Verified Commit 978bff0d authored by Matthias Adamczyk's avatar Matthias Adamczyk
Browse files

Rebase master

parent 4bfdb759
# Main entry point of the nixfiles.
# Gets imported by each host's `hosts/*/configuration.nix`
{ config, pkgs, lib, ... }:
{
......@@ -53,7 +55,6 @@
unzip
wget
whois
#(import ./vim.nix)
vim
vnstat
];
......@@ -63,6 +64,7 @@
# started in user sessions.
mtr.enable = true;
# Makes vim the default editor. Fight me :^)
vim.defaultEditor = true;
};
......
# Common configuration for desktop hosts.
# Gets imported by each host's `configuration.nix`
{ config, pkgs, ... }:
{
......@@ -89,17 +91,22 @@
inkscape
];
fonts.fonts = with pkgs; [
font-awesome
font-awesome_4
noto-fonts-emoji
ttf_bitstream_vera
];
fonts.fontconfig.defaultFonts = {
emoji = ["Noto Color Emoji"];
serif = ["Bitstream Vera Serif"];
sansSerif = ["Bitstream Vera Sans"];
monospace = ["Bitstream Vera Sans Mono"];
fonts = {
# Install the following fonts
fonts = with pkgs; [
font-awesome
font-awesome_4
noto-fonts-emoji
ttf_bitstream_vera
];
# Set the default fonts
fontconfig.defaultFonts = {
emoji = ["Noto Color Emoji"];
serif = ["Bitstream Vera Serif"];
sansSerif = ["Bitstream Vera Sans"];
monospace = ["Bitstream Vera Sans Mono"];
};
};
# Enable sound.
......@@ -109,6 +116,7 @@
nixpkgs.config.pulseaudio = true;
# Scanning
# TODO: Needs to be configured for the Honeynet
services.avahi.enable = true;
services.avahi.nssmdns = true;
hardware.sane = {
......@@ -170,7 +178,9 @@
steam.enable = true;
};
# Configure the following system services
services = {
# systemd-logind
logind = {
lidSwitch = "ignore";
extraConfig = ''
......@@ -178,7 +188,7 @@
'';
};
# CUPS
# CUPS: http://localhost:631
printing = {
enable = true;
};
......
# Common services for all hosts
{ config, pkgs, ... }:
{
......@@ -7,7 +8,8 @@
passwordAuthentication = false;
challengeResponseAuthentication = false;
};
# Network traffic statistics
vnstat.enable = true;
};
}
# Add the following user accounts on all hosts.
# TODO: Make it possible for users to log in with LDAP credentials.
{ config, pkgs, ... }:
{
let
defaultExtraGroups = [ "audio" "video" "lp" "scanner" ];
defaultUserName = "leeres_passwort";
mattiSSHKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGfsaYLgIy384e1rc+WD5bJBO/sUUFhUKhkOQifXEV6o matti@archlunix"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBxErCCAEa7gepD9Kib8t7PPz3FLol3d8C6gpeUt27F3 matti@kiffi"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFekeQ8o3swU8ZF7F1S+JwuKP/8l6AhQC5pRObtT6s0m matti@kipper"
];
in {
# These users are allowed to modify the nix store.
# If you want to get added to the wheel group, file a pull request.
# You should be familiar with Nix/NixOS, though.
nix.trustedUsers = [ "root" "@wheel" ];
security.sudo.wheelNeedsPassword = false;
users.users.leeres_passwort = {
isNormalUser = true;
extraGroups = [ "audio" "video" "lp" "scanner" ];
password = "";
};
services.xserver.displayManager.autoLogin = {
enable = true;
user = "leeres_passwort";
user = defaultUserName;
};
users.users.matti = {
isNormalUser = true;
hashedPassword = "$6$T.NrRYLg.2XS$I8i3FtdAqAC4pJlRuJxsQG/x9xBo83A0DdmdcJfWKdpcR/XBVk/bSW/pNr8iQc75JjBLwE99CNnWu.0fFxTOz.";
extraGroups = [ "wheel" "audio" "video" "lp" "scanner" ];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGfsaYLgIy384e1rc+WD5bJBO/sUUFhUKhkOQifXEV6o matti@archlunix"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBxErCCAEa7gepD9Kib8t7PPz3FLol3d8C6gpeUt27F3 matti@kiffi"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFekeQ8o3swU8ZF7F1S+JwuKP/8l6AhQC5pRObtT6s0m matti@kipper"
];
};
users.users.root = {
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGfsaYLgIy384e1rc+WD5bJBO/sUUFhUKhkOQifXEV6o matti@archlunix"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBxErCCAEa7gepD9Kib8t7PPz3FLol3d8C6gpeUt27F3 matti@kiffi"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFekeQ8o3swU8ZF7F1S+JwuKP/8l6AhQC5pRObtT6s0m matti@kipper"
];
users.users = {
"${defaultUserName}" = {
isNormalUser = true;
extraGroups = defaultExtraGroups;
password = "";
};
matti = {
isNormalUser = true;
hashedPassword = "$6$T.NrRYLg.2XS$I8i3FtdAqAC4pJlRuJxsQG/x9xBo83A0DdmdcJfWKdpcR/XBVk/bSW/pNr8iQc75JjBLwE99CNnWu.0fFxTOz.";
extraGroups = [ "wheel" "audio" "video" "lp" "scanner" ];
openssh.authorizedKeys.keys = mattiSSHKeys;
};
root = {
openssh.authorizedKeys.keys = mattiSSHKeys;
};
};
}
# Configure wireless networks
{ config, ... }:
{
......@@ -11,5 +12,7 @@
# Disable explicitly since it gets enabled by gnome
networkmanager.enable = false;
# TODO: Add/configure wpa_gui
};
}
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment