2017-02-02 16:31:19 +01:00
|
|
|
let secrets = import <secrets>;
|
|
|
|
|
in
|
2016-01-28 02:59:31 +01:00
|
|
|
{ config, pkgs, lib, ...}:
|
|
|
|
|
{
|
|
|
|
|
imports = [];
|
|
|
|
|
time.timeZone = "Europe/Amsterdam";
|
|
|
|
|
users.mutableUsers = false;
|
|
|
|
|
users.extraUsers.root = {
|
|
|
|
|
openssh.authorizedKeys.keys = config.users.extraUsers.yorick.openssh.authorizedKeys.keys;
|
2017-02-02 16:31:19 +01:00
|
|
|
# root password is useful from console, ssh has password logins disabled
|
|
|
|
|
hashedPassword = secrets.pennyworth_hashedPassword; # TODO: generate own
|
|
|
|
|
|
2016-01-28 02:59:31 +01:00
|
|
|
};
|
2016-12-08 15:31:45 +01:00
|
|
|
services.timesyncd.enable = true;
|
2016-01-28 02:59:31 +01:00
|
|
|
users.extraUsers.yorick = {
|
|
|
|
|
isNormalUser = true;
|
|
|
|
|
uid = 1000;
|
|
|
|
|
extraGroups = ["wheel"];
|
|
|
|
|
group = "users";
|
|
|
|
|
openssh.authorizedKeys.keys = with (import ../sshkeys.nix); [yorick];
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
# Nix
|
|
|
|
|
nixpkgs.config.allowUnfree = true;
|
|
|
|
|
|
|
|
|
|
|
2016-04-14 14:02:16 +02:00
|
|
|
nix.trustedBinaryCaches = config.nix.binaryCaches ++ [http://hydra.cryp.to];
|
|
|
|
|
nix.binaryCachePublicKeys = [
|
|
|
|
|
"hydra.cryp.to-1:8g6Hxvnp/O//5Q1bjjMTd5RO8ztTsG8DKPOAg9ANr2g="
|
|
|
|
|
];
|
2016-12-25 00:14:47 +01:00
|
|
|
nix.buildCores = config.nix.maxJobs;
|
2016-01-28 02:59:31 +01:00
|
|
|
|
|
|
|
|
nix.extraOptions = ''
|
|
|
|
|
allow-unsafe-native-code-during-evaluation = true
|
|
|
|
|
allow-unfree = true
|
2017-06-24 13:36:15 +02:00
|
|
|
#binary-caches-parallel-connections = 3
|
|
|
|
|
#connect-timeout = 5
|
2017-02-27 16:20:21 +01:00
|
|
|
keep-going = true
|
2016-01-28 02:59:31 +01:00
|
|
|
'';
|
|
|
|
|
|
|
|
|
|
# Networking
|
|
|
|
|
networking.enableIPv6 = false;
|
|
|
|
|
|
|
|
|
|
services.openssh = {
|
2017-02-02 16:31:19 +01:00
|
|
|
enable = true;
|
2016-01-28 02:59:31 +01:00
|
|
|
passwordAuthentication = false;
|
|
|
|
|
challengeResponseAuthentication = false;
|
|
|
|
|
};
|
|
|
|
|
|
2016-04-21 22:45:06 +02:00
|
|
|
services.tor = {
|
|
|
|
|
enable = true;
|
|
|
|
|
client.enable = true;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
programs.ssh.extraConfig = ''
|
|
|
|
|
Host *.onion
|
|
|
|
|
ProxyCommand nc -xlocalhost:9050 -X5 %h %p
|
2017-06-24 13:36:15 +02:00
|
|
|
'' +
|
|
|
|
|
(with lib; (flip concatMapStrings) (filter (hasPrefix "ssh.") (attrNames secrets.tor_hostnames)) (name: ''
|
|
|
|
|
Host ${removePrefix "ssh." name}.onion
|
|
|
|
|
hostname ${secrets.tor_hostnames.${name}}
|
|
|
|
|
''
|
|
|
|
|
));
|
2016-04-21 22:45:06 +02:00
|
|
|
|
2016-01-28 02:59:31 +01:00
|
|
|
environment.systemPackages = with pkgs; [
|
|
|
|
|
# v important.
|
|
|
|
|
cowsay ponysay
|
|
|
|
|
ed # ed, man!
|
|
|
|
|
sl
|
2018-02-25 21:29:39 +01:00
|
|
|
rlwrap
|
2016-01-28 02:59:31 +01:00
|
|
|
|
|
|
|
|
vim
|
|
|
|
|
|
|
|
|
|
# system stuff
|
|
|
|
|
ethtool inetutils
|
|
|
|
|
pciutils usbutils
|
|
|
|
|
iotop powertop htop
|
|
|
|
|
psmisc lsof
|
|
|
|
|
smartmontools hdparm
|
|
|
|
|
lm_sensors
|
|
|
|
|
ncdu
|
|
|
|
|
|
|
|
|
|
# utils
|
|
|
|
|
file which
|
|
|
|
|
reptyr
|
|
|
|
|
tmux
|
|
|
|
|
bc
|
2016-04-12 16:48:36 +02:00
|
|
|
mkpasswd
|
|
|
|
|
shadow
|
2016-01-28 02:59:31 +01:00
|
|
|
|
|
|
|
|
# archiving
|
|
|
|
|
xdelta
|
|
|
|
|
atool
|
|
|
|
|
unrar p7zip
|
|
|
|
|
unzip zip
|
|
|
|
|
|
|
|
|
|
# network
|
2016-04-21 22:42:07 +02:00
|
|
|
nmap mtr bind
|
2016-01-28 02:59:31 +01:00
|
|
|
socat netcat-openbsd
|
|
|
|
|
lftp wget rsync
|
|
|
|
|
|
|
|
|
|
git
|
|
|
|
|
nix-repl
|
|
|
|
|
rxvt_unicode.terminfo
|
|
|
|
|
];
|
|
|
|
|
nix.gc.automatic = true;
|
2017-02-02 16:58:48 +01:00
|
|
|
|
|
|
|
|
security.acme.preliminarySelfsigned = true;
|
2016-01-28 02:59:31 +01:00
|
|
|
}
|
|
|
|
|
|
