diff options
Diffstat (limited to 'machines/sternenseemann/schaf.nix')
-rw-r--r-- | machines/sternenseemann/schaf.nix | 105 |
1 files changed, 105 insertions, 0 deletions
diff --git a/machines/sternenseemann/schaf.nix b/machines/sternenseemann/schaf.nix new file mode 100644 index 00000000..89cf7207 --- /dev/null +++ b/machines/sternenseemann/schaf.nix @@ -0,0 +1,105 @@ +{ config, pkgs, lib, ... }: +{ + boot.loader.grub.enable = false; + boot.loader.generic-extlinux-compatible.enable = true; + + boot.kernelPackages = pkgs.linuxPackages_latest; + + services.nixosManual.enable = false; + + nix.binaryCaches = [ "http://nixos-arm.dezgeg.me/channel" ]; + + nix.binaryCachePublicKeys = [ + "nixos-arm.dezgeg.me-1:xBaUKS3n17BZPKeyxL4JfbTqECsT+ysbDJz29kLFRW0=%" + ]; + + nix.maxJobs = 3; + nix.extraOptions = '' + gc-keep-derivations = false + ''; + + nixpkgs.system = "armv7l-linux"; + hardware.opengl.enable = false; + powerManagement.enable = false; + + networking.hostName = "schaf"; + networking.dhcpcd.allowInterfaces = [ "eth0" ]; + + time.timeZone = "Europe/Berlin"; + + + fileSystems = { + "/boot" = { + device = "/dev/disk/by-label/NIXOS_BOOT"; + fsType = "vfat"; + }; + "/" = { + device = "/dev/disk/by-label/NIXOS_SD"; + fsType = "ext4"; + }; + "/home" = { + device = "/dev/disk/by-label/SCHAF_HOME"; + fsType = "ext4"; + }; + "/nix" = { + device = "/dev/disk/by-label/NIX_SCHAF"; + fsType = "ext4"; + }; + }; + + swapDevices = [ { device = "/swapfile"; size = 1024; } ]; + + services.openssh.enable = true; + services.openssh.permitRootLogin = "without-password"; + networking.firewall.enable = false; + + services.journald.extraConfig = "SystemMaxUse=10M"; + + environment.systemPackages = with pkgs; [ + (unison.override { enableX11 = false; }) + vim + sudo + git + dtach + cryptsetup + ]; + + security.apparmor.enable = true; + virtualisation.lxc = { + enable = true; + usernetConfig = '' + lukas veth lxcbr0 10 + ''; + }; + + services.tor.enable = true; + services.tor.extraConfig = '' + HiddenServiceDir /var/lib/tor/hs + HiddenServicePort 22 127.0.0.1:22 + + HiddenServiceDir /var/lib/tor/books + HiddenServicePorT 22 127.0.0.1:22 + ''; + + users.users.lukas = { + isNormalUser = true; + uid = 1000; + openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDdsggyI+fin8c9FySJ1QtiwrExUD6UW5HCNQ5gniz1iUPkdxK9Xb1GcVIbQ2l7h9W7hz5w5bksPa6/ngrXoBRgztok1qzNT1eNA3GGhqVNqO7gQdag+vOReIxyHtcFUc/W7wIERC2zLCwfwCC+jAqsjonjZvnJsX0B0Ds6uGJ69B2U7U57/GcLoewEVjimrPl4aFWmnEMlCmse/vYAQLnTSBMskA2PEYMzs+YIlJtzhw3qv5Xuz3+AgRGarPM4mxSK/oIu4bIX8pwVbiX/GtDiqp8wz+hcQXIt4lnY3dvS5KklctB6VJPmXzrlRz9ujcrHmdOnuE4RSGim92QRMZiZVO7ET9G3wmxV/FiXAy9QBIn8xySr41rDdO5PVSwsKFBNOtLxubfeTlQRJ2eblp2ZJsATo1AdvMx+7PI7ZxrtaEuRyaPLnVn21YFq7slRzNeXx4UNxmRcMk/nOsVoMhFRUui+Vxv55aTZ03rThsV5fF02x5hT4zjCv3DjAQlhbNpBO8K1Dx09lubDa8aChqtamD9NQUgG8bhafeHtwUPoPK9yghEzlYKNh/I0Xv/V51lFkZLcfevMnVuKNEaVchBcx6Oh93kJhMpaASQ0UYvICYDU9hrSue42aR6riEx3XUZeBtJcvRKoBQSw0Crs0nzSPz1NOud2LcVGncp5pX/ICw== git@lukasepple.de" + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCb+uVp/SRQnff7JxUIp+VomFrJBpo+ZIU7hyoaln9tAyVx3RW0B5XZlyZJSDXB4G4mn2fc0qpmY7AlEC2be4fzQSC8US5mKOgaoUz0nItdHg8MxDrBCxc8gR6s7/sbupEr0l48M+7GVQOhZV5yKjEF0XN3XnfDpL67tqjPSCxi9KYXLr8zEJCMaE0dKrAWMBUq3P/Q+pdciV1AOvjkrfiFWw1lM+CefOehEp3hwuCkUKOazKIGskx2MymtkFYdIjTeL/WJkT0mpzlUS3uJ3KCCsCgwDBs/hc7Fad4seDEWCAR7sP6OTXcM3Xd23Ygas9ogxLkinIVQzkfOM3eWoQ8JhjZXG2/tnf1JYHappjiBwm3uTxkCy+qRPwiF8+c6J/qHGKC4EPthaZWejpc9ZbZc6xPZEAtPr4MPdC7AtC12uNsJmWfQQVKUuBKAMrkh5LVjIRAfa3pDy1Vzf1wxohH+CVjCp/lpNr9nzhoY1ahAxS+r22zLdmM70R0R1B8PGRRFIIDj7r+0dRG4Oneg1Y9WvuIscrBaqcH9HGS2zfy+r1EvDoXZBQ4jdfQdMp8OHlqOLLV3F/BkMk8NN6rEqZ+flcK++E98ZodIGE4Ekis3eWuyk496d4Tzc5L/tEITl1d6V1GOBbdVNMWJAvL5T3WZVxlrywOcxLjIop9pgcdhnw== git@lukasepple.de" + ]; + shell = "${pkgs.fish}/bin/fish"; + group = "users"; + extraGroups = [ "wheel" ]; + }; + + users.users.books = { + uid = 1001; + isNormalUser = true; + group = "users"; + }; + + programs.fish.enable = true; + + system.stateVersion = "unstable"; +} |