blob: 89cf72077a023554266095a7108b351b658e3c00 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
|
{ config, pkgs, lib, ... }:
{
boot.loader.grub.enable = false;
boot.loader.generic-extlinux-compatible.enable = true;
boot.kernelPackages = pkgs.linuxPackages_latest;
services.nixosManual.enable = false;
nix.binaryCaches = [ "http://nixos-arm.dezgeg.me/channel" ];
nix.binaryCachePublicKeys = [
"nixos-arm.dezgeg.me-1:xBaUKS3n17BZPKeyxL4JfbTqECsT+ysbDJz29kLFRW0=%"
];
nix.maxJobs = 3;
nix.extraOptions = ''
gc-keep-derivations = false
'';
nixpkgs.system = "armv7l-linux";
hardware.opengl.enable = false;
powerManagement.enable = false;
networking.hostName = "schaf";
networking.dhcpcd.allowInterfaces = [ "eth0" ];
time.timeZone = "Europe/Berlin";
fileSystems = {
"/boot" = {
device = "/dev/disk/by-label/NIXOS_BOOT";
fsType = "vfat";
};
"/" = {
device = "/dev/disk/by-label/NIXOS_SD";
fsType = "ext4";
};
"/home" = {
device = "/dev/disk/by-label/SCHAF_HOME";
fsType = "ext4";
};
"/nix" = {
device = "/dev/disk/by-label/NIX_SCHAF";
fsType = "ext4";
};
};
swapDevices = [ { device = "/swapfile"; size = 1024; } ];
services.openssh.enable = true;
services.openssh.permitRootLogin = "without-password";
networking.firewall.enable = false;
services.journald.extraConfig = "SystemMaxUse=10M";
environment.systemPackages = with pkgs; [
(unison.override { enableX11 = false; })
vim
sudo
git
dtach
cryptsetup
];
security.apparmor.enable = true;
virtualisation.lxc = {
enable = true;
usernetConfig = ''
lukas veth lxcbr0 10
'';
};
services.tor.enable = true;
services.tor.extraConfig = ''
HiddenServiceDir /var/lib/tor/hs
HiddenServicePort 22 127.0.0.1:22
HiddenServiceDir /var/lib/tor/books
HiddenServicePorT 22 127.0.0.1:22
'';
users.users.lukas = {
isNormalUser = true;
uid = 1000;
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDdsggyI+fin8c9FySJ1QtiwrExUD6UW5HCNQ5gniz1iUPkdxK9Xb1GcVIbQ2l7h9W7hz5w5bksPa6/ngrXoBRgztok1qzNT1eNA3GGhqVNqO7gQdag+vOReIxyHtcFUc/W7wIERC2zLCwfwCC+jAqsjonjZvnJsX0B0Ds6uGJ69B2U7U57/GcLoewEVjimrPl4aFWmnEMlCmse/vYAQLnTSBMskA2PEYMzs+YIlJtzhw3qv5Xuz3+AgRGarPM4mxSK/oIu4bIX8pwVbiX/GtDiqp8wz+hcQXIt4lnY3dvS5KklctB6VJPmXzrlRz9ujcrHmdOnuE4RSGim92QRMZiZVO7ET9G3wmxV/FiXAy9QBIn8xySr41rDdO5PVSwsKFBNOtLxubfeTlQRJ2eblp2ZJsATo1AdvMx+7PI7ZxrtaEuRyaPLnVn21YFq7slRzNeXx4UNxmRcMk/nOsVoMhFRUui+Vxv55aTZ03rThsV5fF02x5hT4zjCv3DjAQlhbNpBO8K1Dx09lubDa8aChqtamD9NQUgG8bhafeHtwUPoPK9yghEzlYKNh/I0Xv/V51lFkZLcfevMnVuKNEaVchBcx6Oh93kJhMpaASQ0UYvICYDU9hrSue42aR6riEx3XUZeBtJcvRKoBQSw0Crs0nzSPz1NOud2LcVGncp5pX/ICw== git@lukasepple.de"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCb+uVp/SRQnff7JxUIp+VomFrJBpo+ZIU7hyoaln9tAyVx3RW0B5XZlyZJSDXB4G4mn2fc0qpmY7AlEC2be4fzQSC8US5mKOgaoUz0nItdHg8MxDrBCxc8gR6s7/sbupEr0l48M+7GVQOhZV5yKjEF0XN3XnfDpL67tqjPSCxi9KYXLr8zEJCMaE0dKrAWMBUq3P/Q+pdciV1AOvjkrfiFWw1lM+CefOehEp3hwuCkUKOazKIGskx2MymtkFYdIjTeL/WJkT0mpzlUS3uJ3KCCsCgwDBs/hc7Fad4seDEWCAR7sP6OTXcM3Xd23Ygas9ogxLkinIVQzkfOM3eWoQ8JhjZXG2/tnf1JYHappjiBwm3uTxkCy+qRPwiF8+c6J/qHGKC4EPthaZWejpc9ZbZc6xPZEAtPr4MPdC7AtC12uNsJmWfQQVKUuBKAMrkh5LVjIRAfa3pDy1Vzf1wxohH+CVjCp/lpNr9nzhoY1ahAxS+r22zLdmM70R0R1B8PGRRFIIDj7r+0dRG4Oneg1Y9WvuIscrBaqcH9HGS2zfy+r1EvDoXZBQ4jdfQdMp8OHlqOLLV3F/BkMk8NN6rEqZ+flcK++E98ZodIGE4Ekis3eWuyk496d4Tzc5L/tEITl1d6V1GOBbdVNMWJAvL5T3WZVxlrywOcxLjIop9pgcdhnw== git@lukasepple.de"
];
shell = "${pkgs.fish}/bin/fish";
group = "users";
extraGroups = [ "wheel" ];
};
users.users.books = {
uid = 1001;
isNormalUser = true;
group = "users";
};
programs.fish.enable = true;
system.stateVersion = "unstable";
}
|
