
|
|
{ config, pkgs, ... }:
|
|
|
|
|
|
|
|
{
|
|
|
|
imports = [
|
|
|
|
../tv/base-cac-CentOS-7-64bit.nix
|
2015-07-13 11:39:49 +00:00
|
|
|
./retiolum.nix
|
2015-05-20 15:58:00 +00:00
|
|
|
./networking.nix
|
2015-04-09 23:36:40 +00:00
|
|
|
../../secrets/cloudkrebs-pw.nix
|
2015-05-19 20:28:56 +00:00
|
|
|
../lass/sshkeys.nix
|
2015-05-20 18:24:36 +00:00
|
|
|
../lass/base.nix
|
2015-05-20 15:58:00 +00:00
|
|
|
../common/nixpkgs.nix
|
2015-04-09 23:36:40 +00:00
|
|
|
];
|
|
|
|
|
2015-05-19 20:28:56 +00:00
|
|
|
nixpkgs = {
|
|
|
|
url = "https://github.com/Lassulus/nixpkgs";
|
|
|
|
rev = "b42ecfb8c61e514bf7733b4ab0982d3e7e27dacb";
|
|
|
|
};
|
|
|
|
|
2015-04-09 23:36:40 +00:00
|
|
|
nix.maxJobs = 1;
|
|
|
|
|
2015-07-13 11:39:49 +00:00
|
|
|
#tmpfiles Unknown group 'lock' workaround:
|
|
|
|
users.extraGroups = {
|
|
|
|
lock.gid = 10001;
|
|
|
|
};
|
2015-04-09 23:36:40 +00:00
|
|
|
|
|
|
|
#TODO move into modules
|
|
|
|
users.extraUsers = {
|
|
|
|
#main user
|
|
|
|
root = {
|
|
|
|
openssh.authorizedKeys.keys = [
|
2015-05-19 20:28:56 +00:00
|
|
|
config.sshKeys.lass.pub
|
2015-04-09 23:36:40 +00:00
|
|
|
];
|
|
|
|
};
|
2015-05-19 20:28:56 +00:00
|
|
|
mainUser = {
|
2015-04-09 23:36:40 +00:00
|
|
|
uid = 1337;
|
|
|
|
name = "lass";
|
|
|
|
#isNormalUser = true;
|
|
|
|
group = "users";
|
|
|
|
createHome = true;
|
|
|
|
home = "/home/lass";
|
|
|
|
useDefaultShell = true;
|
|
|
|
isSystemUser = false;
|
|
|
|
description = "lassulus";
|
|
|
|
extraGroups = [ "wheel" ];
|
|
|
|
openssh.authorizedKeys.keys = [
|
2015-05-19 20:28:56 +00:00
|
|
|
config.sshKeys.lass.pub
|
2015-04-09 23:36:40 +00:00
|
|
|
];
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
|
|
];
|
|
|
|
|
|
|
|
services.openssh = {
|
|
|
|
enable = true;
|
|
|
|
hostKeys = [
|
|
|
|
# XXX bits here make no science
|
|
|
|
{ bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
|
|
|
|
];
|
|
|
|
permitRootLogin = "yes";
|
|
|
|
};
|
|
|
|
|
|
|
|
networking.firewall = {
|
|
|
|
enable = true;
|
|
|
|
|
|
|
|
allowedTCPPorts = [
|
|
|
|
22
|
|
|
|
];
|
|
|
|
};
|
|
|
|
|
|
|
|
}
|