lots of small fixes
This commit is contained in:
parent
db4b4d4b45
commit
9b599adc07
@ -1,9 +1,14 @@
|
||||
# https://EditorConfig.org
|
||||
root = true
|
||||
|
||||
[*]
|
||||
end_of_line = lf
|
||||
insert_final_newline = true
|
||||
|
||||
[*.nix]
|
||||
indent_size = 2
|
||||
indent_style = space
|
||||
indent_size = 2
|
||||
|
||||
[Makefile]
|
||||
indent_style = tab
|
||||
|
||||
[*.py]
|
||||
indent_size = 4
|
||||
|
@ -1,4 +1,4 @@
|
||||
|
||||
# via https://nixos.wiki/wiki/CUDA
|
||||
{
|
||||
nix = {
|
||||
settings = {
|
||||
|
@ -25,8 +25,11 @@
|
||||
nix.gc.options = "--delete-older-than 30d";
|
||||
|
||||
imports = [
|
||||
./hardware-configuration.nix # results of hardware scan
|
||||
./cachix.nix
|
||||
(if builtins.pathExists ./hardware-configuration.nix
|
||||
then ./hardware-configuration.nix # results of hardware scan
|
||||
else {}
|
||||
)
|
||||
|
||||
./profiles/web
|
||||
./profiles/web/index
|
||||
@ -67,10 +70,11 @@
|
||||
./profiles/web/linktree-pbsds
|
||||
./profiles/web/refleksjon-no
|
||||
./profiles/web/roroslyd-no
|
||||
./profiles/web/trivial-gradios
|
||||
./profiles/web/censordodge
|
||||
./profiles/web/openspeedtest
|
||||
#./profiles/web/trivial-gradios
|
||||
#./profiles/web/censordodge
|
||||
#./profiles/web/openspeedtest
|
||||
|
||||
./profiles/domeneshop-dyndns # TODO: olavtr is hardcoded...
|
||||
./profiles/code-remote
|
||||
./profiles/remote-builders #
|
||||
./profiles/nfs/reidun.nix # NFS mounts
|
||||
@ -78,23 +82,19 @@
|
||||
#./profiles/xrdp
|
||||
|
||||
./users
|
||||
#./users/pbsds # todo: <- make this possible
|
||||
|
||||
# How to override package used by module
|
||||
# https://github.com/NixOS/nixpkgs/issues/55366
|
||||
# TODO: move to where relevant
|
||||
<nixos-unstable/nixos/modules/services/misc/jellyfin.nix>
|
||||
<nixos-unstable/nixos/modules/services/web-apps/invidious.nix>
|
||||
#./users/pbsds
|
||||
./users/all.nix
|
||||
];
|
||||
disabledModules = [
|
||||
"services/misc/jellyfin.nix"
|
||||
"services/web-apps/invidious.nix"
|
||||
];
|
||||
services.jellyfin.package = pkgs.unstable.jellyfin;
|
||||
services.invidious.package = pkgs.unstable.invidious;
|
||||
|
||||
# TODO: remove? Move to where relevant
|
||||
nixpkgs.overlays = [ (import ./overlays) ];
|
||||
nixpkgs.overlays = [
|
||||
/** /
|
||||
(final: prev: {
|
||||
mapcrafter = prev.callPackage /home/pbsds/repos/nixpkgs-mapcrafter/pkgs/tools/games/minecraft/mapcrafter/default.nix { };
|
||||
mapcrafter-world112 = prev.callPackage /home/pbsds/repos/nixpkgs-mapcrafter/pkgs/tools/games/minecraft/mapcrafter/default.nix { world="world112"; };
|
||||
})
|
||||
/**/
|
||||
];
|
||||
|
||||
# Allow unstable packages.
|
||||
nixpkgs.config.packageOverrides = pkgs: {
|
||||
@ -131,13 +131,10 @@
|
||||
|
||||
# Virtualization
|
||||
|
||||
#services.docker.enable = true;
|
||||
virtualisation = {
|
||||
podman.enable = true;
|
||||
# TODO: are these default since 22.11?
|
||||
podman.dockerCompat = true; # alias docker to podman
|
||||
oci-containers.backend = "podman";
|
||||
};
|
||||
virtualisation.podman.enable = true;
|
||||
# TODO: are these default since 22.11?
|
||||
virtualisation.podman.dockerCompat = true; # alias docker to podman
|
||||
virtualisation.oci-containers.backend = "podman";
|
||||
|
||||
|
||||
# Networking
|
||||
@ -174,26 +171,22 @@
|
||||
#networking.firewall.allowedUDPPorts = [ ... ];
|
||||
|
||||
|
||||
|
||||
# Time zone and internationalisation properties.
|
||||
|
||||
time.timeZone = "Europe/Oslo";
|
||||
i18n.defaultLocale = "en_US.utf8";
|
||||
i18n.extraLocaleSettings = {
|
||||
LC_ADDRESS = "nb_NO.utf8";
|
||||
LC_IDENTIFICATION = "nb_NO.utf8";
|
||||
LC_MEASUREMENT = "nb_NO.utf8";
|
||||
LC_MONETARY = "nb_NO.utf8";
|
||||
LC_NAME = "nb_NO.utf8";
|
||||
LC_NUMERIC = "nb_NO.utf8";
|
||||
LC_PAPER = "nb_NO.utf8";
|
||||
LC_TELEPHONE = "nb_NO.utf8";
|
||||
LC_TIME = "nb_NO.utf8";
|
||||
};
|
||||
services.xserver.layout = "no";
|
||||
i18n.extraLocaleSettings.LC_ADDRESS = "nb_NO.utf8";
|
||||
i18n.extraLocaleSettings.LC_IDENTIFICATION = "nb_NO.utf8";
|
||||
i18n.extraLocaleSettings.LC_MEASUREMENT = "nb_NO.utf8";
|
||||
i18n.extraLocaleSettings.LC_MONETARY = "nb_NO.utf8";
|
||||
i18n.extraLocaleSettings.LC_NAME = "nb_NO.utf8";
|
||||
i18n.extraLocaleSettings.LC_NUMERIC = "nb_NO.utf8";
|
||||
i18n.extraLocaleSettings.LC_PAPER = "nb_NO.utf8";
|
||||
i18n.extraLocaleSettings.LC_TELEPHONE = "nb_NO.utf8";
|
||||
i18n.extraLocaleSettings.LC_TIME = "nb_NO.utf8";
|
||||
console.keyMap = "no";
|
||||
services.xserver.layout = "no";
|
||||
services.xserver.xkbVariant = "";
|
||||
console.keyMap = "no";
|
||||
|
||||
|
||||
|
||||
# Installed system packages
|
||||
@ -264,7 +257,7 @@
|
||||
glances
|
||||
zenith
|
||||
fzf
|
||||
tealdeer #tldr
|
||||
tealdeer # tldr
|
||||
entr
|
||||
axel aria
|
||||
bat
|
||||
@ -278,7 +271,7 @@
|
||||
htmlq
|
||||
sysz
|
||||
du-dust # du alternative
|
||||
ncdu # Disk usage analyzer with an ncurses interface
|
||||
ncdu # Disk usage analyzer with an ncurses interface
|
||||
|
||||
gh
|
||||
hub
|
||||
@ -294,7 +287,8 @@
|
||||
|
||||
];
|
||||
|
||||
# TODO: make this root only?
|
||||
# TODO: somehow make this root only?
|
||||
# TODO: zsh
|
||||
programs.bash.shellInit = ''
|
||||
if command -v fzf-share >/dev/null; then
|
||||
source "$(fzf-share)/key-bindings.bash"
|
||||
@ -304,7 +298,7 @@
|
||||
|
||||
# TODO: make this root only?
|
||||
programs.bash.shellAliases."ed" = "micro"; # TODO: ${EDITOR:-micro}
|
||||
environment.variables."EDITOR" = "micro";
|
||||
environment.variables."EDITOR" = "micro";
|
||||
|
||||
# TODO: remove? Move?
|
||||
programs.dconf.enable = true;
|
||||
@ -335,43 +329,6 @@
|
||||
services.openssh.forwardX11 = true;
|
||||
|
||||
|
||||
# auto domain update
|
||||
systemd.services.domeneshop-updater = {
|
||||
description = "domene.shop domain updater";
|
||||
#after = [ "something?.service" ];
|
||||
#wants = [ "something?.service" ];
|
||||
serviceConfig = let
|
||||
prog = pkgs.writeShellApplication {
|
||||
name = "domeneshop-dyndns-updater.sh";
|
||||
runtimeInputs = with pkgs; [ curl yq ];
|
||||
text = ''
|
||||
test -s /var/lib/secrets/domeneshop.toml || {
|
||||
>&2 echo "ERROR: /var/lib/secrets/domeneshop.toml not found!"
|
||||
exit 1
|
||||
}
|
||||
DOMENESHOP_TOKEN="$(tomlq .secrets.DOMENESHOP_TOKEN /var/lib/secrets/domeneshop.toml --raw-output)"
|
||||
DOMENESHOP_SECRET="$(tomlq .secrets.DOMENESHOP_SECRET /var/lib/secrets/domeneshop.toml --raw-output)"
|
||||
curl https://"$DOMENESHOP_TOKEN":"$DOMENESHOP_SECRET"@api.domeneshop.no/v0/dyndns/update?hostname=olavtr.pbsds.net
|
||||
'';
|
||||
};
|
||||
in {
|
||||
User = "domeneshop";
|
||||
Group = "domeneshop";
|
||||
DynamicUser = true;
|
||||
ExecStart = "${prog}/bin/domeneshop-dyndns-updater.sh";
|
||||
PrivateTmp = true;
|
||||
};
|
||||
};
|
||||
systemd.timers.domeneshop-updater = let interval = "5h"; in {
|
||||
description = "Update domene.shop every ${interval}";
|
||||
wantedBy = [ "timers.target" ];
|
||||
timerConfig = {
|
||||
OnBootSec = "5m";
|
||||
OnUnitInactiveSec = interval;
|
||||
Unit = "domeneshop-updater.service";
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
# This value determines the NixOS release from which the default
|
||||
# settings for stateful data, like file locations and database versions
|
||||
@ -380,6 +337,4 @@
|
||||
# Before changing this value read the documentation for this option
|
||||
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
||||
system.stateVersion = "22.11"; # Did you read the comment?
|
||||
#system.stateVersion = "22.05"; # Did you read the comment?
|
||||
|
||||
}
|
||||
|
@ -1,46 +0,0 @@
|
||||
# https://nixos.wiki/wiki/Overlays
|
||||
let
|
||||
|
||||
# WARNING: this works for nixos-rebuild, but not for the nix-build trick shown on the bottom
|
||||
#testing = import (fetchTarball {
|
||||
# name = "pr-180823";
|
||||
# url = "https://github.com/r-ryantm/nixpkgs/archive/cfe56470cb641985d43adba690d5bca5453110fe.tar.gz";
|
||||
# sha256 = "0rbncjp2a99l6i4z7w2m86l40m33b3dl9qficfny47kqcfpgyx0b";
|
||||
#}) {
|
||||
# #config = prev.config;
|
||||
#};
|
||||
|
||||
overridePythonPackages = old: {
|
||||
overrides = final: prev: {
|
||||
|
||||
#pdoc = final.callPackage /home/pbsds/repos/nixpkgs-pdoc/pkgs/development/python-modules/pdoc { };
|
||||
|
||||
#domeneshop = final.callPackage /home/pbsds/repos/nixpkgs-domemeshop/pkgs/development/python-modules/domeneshop { };
|
||||
|
||||
#shap = final.callPackage /home/pbsds/repos/nixpkgs-catboost/pkgs/development/python-modules/shap { };
|
||||
#catboost = final.callPackage /home/pbsds/repos/nixpkgs-catboost/pkgs/development/python-modules/catboost { };
|
||||
analytics-python = final.callPackage /home/pbsds/repos/nixpkgs-gradio/pkgs/development/python-modules/analytics-python { };
|
||||
ffmpy = final.callPackage /home/pbsds/repos/nixpkgs-gradio/pkgs/development/python-modules/ffmpy { };
|
||||
markdown-it-py = final.callPackage /home/pbsds/repos/nixpkgs-gradio/pkgs/development/python-modules/markdown-it-py { };
|
||||
gradio = final.callPackage /home/pbsds/repos/nixpkgs-gradio/pkgs/development/python-modules/gradio { };
|
||||
|
||||
trivial-gradios = final.callPackage ./trivial-gradios { };
|
||||
|
||||
};
|
||||
};
|
||||
in final: prev: {
|
||||
|
||||
#rallly = prev.callPackage ./rallly { };
|
||||
|
||||
mapcrafter = prev.callPackage /home/pbsds/repos/nixpkgs-mapcrafter/pkgs/tools/games/minecraft/mapcrafter/default.nix { };
|
||||
mapcrafter-world112 = prev.callPackage /home/pbsds/repos/nixpkgs-mapcrafter/pkgs/tools/games/minecraft/mapcrafter/default.nix { world="world112"; };
|
||||
|
||||
#python3.pkgs = prev.python3.pkgs.override overridePythonPackages;
|
||||
python3Packages = prev.python3Packages.override overridePythonPackages;
|
||||
|
||||
}
|
||||
|
||||
# How to test:
|
||||
# nix-build -E 'with import <nixpkgs> { overlays = [ (import ./. ) ]; }; MY_PACKAGE'
|
||||
|
||||
# warning: using testing or unstable here (^) will infinitely recurse.
|
40
profiles/domeneshop-dyndns/default.nix
Normal file
40
profiles/domeneshop-dyndns/default.nix
Normal file
@ -0,0 +1,40 @@
|
||||
{ config, pkgs, lib, ... }:
|
||||
{
|
||||
# auto domain update
|
||||
|
||||
systemd.services.domeneshop-updater = {
|
||||
description = "domene.shop domain updater";
|
||||
#after = [ "something?.service" ];
|
||||
#wants = [ "something?.service" ];
|
||||
serviceConfig = let
|
||||
prog = pkgs.writeShellApplication {
|
||||
name = "domeneshop-dyndns-updater.sh";
|
||||
runtimeInputs = with pkgs; [ curl yq ];
|
||||
text = ''
|
||||
test -s /var/lib/secrets/domeneshop.toml || {
|
||||
>&2 echo "ERROR: /var/lib/secrets/domeneshop.toml not found!"
|
||||
exit 1
|
||||
}
|
||||
DOMENESHOP_TOKEN="$( tomlq </var/lib/secrets/domeneshop.toml .secrets.DOMENESHOP_TOKEN --raw-output)"
|
||||
DOMENESHOP_SECRET="$(tomlq </var/lib/secrets/domeneshop.toml .secrets.DOMENESHOP_SECRET --raw-output)"
|
||||
curl https://"$DOMENESHOP_TOKEN":"$DOMENESHOP_SECRET"@api.domeneshop.no/v0/dyndns/update?hostname=olavtr.pbsds.net
|
||||
'';
|
||||
};
|
||||
in {
|
||||
User = "domeneshop";
|
||||
Group = "domeneshop";
|
||||
DynamicUser = true;
|
||||
ExecStart = "${prog}/bin/domeneshop-dyndns-updater.sh";
|
||||
PrivateTmp = true;
|
||||
};
|
||||
};
|
||||
systemd.timers.domeneshop-updater = let interval = "5h"; in {
|
||||
description = "Update domene.shop every ${interval}";
|
||||
wantedBy = [ "timers.target" ];
|
||||
timerConfig = {
|
||||
OnBootSec = "5m";
|
||||
OnUnitInactiveSec = interval;
|
||||
Unit = "domeneshop-updater.service";
|
||||
};
|
||||
};
|
||||
}
|
@ -1,5 +1 @@
|
||||
* [ ] mv nas/default.nix nas.nix
|
||||
* [ ] mv website/default.nix website.nix
|
||||
* [ ] move each part into web-services, and import them as modules
|
||||
* [ ] make mkDomain a function
|
||||
* [ ] make ACME a function
|
||||
|
@ -3,6 +3,14 @@
|
||||
# Invidious
|
||||
# An open source alternative front-end to YouTube
|
||||
|
||||
/**/
|
||||
imports = [
|
||||
({ disabledModules = [ "services/web-apps/invidious.nix" ]; })
|
||||
<nixos-unstable/nixos/modules/services/web-apps/invidious.nix>
|
||||
({ services.invidious.package = pkgs.unstable.invidious; })
|
||||
];
|
||||
/**/
|
||||
|
||||
services.invidious = {
|
||||
enable = true;
|
||||
domain = mkDomain "invidious";
|
||||
|
@ -2,6 +2,14 @@
|
||||
{
|
||||
# Jellyfin
|
||||
|
||||
/**/
|
||||
imports = [
|
||||
({ disabledModules = [ "services/misc/jellyfin.nix" ]; })
|
||||
<nixos-unstable/nixos/modules/services/misc/jellyfin.nix>
|
||||
({ services.jellyfin.package = pkgs.unstable.jellyfin; })
|
||||
];
|
||||
/**/
|
||||
|
||||
services.jellyfin = {
|
||||
enable = true; # don't enable unless you intend to first-time-setup the admin user
|
||||
# from https://jellyfin.org/docs/general/networking/index.html:
|
||||
|
@ -1,26 +1,20 @@
|
||||
* [ ] cryptpad
|
||||
* [ ] upterm / tmate
|
||||
* [ ] shlink ?
|
||||
* [ ] mailcatcher
|
||||
* configure stuff to send its shit here
|
||||
# TODO: kukkee or rallly
|
||||
# https://noted.lol/2-self-hosted-alternatives-to-doodle-meeting-scheduling/
|
||||
#https://rallly.co/
|
||||
* [ ] https://noted.lol/2-self-hosted-alternatives-to-doodle-meeting-scheduling/
|
||||
* [ ] kukkee
|
||||
* [ ] rallly - https://rallly.co/
|
||||
* [ ] Rocketchat - A self-hosted discord/slack alternative
|
||||
* [ ] upterm / tmate - Secure terminal-session sharing
|
||||
|
||||
|
||||
# upterm
|
||||
# Secure terminal-session sharing
|
||||
|
||||
services.uptermd = {
|
||||
enable = false;
|
||||
openFirewall = true;
|
||||
#listenAddress # default is "[::]";
|
||||
#port = 2222; # default is 2222, uses ssh
|
||||
#extraFlags
|
||||
#hostKey = null;
|
||||
};
|
||||
|
||||
|
||||
# Rocketchat
|
||||
# A self-hosted discord/slack alternative
|
||||
# TODO, docker exists, but no nixos module
|
||||
```
|
||||
services.uptermd = {
|
||||
enable = false;
|
||||
openFirewall = true;
|
||||
#listenAddress # default is "[::]";
|
||||
#port = 2222; # default is 2222, uses ssh
|
||||
#extraFlags
|
||||
#hostKey = null;
|
||||
};
|
||||
```
|
||||
|
@ -2,6 +2,24 @@
|
||||
{
|
||||
# trivial gradios
|
||||
|
||||
/** /
|
||||
nixpkgs.overlays = [
|
||||
(final: prev: {
|
||||
python3Packages = prev.python3Packages.override (old: {
|
||||
overrides = final: prev: {
|
||||
#shap = final.callPackage /home/pbsds/repos/nixpkgs-catboost/pkgs/development/python-modules/shap { };
|
||||
#catboost = final.callPackage /home/pbsds/repos/nixpkgs-catboost/pkgs/development/python-modules/catboost { };
|
||||
analytics-python = final.callPackage /home/pbsds/repos/nixpkgs-gradio/pkgs/development/python-modules/analytics-python { };
|
||||
ffmpy = final.callPackage /home/pbsds/repos/nixpkgs-gradio/pkgs/development/python-modules/ffmpy { };
|
||||
markdown-it-py = final.callPackage /home/pbsds/repos/nixpkgs-gradio/pkgs/development/python-modules/markdown-it-py { };
|
||||
gradio = final.callPackage /home/pbsds/repos/nixpkgs-gradio/pkgs/development/python-modules/gradio { };
|
||||
trivial-gradios = final.callPackage ./pkg { };
|
||||
};
|
||||
});
|
||||
})
|
||||
];
|
||||
/**/
|
||||
|
||||
/** /
|
||||
systemd.services.trivial-gradios-heritage-graph = {
|
||||
description = pkgs.python3Packages.trivial-gradios.meta.description;
|
||||
|
9
users/all.nix
Normal file
9
users/all.nix
Normal file
@ -0,0 +1,9 @@
|
||||
{ config, pkgs, lib, ... }:
|
||||
let
|
||||
to-import = name: value: ./. + ("/" + name);
|
||||
filter-users = key: val: val == "directory" && lib.pathExists "${./.}${key}/default.nix";
|
||||
imports = lib.mapAttrsToList to-import (lib.filterAttrs filter-users (builtins.readDir ./.));
|
||||
in
|
||||
{
|
||||
inherit imports;
|
||||
}
|
@ -1,31 +1,6 @@
|
||||
{ config, pkgs, lib, ... }:
|
||||
|
||||
{
|
||||
# User accounts
|
||||
# Don't forget to set a password with ‘passwd’!
|
||||
|
||||
imports = [
|
||||
<home-manager/nixos>
|
||||
./pbsds
|
||||
];
|
||||
|
||||
home-manager.useGlobalPkgs = true;
|
||||
|
||||
# TODO: nas stuff
|
||||
# TODO: can uid mapping be done at nfs level?
|
||||
users.users.pbsds.uid = 1001;
|
||||
users.groups.pbsds.gid = 1001;
|
||||
|
||||
users.users.jornane = {
|
||||
isNormalUser = true;
|
||||
uid = 1002;
|
||||
description = "jornane";
|
||||
extraGroups = [ "networkmanager" "wheel" ]; # TODO: NAS stuff
|
||||
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDhGRFktIRrppVVILraEn5eTrANBIBMcpNT4qvNcd7Ut"
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAA/UAomSQjOHb4Im0TV70f7Jb/JpsQDd7YKHCXBmjmsrXi2dJVpw/tn+FzP4d2XJXm38hVN89yG+PQwZhf3PSHBaB4DXqFnVLFNWXTRyPPnc1U9uTEvLnZPpVJ/iv2zuS73QHrDcBdIubtdnsr239dJizUJJKwSMHszhOAN4AMYS9WivozdmyS+3o4p8mSp+tOWhq0hmVewnH0teTaHASpvE0V65xW9RGc5AWx0PgkGTXScOOf4/N8oXILn6mepODstlRKCZnBsC/LaXgJsk2+BX/Q/t4V0ytHh9iYblSavNjZZXRvygvkmV/eYAJAJ+igHubs2fEDsXfRj9J0O6JWjAmsELObCYGRbg9QkvaRq5EQgDoSW64iQUmbfB8NmYyXxg4fh0xBUrX87YkYvtHznWzD8hZkqRfj4K9Ixfk1Bsaxb5ubU3/mjGLOpZZ47zEqoen43rUxLq+eeMEQGDbq3mAcA6uX73MvBTzERrfh93rojwlUHEUDoUYyq7aN6Y9vF8/gy3KT2+pvAoUy4NDImSmJTwVcFJ+qUsAaGMECKiznte3Qn8TiD5G9nqeqCoA9edegM2N0z+ovsiXRxVqQDPh3cz/VPSsTKa8jNxhFpw4Q6KzDrtQOKXDkrhSKTxozVLYw2rYCkd2odOhjIJiN63UTNSm2z37ckKbOCqDy6LwW2ls4OzH/LOz2QDkMCwe7MYMrC66wanDhsRUZwlbSEs8aB25NB6OGg61hId3SLS8HzJ+4dmbHhciZm0oJlKRSMAqMLO6o9OVguJOl1td71rhnqAbp4UuaMqm5Zzut1ET+zkYB4t2voTuMhSrEJn1RS4hxR2rWt5jF9Nn67Mu70c0K2DE7FXqldGALC87GO7PHLTnNRg3o8FCkmVYlHNUEqHR56Incg5sC6KS9G1RL3KEHzjgzz8RjFXR5p1Qj+ZZjObVuENdWuqk7gQaxsyocCCB4pbBtF9AYDOIIGCn8rJSKUFvD8KIaTpWFsFoUXanSnAiSCT98GhfIBLbgAt4yJmegRKOML/cxplCh0z9MkNlfPdVU+LI/2RSj3NJpxd/KuR1l73IpgVNcbumXefAY95ztB/w067ZHCFlO0r+Q42NacthsMDc4Ffd+grLpo7KSmDRc+L9YdRNDgLZMbfIimHYIRRMdvEMEICXe1tUvtKBSfU1goTSXXYK2fLOBfOFIXCQponfgZ04klRjgpzCtv8juCOOrHU6r/FpIRkDNbwjWm9i8yBacZGT30bwjK8UW6JSFvDDu747f0ztKyQew8hEivOyqGDwZyrhFImasulsS0/7DB07oUQtaXJ7J8ucGsarttt02D6K8yuCh5bqEVk5Fy4Xlw=="
|
||||
];
|
||||
};
|
||||
|
||||
imports = [ <home-manager/nixos> ];
|
||||
home-manager.useGlobalPkgs = true; # brrr
|
||||
# When adding a new user accounts: Don't forget to set a password with ‘passwd’!
|
||||
}
|
||||
|
14
users/jornane/default.nix
Normal file
14
users/jornane/default.nix
Normal file
@ -0,0 +1,14 @@
|
||||
{ config, pkgs, lib, ... }:
|
||||
{
|
||||
users.users.jornane = {
|
||||
isNormalUser = true;
|
||||
uid = 1002;
|
||||
description = "jornane";
|
||||
extraGroups = [ "networkmanager" "wheel" ]; # TODO: NAS stuff
|
||||
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDhGRFktIRrppVVILraEn5eTrANBIBMcpNT4qvNcd7Ut"
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAA/UAomSQjOHb4Im0TV70f7Jb/JpsQDd7YKHCXBmjmsrXi2dJVpw/tn+FzP4d2XJXm38hVN89yG+PQwZhf3PSHBaB4DXqFnVLFNWXTRyPPnc1U9uTEvLnZPpVJ/iv2zuS73QHrDcBdIubtdnsr239dJizUJJKwSMHszhOAN4AMYS9WivozdmyS+3o4p8mSp+tOWhq0hmVewnH0teTaHASpvE0V65xW9RGc5AWx0PgkGTXScOOf4/N8oXILn6mepODstlRKCZnBsC/LaXgJsk2+BX/Q/t4V0ytHh9iYblSavNjZZXRvygvkmV/eYAJAJ+igHubs2fEDsXfRj9J0O6JWjAmsELObCYGRbg9QkvaRq5EQgDoSW64iQUmbfB8NmYyXxg4fh0xBUrX87YkYvtHznWzD8hZkqRfj4K9Ixfk1Bsaxb5ubU3/mjGLOpZZ47zEqoen43rUxLq+eeMEQGDbq3mAcA6uX73MvBTzERrfh93rojwlUHEUDoUYyq7aN6Y9vF8/gy3KT2+pvAoUy4NDImSmJTwVcFJ+qUsAaGMECKiznte3Qn8TiD5G9nqeqCoA9edegM2N0z+ovsiXRxVqQDPh3cz/VPSsTKa8jNxhFpw4Q6KzDrtQOKXDkrhSKTxozVLYw2rYCkd2odOhjIJiN63UTNSm2z37ckKbOCqDy6LwW2ls4OzH/LOz2QDkMCwe7MYMrC66wanDhsRUZwlbSEs8aB25NB6OGg61hId3SLS8HzJ+4dmbHhciZm0oJlKRSMAqMLO6o9OVguJOl1td71rhnqAbp4UuaMqm5Zzut1ET+zkYB4t2voTuMhSrEJn1RS4hxR2rWt5jF9Nn67Mu70c0K2DE7FXqldGALC87GO7PHLTnNRg3o8FCkmVYlHNUEqHR56Incg5sC6KS9G1RL3KEHzjgzz8RjFXR5p1Qj+ZZjObVuENdWuqk7gQaxsyocCCB4pbBtF9AYDOIIGCn8rJSKUFvD8KIaTpWFsFoUXanSnAiSCT98GhfIBLbgAt4yJmegRKOML/cxplCh0z9MkNlfPdVU+LI/2RSj3NJpxd/KuR1l73IpgVNcbumXefAY95ztB/w067ZHCFlO0r+Q42NacthsMDc4Ffd+grLpo7KSmDRc+L9YdRNDgLZMbfIimHYIRRMdvEMEICXe1tUvtKBSfU1goTSXXYK2fLOBfOFIXCQponfgZ04klRjgpzCtv8juCOOrHU6r/FpIRkDNbwjWm9i8yBacZGT30bwjK8UW6JSFvDDu747f0ztKyQew8hEivOyqGDwZyrhFImasulsS0/7DB07oUQtaXJ7J8ucGsarttt02D6K8yuCh5bqEVk5Fy4Xlw=="
|
||||
];
|
||||
};
|
||||
}
|
@ -1,13 +1,15 @@
|
||||
{ config, pkgs, lib, ... }:
|
||||
|
||||
{
|
||||
|
||||
home-manager.users.pbsds = import ./home;
|
||||
users.groups.pbsds.gid = 1001;
|
||||
users.users.pbsds = {
|
||||
isNormalUser = true;
|
||||
uid = 1001; # TODO: uid mapping be done at nfs-mount level? That way we can enforce
|
||||
description = "pbsds";
|
||||
extraGroups = [ "pbsds" "networkmanager" "wheel" "nixbld" ]; # TODO: NAS stuff
|
||||
initialHashedPassword = "$6$yNgxTHcP1UYkNwuZ$1sBehnKgPjVnDe0tSV8kyfynWpfjDzuohZX6SoTrMnYFa3/aiMOtI6JppYevl.M6qYhBIT0XBvL6TqSSFWn8B/";
|
||||
|
||||
# TODO: fetch from github?
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAClYXCu7CyStjJ0AqZadUWfuA0h/3kC5FUJk4nTsR0nLXSNp26ETKYY9dID1JQCNgPDDZU3EKCNCpK+nZ/Q09L+agH5XtP6MRIDs0+aXZXy0rcLjS2fgx4ZgIiDGfBlaMCIrM/mdRzVmrYbeMotmkdsLSQ/lFBvX1IuzvUSnyYmRPCXxA== pederbs@hildring"
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDnVaayewel9GWGUYpTdLqfBnYnaBM10Vfq9fxeb9odwjf6pWe78il/5BCgW5EOadR/PeRv/ZYYnIT1uKEJOZkhjY2E6P2/B/JgzwPTwsrrjQsDHd5VjZty097dmf6vj0LXeJHmP9yogjPjGaSxktqyZi2CTFskRfZBPeCsoRMG+Z5bCMOHpXolvGCVWBNRcT3ITVYAAFL7HNPhcN3f5JkQgu0N+ySlMclNNSbHXXv1OIcLMKto6ZDx4DHp7NmU9uSbv8ERAfmoLCgdz1zOg0eVw9Kxs+XpUy3YFDdmPrny/Vq2LCDHljUWtjJI1uBoPF/ngavV+AuX5FHU9OSKNu7H pbsds@knut.pbsds.net"
|
||||
@ -17,17 +19,5 @@
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDHV25/jfk0upLl6JOq1tu1n+VNkMr0OOu8nZa3NBZQfqrGiLQuTTFycBd5hhoWBaZewb0R8jm/GESE4gfeiLtObe0bKXo8SVty5hNrIq06BbICXByJR99ux17psaNyp/dvZO7gkjKm3m30q7TfbZANlIwhv0XmqCz8S31ocJddFznWyK3nFau/Lvzpupi0Y+7yHkmcKiWYzZsjluQF90M5X5nIf2x4jj7WY0IkR2l41MOLk4NCQNIor6EyAXnHs78JBS3kY5p2x7t/cBpMDBmbgZePdfjGv/L4vFgYiG1wTZT77PWPA93GHueZWDGUkIvKbNriP/U+bShKnGjIfZttjerhzsFE1V/RctCFToqHkW39439nCj6eFpgUiLHkx/mAUPz/whKP+9x5I3/DQkgYZ7qA424Msdz2wXWNi3465Mtrf5XPsjWNReEWt9I29W19K5OLO9QQVrkgdioSCvxoHLvQypPscPkLVF8srzCVA6npUOrOuJ5zZcK1ax2/0v8= pbsds@frotbjoff"
|
||||
#"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC8S44NzMNlCGpQ0aMqpv4YCbp4esYKLejsFRtCCA3oSgz+zq0Rbem1S1/vQehC44Ps1JPljiJgb8rj0VFUcuqnDtJP6kYRvvUDBaM7QO8Z4mZjOKYQo/MoidaPYEHakPB4fk4fdDU1u090VvTgPJvNe0UmPoTHbedk4u+OMuvMr8T56OPmwZPrCyRLtc4O+cYoig/cB+Y7DlwNI9wBx3xhShb5tuML+ZR1XyBYgprwoZML5l2pzEeK7dXdmkc4QT4TM13EcNOopsNZymH/xOCsY/yVqVJJC2Smp6mkIk+Or0zdlzxXFp4u3MS4bg5pzFVFfsqJAQGB7laMxtakMbn0if54MOA34hEAdmzdBCc+g9suuqFhA9WPqMsVlxx9khTue0MNoUVflUkm4B51aPbnPe+aycxdqMgfONroOjtBAQYfGnlRUP1qR3AD9Y2ND/NhGA9f8gTKPBRam+lRDWEGQO9HmWQdpeZbfWEyJa82HZcTCIhQyQukfa5PIzwtops= pbsds@pbsds-optiplex7060"
|
||||
];
|
||||
|
||||
#EDITOR = "micro";
|
||||
|
||||
#packages = with pkgs; [
|
||||
#
|
||||
#];
|
||||
};
|
||||
users.groups.pbsds = {};
|
||||
|
||||
|
||||
|
||||
home-manager.users.pbsds = import ./home;
|
||||
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user