From 9b599adc07bccc1e843772bf75552bd4d3c3caf3 Mon Sep 17 00:00:00 2001 From: Peder Bergebakken Sundt Date: Sat, 25 Feb 2023 01:29:13 +0100 Subject: [PATCH] lots of small fixes --- .editorconfig | 11 +- cachix/cuda-maintainers.nix | 2 +- configuration.nix | 121 ++++++------------ overlays/default.nix | 46 ------- overlays/rallly/default.nix | 0 profiles/domeneshop-dyndns/default.nix | 40 ++++++ profiles/todos.md | 4 - profiles/web/invidious/default.nix | 8 ++ profiles/web/jellyfin/default.nix | 8 ++ profiles/web/todos.md | 36 +++--- profiles/web/trivial-gradios/default.nix | 18 +++ .../web/trivial-gradios/pkg}/default.nix | 0 users/all.nix | 9 ++ users/default.nix | 31 +---- users/jornane/default.nix | 14 ++ users/pbsds/default.nix | 18 +-- 16 files changed, 166 insertions(+), 200 deletions(-) delete mode 100644 overlays/default.nix delete mode 100644 overlays/rallly/default.nix create mode 100644 profiles/domeneshop-dyndns/default.nix rename {overlays/trivial-gradios => profiles/web/trivial-gradios/pkg}/default.nix (100%) create mode 100644 users/all.nix create mode 100644 users/jornane/default.nix diff --git a/.editorconfig b/.editorconfig index ef7458a..8da9aa2 100644 --- a/.editorconfig +++ b/.editorconfig @@ -1,9 +1,14 @@ +# https://EditorConfig.org root = true [*] end_of_line = lf insert_final_newline = true - -[*.nix] -indent_size = 2 indent_style = space +indent_size = 2 + +[Makefile] +indent_style = tab + +[*.py] +indent_size = 4 diff --git a/cachix/cuda-maintainers.nix b/cachix/cuda-maintainers.nix index b1d70d6..8abc66b 100644 --- a/cachix/cuda-maintainers.nix +++ b/cachix/cuda-maintainers.nix @@ -1,4 +1,4 @@ - +# via https://nixos.wiki/wiki/CUDA { nix = { settings = { diff --git a/configuration.nix b/configuration.nix index 1c39e3d..72e7599 100644 --- a/configuration.nix +++ b/configuration.nix @@ -25,8 +25,11 @@ nix.gc.options = "--delete-older-than 30d"; imports = [ - ./hardware-configuration.nix # results of hardware scan ./cachix.nix + (if builtins.pathExists ./hardware-configuration.nix + then ./hardware-configuration.nix # results of hardware scan + else {} + ) ./profiles/web ./profiles/web/index @@ -67,10 +70,11 @@ ./profiles/web/linktree-pbsds ./profiles/web/refleksjon-no ./profiles/web/roroslyd-no - ./profiles/web/trivial-gradios - ./profiles/web/censordodge - ./profiles/web/openspeedtest + #./profiles/web/trivial-gradios + #./profiles/web/censordodge + #./profiles/web/openspeedtest + ./profiles/domeneshop-dyndns # TODO: olavtr is hardcoded... ./profiles/code-remote ./profiles/remote-builders # ./profiles/nfs/reidun.nix # NFS mounts @@ -78,23 +82,19 @@ #./profiles/xrdp ./users - #./users/pbsds # todo: <- make this possible - - # How to override package used by module - # https://github.com/NixOS/nixpkgs/issues/55366 - # TODO: move to where relevant - - + #./users/pbsds + ./users/all.nix ]; - disabledModules = [ - "services/misc/jellyfin.nix" - "services/web-apps/invidious.nix" - ]; - services.jellyfin.package = pkgs.unstable.jellyfin; - services.invidious.package = pkgs.unstable.invidious; # TODO: remove? Move to where relevant - nixpkgs.overlays = [ (import ./overlays) ]; + nixpkgs.overlays = [ + /** / + (final: prev: { + mapcrafter = prev.callPackage /home/pbsds/repos/nixpkgs-mapcrafter/pkgs/tools/games/minecraft/mapcrafter/default.nix { }; + mapcrafter-world112 = prev.callPackage /home/pbsds/repos/nixpkgs-mapcrafter/pkgs/tools/games/minecraft/mapcrafter/default.nix { world="world112"; }; + }) + /**/ + ]; # Allow unstable packages. nixpkgs.config.packageOverrides = pkgs: { @@ -131,13 +131,10 @@ # Virtualization - #services.docker.enable = true; - virtualisation = { - podman.enable = true; - # TODO: are these default since 22.11? - podman.dockerCompat = true; # alias docker to podman - oci-containers.backend = "podman"; - }; + virtualisation.podman.enable = true; + # TODO: are these default since 22.11? + virtualisation.podman.dockerCompat = true; # alias docker to podman + virtualisation.oci-containers.backend = "podman"; # Networking @@ -174,26 +171,22 @@ #networking.firewall.allowedUDPPorts = [ ... ]; - # Time zone and internationalisation properties. time.timeZone = "Europe/Oslo"; i18n.defaultLocale = "en_US.utf8"; - i18n.extraLocaleSettings = { - LC_ADDRESS = "nb_NO.utf8"; - LC_IDENTIFICATION = "nb_NO.utf8"; - LC_MEASUREMENT = "nb_NO.utf8"; - LC_MONETARY = "nb_NO.utf8"; - LC_NAME = "nb_NO.utf8"; - LC_NUMERIC = "nb_NO.utf8"; - LC_PAPER = "nb_NO.utf8"; - LC_TELEPHONE = "nb_NO.utf8"; - LC_TIME = "nb_NO.utf8"; - }; - services.xserver.layout = "no"; + i18n.extraLocaleSettings.LC_ADDRESS = "nb_NO.utf8"; + i18n.extraLocaleSettings.LC_IDENTIFICATION = "nb_NO.utf8"; + i18n.extraLocaleSettings.LC_MEASUREMENT = "nb_NO.utf8"; + i18n.extraLocaleSettings.LC_MONETARY = "nb_NO.utf8"; + i18n.extraLocaleSettings.LC_NAME = "nb_NO.utf8"; + i18n.extraLocaleSettings.LC_NUMERIC = "nb_NO.utf8"; + i18n.extraLocaleSettings.LC_PAPER = "nb_NO.utf8"; + i18n.extraLocaleSettings.LC_TELEPHONE = "nb_NO.utf8"; + i18n.extraLocaleSettings.LC_TIME = "nb_NO.utf8"; + console.keyMap = "no"; + services.xserver.layout = "no"; services.xserver.xkbVariant = ""; - console.keyMap = "no"; - # Installed system packages @@ -264,7 +257,7 @@ glances zenith fzf - tealdeer #tldr + tealdeer # tldr entr axel aria bat @@ -278,7 +271,7 @@ htmlq sysz du-dust # du alternative - ncdu # Disk usage analyzer with an ncurses interface + ncdu # Disk usage analyzer with an ncurses interface gh hub @@ -294,7 +287,8 @@ ]; - # TODO: make this root only? + # TODO: somehow make this root only? + # TODO: zsh programs.bash.shellInit = '' if command -v fzf-share >/dev/null; then source "$(fzf-share)/key-bindings.bash" @@ -304,7 +298,7 @@ # TODO: make this root only? programs.bash.shellAliases."ed" = "micro"; # TODO: ${EDITOR:-micro} - environment.variables."EDITOR" = "micro"; + environment.variables."EDITOR" = "micro"; # TODO: remove? Move? programs.dconf.enable = true; @@ -335,43 +329,6 @@ services.openssh.forwardX11 = true; - # auto domain update - systemd.services.domeneshop-updater = { - description = "domene.shop domain updater"; - #after = [ "something?.service" ]; - #wants = [ "something?.service" ]; - serviceConfig = let - prog = pkgs.writeShellApplication { - name = "domeneshop-dyndns-updater.sh"; - runtimeInputs = with pkgs; [ curl yq ]; - text = '' - test -s /var/lib/secrets/domeneshop.toml || { - >&2 echo "ERROR: /var/lib/secrets/domeneshop.toml not found!" - exit 1 - } - DOMENESHOP_TOKEN="$(tomlq .secrets.DOMENESHOP_TOKEN /var/lib/secrets/domeneshop.toml --raw-output)" - DOMENESHOP_SECRET="$(tomlq .secrets.DOMENESHOP_SECRET /var/lib/secrets/domeneshop.toml --raw-output)" - curl https://"$DOMENESHOP_TOKEN":"$DOMENESHOP_SECRET"@api.domeneshop.no/v0/dyndns/update?hostname=olavtr.pbsds.net - ''; - }; - in { - User = "domeneshop"; - Group = "domeneshop"; - DynamicUser = true; - ExecStart = "${prog}/bin/domeneshop-dyndns-updater.sh"; - PrivateTmp = true; - }; - }; - systemd.timers.domeneshop-updater = let interval = "5h"; in { - description = "Update domene.shop every ${interval}"; - wantedBy = [ "timers.target" ]; - timerConfig = { - OnBootSec = "5m"; - OnUnitInactiveSec = interval; - Unit = "domeneshop-updater.service"; - }; - }; - # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions @@ -380,6 +337,4 @@ # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "22.11"; # Did you read the comment? - #system.stateVersion = "22.05"; # Did you read the comment? - } diff --git a/overlays/default.nix b/overlays/default.nix deleted file mode 100644 index d425f1f..0000000 --- a/overlays/default.nix +++ /dev/null @@ -1,46 +0,0 @@ -# https://nixos.wiki/wiki/Overlays -let - - # WARNING: this works for nixos-rebuild, but not for the nix-build trick shown on the bottom - #testing = import (fetchTarball { - # name = "pr-180823"; - # url = "https://github.com/r-ryantm/nixpkgs/archive/cfe56470cb641985d43adba690d5bca5453110fe.tar.gz"; - # sha256 = "0rbncjp2a99l6i4z7w2m86l40m33b3dl9qficfny47kqcfpgyx0b"; - #}) { - # #config = prev.config; - #}; - - overridePythonPackages = old: { - overrides = final: prev: { - - #pdoc = final.callPackage /home/pbsds/repos/nixpkgs-pdoc/pkgs/development/python-modules/pdoc { }; - - #domeneshop = final.callPackage /home/pbsds/repos/nixpkgs-domemeshop/pkgs/development/python-modules/domeneshop { }; - - #shap = final.callPackage /home/pbsds/repos/nixpkgs-catboost/pkgs/development/python-modules/shap { }; - #catboost = final.callPackage /home/pbsds/repos/nixpkgs-catboost/pkgs/development/python-modules/catboost { }; - analytics-python = final.callPackage /home/pbsds/repos/nixpkgs-gradio/pkgs/development/python-modules/analytics-python { }; - ffmpy = final.callPackage /home/pbsds/repos/nixpkgs-gradio/pkgs/development/python-modules/ffmpy { }; - markdown-it-py = final.callPackage /home/pbsds/repos/nixpkgs-gradio/pkgs/development/python-modules/markdown-it-py { }; - gradio = final.callPackage /home/pbsds/repos/nixpkgs-gradio/pkgs/development/python-modules/gradio { }; - - trivial-gradios = final.callPackage ./trivial-gradios { }; - - }; - }; -in final: prev: { - - #rallly = prev.callPackage ./rallly { }; - - mapcrafter = prev.callPackage /home/pbsds/repos/nixpkgs-mapcrafter/pkgs/tools/games/minecraft/mapcrafter/default.nix { }; - mapcrafter-world112 = prev.callPackage /home/pbsds/repos/nixpkgs-mapcrafter/pkgs/tools/games/minecraft/mapcrafter/default.nix { world="world112"; }; - - #python3.pkgs = prev.python3.pkgs.override overridePythonPackages; - python3Packages = prev.python3Packages.override overridePythonPackages; - -} - -# How to test: -# nix-build -E 'with import { overlays = [ (import ./. ) ]; }; MY_PACKAGE' - -# warning: using testing or unstable here (^) will infinitely recurse. diff --git a/overlays/rallly/default.nix b/overlays/rallly/default.nix deleted file mode 100644 index e69de29..0000000 diff --git a/profiles/domeneshop-dyndns/default.nix b/profiles/domeneshop-dyndns/default.nix new file mode 100644 index 0000000..08d0be1 --- /dev/null +++ b/profiles/domeneshop-dyndns/default.nix @@ -0,0 +1,40 @@ +{ config, pkgs, lib, ... }: +{ + # auto domain update + + systemd.services.domeneshop-updater = { + description = "domene.shop domain updater"; + #after = [ "something?.service" ]; + #wants = [ "something?.service" ]; + serviceConfig = let + prog = pkgs.writeShellApplication { + name = "domeneshop-dyndns-updater.sh"; + runtimeInputs = with pkgs; [ curl yq ]; + text = '' + test -s /var/lib/secrets/domeneshop.toml || { + >&2 echo "ERROR: /var/lib/secrets/domeneshop.toml not found!" + exit 1 + } + DOMENESHOP_TOKEN="$( tomlq + ({ services.invidious.package = pkgs.unstable.invidious; }) + ]; + /**/ + services.invidious = { enable = true; domain = mkDomain "invidious"; diff --git a/profiles/web/jellyfin/default.nix b/profiles/web/jellyfin/default.nix index eba4ed3..8d31b08 100644 --- a/profiles/web/jellyfin/default.nix +++ b/profiles/web/jellyfin/default.nix @@ -2,6 +2,14 @@ { # Jellyfin + /**/ + imports = [ + ({ disabledModules = [ "services/misc/jellyfin.nix" ]; }) + + ({ services.jellyfin.package = pkgs.unstable.jellyfin; }) + ]; + /**/ + services.jellyfin = { enable = true; # don't enable unless you intend to first-time-setup the admin user # from https://jellyfin.org/docs/general/networking/index.html: diff --git a/profiles/web/todos.md b/profiles/web/todos.md index ac004d8..a840b88 100644 --- a/profiles/web/todos.md +++ b/profiles/web/todos.md @@ -1,26 +1,20 @@ * [ ] cryptpad -* [ ] upterm / tmate * [ ] shlink ? * [ ] mailcatcher * configure stuff to send its shit here -# TODO: kukkee or rallly -# https://noted.lol/2-self-hosted-alternatives-to-doodle-meeting-scheduling/ -#https://rallly.co/ +* [ ] https://noted.lol/2-self-hosted-alternatives-to-doodle-meeting-scheduling/ + * [ ] kukkee + * [ ] rallly - https://rallly.co/ +* [ ] Rocketchat - A self-hosted discord/slack alternative +* [ ] upterm / tmate - Secure terminal-session sharing - -# upterm -# Secure terminal-session sharing - -services.uptermd = { - enable = false; - openFirewall = true; - #listenAddress # default is "[::]"; - #port = 2222; # default is 2222, uses ssh - #extraFlags - #hostKey = null; -}; - - -# Rocketchat -# A self-hosted discord/slack alternative -# TODO, docker exists, but no nixos module + ``` + services.uptermd = { + enable = false; + openFirewall = true; + #listenAddress # default is "[::]"; + #port = 2222; # default is 2222, uses ssh + #extraFlags + #hostKey = null; + }; + ``` diff --git a/profiles/web/trivial-gradios/default.nix b/profiles/web/trivial-gradios/default.nix index 9fa2a95..160d013 100644 --- a/profiles/web/trivial-gradios/default.nix +++ b/profiles/web/trivial-gradios/default.nix @@ -2,6 +2,24 @@ { # trivial gradios + /** / + nixpkgs.overlays = [ + (final: prev: { + python3Packages = prev.python3Packages.override (old: { + overrides = final: prev: { + #shap = final.callPackage /home/pbsds/repos/nixpkgs-catboost/pkgs/development/python-modules/shap { }; + #catboost = final.callPackage /home/pbsds/repos/nixpkgs-catboost/pkgs/development/python-modules/catboost { }; + analytics-python = final.callPackage /home/pbsds/repos/nixpkgs-gradio/pkgs/development/python-modules/analytics-python { }; + ffmpy = final.callPackage /home/pbsds/repos/nixpkgs-gradio/pkgs/development/python-modules/ffmpy { }; + markdown-it-py = final.callPackage /home/pbsds/repos/nixpkgs-gradio/pkgs/development/python-modules/markdown-it-py { }; + gradio = final.callPackage /home/pbsds/repos/nixpkgs-gradio/pkgs/development/python-modules/gradio { }; + trivial-gradios = final.callPackage ./pkg { }; + }; + }); + }) + ]; + /**/ + /** / systemd.services.trivial-gradios-heritage-graph = { description = pkgs.python3Packages.trivial-gradios.meta.description; diff --git a/overlays/trivial-gradios/default.nix b/profiles/web/trivial-gradios/pkg/default.nix similarity index 100% rename from overlays/trivial-gradios/default.nix rename to profiles/web/trivial-gradios/pkg/default.nix diff --git a/users/all.nix b/users/all.nix new file mode 100644 index 0000000..dee7447 --- /dev/null +++ b/users/all.nix @@ -0,0 +1,9 @@ +{ config, pkgs, lib, ... }: +let + to-import = name: value: ./. + ("/" + name); + filter-users = key: val: val == "directory" && lib.pathExists "${./.}${key}/default.nix"; + imports = lib.mapAttrsToList to-import (lib.filterAttrs filter-users (builtins.readDir ./.)); +in +{ + inherit imports; +} diff --git a/users/default.nix b/users/default.nix index 4046d92..d1b87df 100644 --- a/users/default.nix +++ b/users/default.nix @@ -1,31 +1,6 @@ { config, pkgs, lib, ... }: - { - # User accounts - # Don't forget to set a password with ‘passwd’! - - imports = [ - - ./pbsds - ]; - - home-manager.useGlobalPkgs = true; - - # TODO: nas stuff - # TODO: can uid mapping be done at nfs level? - users.users.pbsds.uid = 1001; - users.groups.pbsds.gid = 1001; - - users.users.jornane = { - isNormalUser = true; - uid = 1002; - description = "jornane"; - extraGroups = [ "networkmanager" "wheel" ]; # TODO: NAS stuff - - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDhGRFktIRrppVVILraEn5eTrANBIBMcpNT4qvNcd7Ut" - "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAA/UAomSQjOHb4Im0TV70f7Jb/JpsQDd7YKHCXBmjmsrXi2dJVpw/tn+FzP4d2XJXm38hVN89yG+PQwZhf3PSHBaB4DXqFnVLFNWXTRyPPnc1U9uTEvLnZPpVJ/iv2zuS73QHrDcBdIubtdnsr239dJizUJJKwSMHszhOAN4AMYS9WivozdmyS+3o4p8mSp+tOWhq0hmVewnH0teTaHASpvE0V65xW9RGc5AWx0PgkGTXScOOf4/N8oXILn6mepODstlRKCZnBsC/LaXgJsk2+BX/Q/t4V0ytHh9iYblSavNjZZXRvygvkmV/eYAJAJ+igHubs2fEDsXfRj9J0O6JWjAmsELObCYGRbg9QkvaRq5EQgDoSW64iQUmbfB8NmYyXxg4fh0xBUrX87YkYvtHznWzD8hZkqRfj4K9Ixfk1Bsaxb5ubU3/mjGLOpZZ47zEqoen43rUxLq+eeMEQGDbq3mAcA6uX73MvBTzERrfh93rojwlUHEUDoUYyq7aN6Y9vF8/gy3KT2+pvAoUy4NDImSmJTwVcFJ+qUsAaGMECKiznte3Qn8TiD5G9nqeqCoA9edegM2N0z+ovsiXRxVqQDPh3cz/VPSsTKa8jNxhFpw4Q6KzDrtQOKXDkrhSKTxozVLYw2rYCkd2odOhjIJiN63UTNSm2z37ckKbOCqDy6LwW2ls4OzH/LOz2QDkMCwe7MYMrC66wanDhsRUZwlbSEs8aB25NB6OGg61hId3SLS8HzJ+4dmbHhciZm0oJlKRSMAqMLO6o9OVguJOl1td71rhnqAbp4UuaMqm5Zzut1ET+zkYB4t2voTuMhSrEJn1RS4hxR2rWt5jF9Nn67Mu70c0K2DE7FXqldGALC87GO7PHLTnNRg3o8FCkmVYlHNUEqHR56Incg5sC6KS9G1RL3KEHzjgzz8RjFXR5p1Qj+ZZjObVuENdWuqk7gQaxsyocCCB4pbBtF9AYDOIIGCn8rJSKUFvD8KIaTpWFsFoUXanSnAiSCT98GhfIBLbgAt4yJmegRKOML/cxplCh0z9MkNlfPdVU+LI/2RSj3NJpxd/KuR1l73IpgVNcbumXefAY95ztB/w067ZHCFlO0r+Q42NacthsMDc4Ffd+grLpo7KSmDRc+L9YdRNDgLZMbfIimHYIRRMdvEMEICXe1tUvtKBSfU1goTSXXYK2fLOBfOFIXCQponfgZ04klRjgpzCtv8juCOOrHU6r/FpIRkDNbwjWm9i8yBacZGT30bwjK8UW6JSFvDDu747f0ztKyQew8hEivOyqGDwZyrhFImasulsS0/7DB07oUQtaXJ7J8ucGsarttt02D6K8yuCh5bqEVk5Fy4Xlw==" - ]; - }; - + imports = [ ]; + home-manager.useGlobalPkgs = true; # brrr + # When adding a new user accounts: Don't forget to set a password with ‘passwd’! } diff --git a/users/jornane/default.nix b/users/jornane/default.nix new file mode 100644 index 0000000..fe8da52 --- /dev/null +++ b/users/jornane/default.nix @@ -0,0 +1,14 @@ +{ config, pkgs, lib, ... }: +{ + users.users.jornane = { + isNormalUser = true; + uid = 1002; + description = "jornane"; + extraGroups = [ "networkmanager" "wheel" ]; # TODO: NAS stuff + + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDhGRFktIRrppVVILraEn5eTrANBIBMcpNT4qvNcd7Ut" + "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAA/UAomSQjOHb4Im0TV70f7Jb/JpsQDd7YKHCXBmjmsrXi2dJVpw/tn+FzP4d2XJXm38hVN89yG+PQwZhf3PSHBaB4DXqFnVLFNWXTRyPPnc1U9uTEvLnZPpVJ/iv2zuS73QHrDcBdIubtdnsr239dJizUJJKwSMHszhOAN4AMYS9WivozdmyS+3o4p8mSp+tOWhq0hmVewnH0teTaHASpvE0V65xW9RGc5AWx0PgkGTXScOOf4/N8oXILn6mepODstlRKCZnBsC/LaXgJsk2+BX/Q/t4V0ytHh9iYblSavNjZZXRvygvkmV/eYAJAJ+igHubs2fEDsXfRj9J0O6JWjAmsELObCYGRbg9QkvaRq5EQgDoSW64iQUmbfB8NmYyXxg4fh0xBUrX87YkYvtHznWzD8hZkqRfj4K9Ixfk1Bsaxb5ubU3/mjGLOpZZ47zEqoen43rUxLq+eeMEQGDbq3mAcA6uX73MvBTzERrfh93rojwlUHEUDoUYyq7aN6Y9vF8/gy3KT2+pvAoUy4NDImSmJTwVcFJ+qUsAaGMECKiznte3Qn8TiD5G9nqeqCoA9edegM2N0z+ovsiXRxVqQDPh3cz/VPSsTKa8jNxhFpw4Q6KzDrtQOKXDkrhSKTxozVLYw2rYCkd2odOhjIJiN63UTNSm2z37ckKbOCqDy6LwW2ls4OzH/LOz2QDkMCwe7MYMrC66wanDhsRUZwlbSEs8aB25NB6OGg61hId3SLS8HzJ+4dmbHhciZm0oJlKRSMAqMLO6o9OVguJOl1td71rhnqAbp4UuaMqm5Zzut1ET+zkYB4t2voTuMhSrEJn1RS4hxR2rWt5jF9Nn67Mu70c0K2DE7FXqldGALC87GO7PHLTnNRg3o8FCkmVYlHNUEqHR56Incg5sC6KS9G1RL3KEHzjgzz8RjFXR5p1Qj+ZZjObVuENdWuqk7gQaxsyocCCB4pbBtF9AYDOIIGCn8rJSKUFvD8KIaTpWFsFoUXanSnAiSCT98GhfIBLbgAt4yJmegRKOML/cxplCh0z9MkNlfPdVU+LI/2RSj3NJpxd/KuR1l73IpgVNcbumXefAY95ztB/w067ZHCFlO0r+Q42NacthsMDc4Ffd+grLpo7KSmDRc+L9YdRNDgLZMbfIimHYIRRMdvEMEICXe1tUvtKBSfU1goTSXXYK2fLOBfOFIXCQponfgZ04klRjgpzCtv8juCOOrHU6r/FpIRkDNbwjWm9i8yBacZGT30bwjK8UW6JSFvDDu747f0ztKyQew8hEivOyqGDwZyrhFImasulsS0/7DB07oUQtaXJ7J8ucGsarttt02D6K8yuCh5bqEVk5Fy4Xlw==" + ]; + }; +} diff --git a/users/pbsds/default.nix b/users/pbsds/default.nix index 38830ef..18781a8 100644 --- a/users/pbsds/default.nix +++ b/users/pbsds/default.nix @@ -1,13 +1,15 @@ { config, pkgs, lib, ... }: - { - + home-manager.users.pbsds = import ./home; + users.groups.pbsds.gid = 1001; users.users.pbsds = { isNormalUser = true; + uid = 1001; # TODO: uid mapping be done at nfs-mount level? That way we can enforce description = "pbsds"; extraGroups = [ "pbsds" "networkmanager" "wheel" "nixbld" ]; # TODO: NAS stuff initialHashedPassword = "$6$yNgxTHcP1UYkNwuZ$1sBehnKgPjVnDe0tSV8kyfynWpfjDzuohZX6SoTrMnYFa3/aiMOtI6JppYevl.M6qYhBIT0XBvL6TqSSFWn8B/"; + # TODO: fetch from github? openssh.authorizedKeys.keys = [ "ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAClYXCu7CyStjJ0AqZadUWfuA0h/3kC5FUJk4nTsR0nLXSNp26ETKYY9dID1JQCNgPDDZU3EKCNCpK+nZ/Q09L+agH5XtP6MRIDs0+aXZXy0rcLjS2fgx4ZgIiDGfBlaMCIrM/mdRzVmrYbeMotmkdsLSQ/lFBvX1IuzvUSnyYmRPCXxA== pederbs@hildring" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDnVaayewel9GWGUYpTdLqfBnYnaBM10Vfq9fxeb9odwjf6pWe78il/5BCgW5EOadR/PeRv/ZYYnIT1uKEJOZkhjY2E6P2/B/JgzwPTwsrrjQsDHd5VjZty097dmf6vj0LXeJHmP9yogjPjGaSxktqyZi2CTFskRfZBPeCsoRMG+Z5bCMOHpXolvGCVWBNRcT3ITVYAAFL7HNPhcN3f5JkQgu0N+ySlMclNNSbHXXv1OIcLMKto6ZDx4DHp7NmU9uSbv8ERAfmoLCgdz1zOg0eVw9Kxs+XpUy3YFDdmPrny/Vq2LCDHljUWtjJI1uBoPF/ngavV+AuX5FHU9OSKNu7H pbsds@knut.pbsds.net" @@ -17,17 +19,5 @@ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDHV25/jfk0upLl6JOq1tu1n+VNkMr0OOu8nZa3NBZQfqrGiLQuTTFycBd5hhoWBaZewb0R8jm/GESE4gfeiLtObe0bKXo8SVty5hNrIq06BbICXByJR99ux17psaNyp/dvZO7gkjKm3m30q7TfbZANlIwhv0XmqCz8S31ocJddFznWyK3nFau/Lvzpupi0Y+7yHkmcKiWYzZsjluQF90M5X5nIf2x4jj7WY0IkR2l41MOLk4NCQNIor6EyAXnHs78JBS3kY5p2x7t/cBpMDBmbgZePdfjGv/L4vFgYiG1wTZT77PWPA93GHueZWDGUkIvKbNriP/U+bShKnGjIfZttjerhzsFE1V/RctCFToqHkW39439nCj6eFpgUiLHkx/mAUPz/whKP+9x5I3/DQkgYZ7qA424Msdz2wXWNi3465Mtrf5XPsjWNReEWt9I29W19K5OLO9QQVrkgdioSCvxoHLvQypPscPkLVF8srzCVA6npUOrOuJ5zZcK1ax2/0v8= pbsds@frotbjoff" #"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC8S44NzMNlCGpQ0aMqpv4YCbp4esYKLejsFRtCCA3oSgz+zq0Rbem1S1/vQehC44Ps1JPljiJgb8rj0VFUcuqnDtJP6kYRvvUDBaM7QO8Z4mZjOKYQo/MoidaPYEHakPB4fk4fdDU1u090VvTgPJvNe0UmPoTHbedk4u+OMuvMr8T56OPmwZPrCyRLtc4O+cYoig/cB+Y7DlwNI9wBx3xhShb5tuML+ZR1XyBYgprwoZML5l2pzEeK7dXdmkc4QT4TM13EcNOopsNZymH/xOCsY/yVqVJJC2Smp6mkIk+Or0zdlzxXFp4u3MS4bg5pzFVFfsqJAQGB7laMxtakMbn0if54MOA34hEAdmzdBCc+g9suuqFhA9WPqMsVlxx9khTue0MNoUVflUkm4B51aPbnPe+aycxdqMgfONroOjtBAQYfGnlRUP1qR3AD9Y2ND/NhGA9f8gTKPBRam+lRDWEGQO9HmWQdpeZbfWEyJa82HZcTCIhQyQukfa5PIzwtops= pbsds@pbsds-optiplex7060" ]; - - #EDITOR = "micro"; - - #packages = with pkgs; [ - # - #]; }; - users.groups.pbsds = {}; - - - - home-manager.users.pbsds = import ./home; - }