lots of small fixes

This commit is contained in:
Peder Bergebakken Sundt 2023-02-25 01:29:13 +01:00
parent db4b4d4b45
commit 9b599adc07
16 changed files with 166 additions and 200 deletions

View File

@ -1,9 +1,14 @@
# https://EditorConfig.org
root = true root = true
[*] [*]
end_of_line = lf end_of_line = lf
insert_final_newline = true insert_final_newline = true
[*.nix]
indent_size = 2
indent_style = space indent_style = space
indent_size = 2
[Makefile]
indent_style = tab
[*.py]
indent_size = 4

View File

@ -1,4 +1,4 @@
# via https://nixos.wiki/wiki/CUDA
{ {
nix = { nix = {
settings = { settings = {

View File

@ -25,8 +25,11 @@
nix.gc.options = "--delete-older-than 30d"; nix.gc.options = "--delete-older-than 30d";
imports = [ imports = [
./hardware-configuration.nix # results of hardware scan
./cachix.nix ./cachix.nix
(if builtins.pathExists ./hardware-configuration.nix
then ./hardware-configuration.nix # results of hardware scan
else {}
)
./profiles/web ./profiles/web
./profiles/web/index ./profiles/web/index
@ -67,10 +70,11 @@
./profiles/web/linktree-pbsds ./profiles/web/linktree-pbsds
./profiles/web/refleksjon-no ./profiles/web/refleksjon-no
./profiles/web/roroslyd-no ./profiles/web/roroslyd-no
./profiles/web/trivial-gradios #./profiles/web/trivial-gradios
./profiles/web/censordodge #./profiles/web/censordodge
./profiles/web/openspeedtest #./profiles/web/openspeedtest
./profiles/domeneshop-dyndns # TODO: olavtr is hardcoded...
./profiles/code-remote ./profiles/code-remote
./profiles/remote-builders # ./profiles/remote-builders #
./profiles/nfs/reidun.nix # NFS mounts ./profiles/nfs/reidun.nix # NFS mounts
@ -78,23 +82,19 @@
#./profiles/xrdp #./profiles/xrdp
./users ./users
#./users/pbsds # todo: <- make this possible #./users/pbsds
./users/all.nix
# How to override package used by module
# https://github.com/NixOS/nixpkgs/issues/55366
# TODO: move to where relevant
<nixos-unstable/nixos/modules/services/misc/jellyfin.nix>
<nixos-unstable/nixos/modules/services/web-apps/invidious.nix>
]; ];
disabledModules = [
"services/misc/jellyfin.nix"
"services/web-apps/invidious.nix"
];
services.jellyfin.package = pkgs.unstable.jellyfin;
services.invidious.package = pkgs.unstable.invidious;
# TODO: remove? Move to where relevant # TODO: remove? Move to where relevant
nixpkgs.overlays = [ (import ./overlays) ]; nixpkgs.overlays = [
/** /
(final: prev: {
mapcrafter = prev.callPackage /home/pbsds/repos/nixpkgs-mapcrafter/pkgs/tools/games/minecraft/mapcrafter/default.nix { };
mapcrafter-world112 = prev.callPackage /home/pbsds/repos/nixpkgs-mapcrafter/pkgs/tools/games/minecraft/mapcrafter/default.nix { world="world112"; };
})
/**/
];
# Allow unstable packages. # Allow unstable packages.
nixpkgs.config.packageOverrides = pkgs: { nixpkgs.config.packageOverrides = pkgs: {
@ -131,13 +131,10 @@
# Virtualization # Virtualization
#services.docker.enable = true; virtualisation.podman.enable = true;
virtualisation = {
podman.enable = true;
# TODO: are these default since 22.11? # TODO: are these default since 22.11?
podman.dockerCompat = true; # alias docker to podman virtualisation.podman.dockerCompat = true; # alias docker to podman
oci-containers.backend = "podman"; virtualisation.oci-containers.backend = "podman";
};
# Networking # Networking
@ -174,26 +171,22 @@
#networking.firewall.allowedUDPPorts = [ ... ]; #networking.firewall.allowedUDPPorts = [ ... ];
# Time zone and internationalisation properties. # Time zone and internationalisation properties.
time.timeZone = "Europe/Oslo"; time.timeZone = "Europe/Oslo";
i18n.defaultLocale = "en_US.utf8"; i18n.defaultLocale = "en_US.utf8";
i18n.extraLocaleSettings = { i18n.extraLocaleSettings.LC_ADDRESS = "nb_NO.utf8";
LC_ADDRESS = "nb_NO.utf8"; i18n.extraLocaleSettings.LC_IDENTIFICATION = "nb_NO.utf8";
LC_IDENTIFICATION = "nb_NO.utf8"; i18n.extraLocaleSettings.LC_MEASUREMENT = "nb_NO.utf8";
LC_MEASUREMENT = "nb_NO.utf8"; i18n.extraLocaleSettings.LC_MONETARY = "nb_NO.utf8";
LC_MONETARY = "nb_NO.utf8"; i18n.extraLocaleSettings.LC_NAME = "nb_NO.utf8";
LC_NAME = "nb_NO.utf8"; i18n.extraLocaleSettings.LC_NUMERIC = "nb_NO.utf8";
LC_NUMERIC = "nb_NO.utf8"; i18n.extraLocaleSettings.LC_PAPER = "nb_NO.utf8";
LC_PAPER = "nb_NO.utf8"; i18n.extraLocaleSettings.LC_TELEPHONE = "nb_NO.utf8";
LC_TELEPHONE = "nb_NO.utf8"; i18n.extraLocaleSettings.LC_TIME = "nb_NO.utf8";
LC_TIME = "nb_NO.utf8"; console.keyMap = "no";
};
services.xserver.layout = "no"; services.xserver.layout = "no";
services.xserver.xkbVariant = ""; services.xserver.xkbVariant = "";
console.keyMap = "no";
# Installed system packages # Installed system packages
@ -294,7 +287,8 @@
]; ];
# TODO: make this root only? # TODO: somehow make this root only?
# TODO: zsh
programs.bash.shellInit = '' programs.bash.shellInit = ''
if command -v fzf-share >/dev/null; then if command -v fzf-share >/dev/null; then
source "$(fzf-share)/key-bindings.bash" source "$(fzf-share)/key-bindings.bash"
@ -335,43 +329,6 @@
services.openssh.forwardX11 = true; services.openssh.forwardX11 = true;
# auto domain update
systemd.services.domeneshop-updater = {
description = "domene.shop domain updater";
#after = [ "something?.service" ];
#wants = [ "something?.service" ];
serviceConfig = let
prog = pkgs.writeShellApplication {
name = "domeneshop-dyndns-updater.sh";
runtimeInputs = with pkgs; [ curl yq ];
text = ''
test -s /var/lib/secrets/domeneshop.toml || {
>&2 echo "ERROR: /var/lib/secrets/domeneshop.toml not found!"
exit 1
}
DOMENESHOP_TOKEN="$(tomlq .secrets.DOMENESHOP_TOKEN /var/lib/secrets/domeneshop.toml --raw-output)"
DOMENESHOP_SECRET="$(tomlq .secrets.DOMENESHOP_SECRET /var/lib/secrets/domeneshop.toml --raw-output)"
curl https://"$DOMENESHOP_TOKEN":"$DOMENESHOP_SECRET"@api.domeneshop.no/v0/dyndns/update?hostname=olavtr.pbsds.net
'';
};
in {
User = "domeneshop";
Group = "domeneshop";
DynamicUser = true;
ExecStart = "${prog}/bin/domeneshop-dyndns-updater.sh";
PrivateTmp = true;
};
};
systemd.timers.domeneshop-updater = let interval = "5h"; in {
description = "Update domene.shop every ${interval}";
wantedBy = [ "timers.target" ];
timerConfig = {
OnBootSec = "5m";
OnUnitInactiveSec = interval;
Unit = "domeneshop-updater.service";
};
};
# This value determines the NixOS release from which the default # This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions # settings for stateful data, like file locations and database versions
@ -380,6 +337,4 @@
# Before changing this value read the documentation for this option # Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "22.11"; # Did you read the comment? system.stateVersion = "22.11"; # Did you read the comment?
#system.stateVersion = "22.05"; # Did you read the comment?
} }

View File

@ -1,46 +0,0 @@
# https://nixos.wiki/wiki/Overlays
let
# WARNING: this works for nixos-rebuild, but not for the nix-build trick shown on the bottom
#testing = import (fetchTarball {
# name = "pr-180823";
# url = "https://github.com/r-ryantm/nixpkgs/archive/cfe56470cb641985d43adba690d5bca5453110fe.tar.gz";
# sha256 = "0rbncjp2a99l6i4z7w2m86l40m33b3dl9qficfny47kqcfpgyx0b";
#}) {
# #config = prev.config;
#};
overridePythonPackages = old: {
overrides = final: prev: {
#pdoc = final.callPackage /home/pbsds/repos/nixpkgs-pdoc/pkgs/development/python-modules/pdoc { };
#domeneshop = final.callPackage /home/pbsds/repos/nixpkgs-domemeshop/pkgs/development/python-modules/domeneshop { };
#shap = final.callPackage /home/pbsds/repos/nixpkgs-catboost/pkgs/development/python-modules/shap { };
#catboost = final.callPackage /home/pbsds/repos/nixpkgs-catboost/pkgs/development/python-modules/catboost { };
analytics-python = final.callPackage /home/pbsds/repos/nixpkgs-gradio/pkgs/development/python-modules/analytics-python { };
ffmpy = final.callPackage /home/pbsds/repos/nixpkgs-gradio/pkgs/development/python-modules/ffmpy { };
markdown-it-py = final.callPackage /home/pbsds/repos/nixpkgs-gradio/pkgs/development/python-modules/markdown-it-py { };
gradio = final.callPackage /home/pbsds/repos/nixpkgs-gradio/pkgs/development/python-modules/gradio { };
trivial-gradios = final.callPackage ./trivial-gradios { };
};
};
in final: prev: {
#rallly = prev.callPackage ./rallly { };
mapcrafter = prev.callPackage /home/pbsds/repos/nixpkgs-mapcrafter/pkgs/tools/games/minecraft/mapcrafter/default.nix { };
mapcrafter-world112 = prev.callPackage /home/pbsds/repos/nixpkgs-mapcrafter/pkgs/tools/games/minecraft/mapcrafter/default.nix { world="world112"; };
#python3.pkgs = prev.python3.pkgs.override overridePythonPackages;
python3Packages = prev.python3Packages.override overridePythonPackages;
}
# How to test:
# nix-build -E 'with import <nixpkgs> { overlays = [ (import ./. ) ]; }; MY_PACKAGE'
# warning: using testing or unstable here (^) will infinitely recurse.

View File

@ -0,0 +1,40 @@
{ config, pkgs, lib, ... }:
{
# auto domain update
systemd.services.domeneshop-updater = {
description = "domene.shop domain updater";
#after = [ "something?.service" ];
#wants = [ "something?.service" ];
serviceConfig = let
prog = pkgs.writeShellApplication {
name = "domeneshop-dyndns-updater.sh";
runtimeInputs = with pkgs; [ curl yq ];
text = ''
test -s /var/lib/secrets/domeneshop.toml || {
>&2 echo "ERROR: /var/lib/secrets/domeneshop.toml not found!"
exit 1
}
DOMENESHOP_TOKEN="$( tomlq </var/lib/secrets/domeneshop.toml .secrets.DOMENESHOP_TOKEN --raw-output)"
DOMENESHOP_SECRET="$(tomlq </var/lib/secrets/domeneshop.toml .secrets.DOMENESHOP_SECRET --raw-output)"
curl https://"$DOMENESHOP_TOKEN":"$DOMENESHOP_SECRET"@api.domeneshop.no/v0/dyndns/update?hostname=olavtr.pbsds.net
'';
};
in {
User = "domeneshop";
Group = "domeneshop";
DynamicUser = true;
ExecStart = "${prog}/bin/domeneshop-dyndns-updater.sh";
PrivateTmp = true;
};
};
systemd.timers.domeneshop-updater = let interval = "5h"; in {
description = "Update domene.shop every ${interval}";
wantedBy = [ "timers.target" ];
timerConfig = {
OnBootSec = "5m";
OnUnitInactiveSec = interval;
Unit = "domeneshop-updater.service";
};
};
}

View File

@ -1,5 +1 @@
* [ ] mv nas/default.nix nas.nix
* [ ] mv website/default.nix website.nix
* [ ] move each part into web-services, and import them as modules
* [ ] make mkDomain a function
* [ ] make ACME a function * [ ] make ACME a function

View File

@ -3,6 +3,14 @@
# Invidious # Invidious
# An open source alternative front-end to YouTube # An open source alternative front-end to YouTube
/**/
imports = [
({ disabledModules = [ "services/web-apps/invidious.nix" ]; })
<nixos-unstable/nixos/modules/services/web-apps/invidious.nix>
({ services.invidious.package = pkgs.unstable.invidious; })
];
/**/
services.invidious = { services.invidious = {
enable = true; enable = true;
domain = mkDomain "invidious"; domain = mkDomain "invidious";

View File

@ -2,6 +2,14 @@
{ {
# Jellyfin # Jellyfin
/**/
imports = [
({ disabledModules = [ "services/misc/jellyfin.nix" ]; })
<nixos-unstable/nixos/modules/services/misc/jellyfin.nix>
({ services.jellyfin.package = pkgs.unstable.jellyfin; })
];
/**/
services.jellyfin = { services.jellyfin = {
enable = true; # don't enable unless you intend to first-time-setup the admin user enable = true; # don't enable unless you intend to first-time-setup the admin user
# from https://jellyfin.org/docs/general/networking/index.html: # from https://jellyfin.org/docs/general/networking/index.html:

View File

@ -1,16 +1,14 @@
* [ ] cryptpad * [ ] cryptpad
* [ ] upterm / tmate
* [ ] shlink ? * [ ] shlink ?
* [ ] mailcatcher * [ ] mailcatcher
* configure stuff to send its shit here * configure stuff to send its shit here
# TODO: kukkee or rallly * [ ] https://noted.lol/2-self-hosted-alternatives-to-doodle-meeting-scheduling/
# https://noted.lol/2-self-hosted-alternatives-to-doodle-meeting-scheduling/ * [ ] kukkee
#https://rallly.co/ * [ ] rallly - https://rallly.co/
* [ ] Rocketchat - A self-hosted discord/slack alternative
* [ ] upterm / tmate - Secure terminal-session sharing
# upterm
# Secure terminal-session sharing
```
services.uptermd = { services.uptermd = {
enable = false; enable = false;
openFirewall = true; openFirewall = true;
@ -19,8 +17,4 @@ services.uptermd = {
#extraFlags #extraFlags
#hostKey = null; #hostKey = null;
}; };
```
# Rocketchat
# A self-hosted discord/slack alternative
# TODO, docker exists, but no nixos module

View File

@ -2,6 +2,24 @@
{ {
# trivial gradios # trivial gradios
/** /
nixpkgs.overlays = [
(final: prev: {
python3Packages = prev.python3Packages.override (old: {
overrides = final: prev: {
#shap = final.callPackage /home/pbsds/repos/nixpkgs-catboost/pkgs/development/python-modules/shap { };
#catboost = final.callPackage /home/pbsds/repos/nixpkgs-catboost/pkgs/development/python-modules/catboost { };
analytics-python = final.callPackage /home/pbsds/repos/nixpkgs-gradio/pkgs/development/python-modules/analytics-python { };
ffmpy = final.callPackage /home/pbsds/repos/nixpkgs-gradio/pkgs/development/python-modules/ffmpy { };
markdown-it-py = final.callPackage /home/pbsds/repos/nixpkgs-gradio/pkgs/development/python-modules/markdown-it-py { };
gradio = final.callPackage /home/pbsds/repos/nixpkgs-gradio/pkgs/development/python-modules/gradio { };
trivial-gradios = final.callPackage ./pkg { };
};
});
})
];
/**/
/** / /** /
systemd.services.trivial-gradios-heritage-graph = { systemd.services.trivial-gradios-heritage-graph = {
description = pkgs.python3Packages.trivial-gradios.meta.description; description = pkgs.python3Packages.trivial-gradios.meta.description;

9
users/all.nix Normal file
View File

@ -0,0 +1,9 @@
{ config, pkgs, lib, ... }:
let
to-import = name: value: ./. + ("/" + name);
filter-users = key: val: val == "directory" && lib.pathExists "${./.}${key}/default.nix";
imports = lib.mapAttrsToList to-import (lib.filterAttrs filter-users (builtins.readDir ./.));
in
{
inherit imports;
}

View File

@ -1,31 +1,6 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
{ {
# User accounts imports = [ <home-manager/nixos> ];
# Don't forget to set a password with passwd! home-manager.useGlobalPkgs = true; # brrr
# When adding a new user accounts: Don't forget to set a password with passwd!
imports = [
<home-manager/nixos>
./pbsds
];
home-manager.useGlobalPkgs = true;
# TODO: nas stuff
# TODO: can uid mapping be done at nfs level?
users.users.pbsds.uid = 1001;
users.groups.pbsds.gid = 1001;
users.users.jornane = {
isNormalUser = true;
uid = 1002;
description = "jornane";
extraGroups = [ "networkmanager" "wheel" ]; # TODO: NAS stuff
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDhGRFktIRrppVVILraEn5eTrANBIBMcpNT4qvNcd7Ut"
"ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAA/UAomSQjOHb4Im0TV70f7Jb/JpsQDd7YKHCXBmjmsrXi2dJVpw/tn+FzP4d2XJXm38hVN89yG+PQwZhf3PSHBaB4DXqFnVLFNWXTRyPPnc1U9uTEvLnZPpVJ/iv2zuS73QHrDcBdIubtdnsr239dJizUJJKwSMHszhOAN4AMYS9WivozdmyS+3o4p8mSp+tOWhq0hmVewnH0teTaHASpvE0V65xW9RGc5AWx0PgkGTXScOOf4/N8oXILn6mepODstlRKCZnBsC/LaXgJsk2+BX/Q/t4V0ytHh9iYblSavNjZZXRvygvkmV/eYAJAJ+igHubs2fEDsXfRj9J0O6JWjAmsELObCYGRbg9QkvaRq5EQgDoSW64iQUmbfB8NmYyXxg4fh0xBUrX87YkYvtHznWzD8hZkqRfj4K9Ixfk1Bsaxb5ubU3/mjGLOpZZ47zEqoen43rUxLq+eeMEQGDbq3mAcA6uX73MvBTzERrfh93rojwlUHEUDoUYyq7aN6Y9vF8/gy3KT2+pvAoUy4NDImSmJTwVcFJ+qUsAaGMECKiznte3Qn8TiD5G9nqeqCoA9edegM2N0z+ovsiXRxVqQDPh3cz/VPSsTKa8jNxhFpw4Q6KzDrtQOKXDkrhSKTxozVLYw2rYCkd2odOhjIJiN63UTNSm2z37ckKbOCqDy6LwW2ls4OzH/LOz2QDkMCwe7MYMrC66wanDhsRUZwlbSEs8aB25NB6OGg61hId3SLS8HzJ+4dmbHhciZm0oJlKRSMAqMLO6o9OVguJOl1td71rhnqAbp4UuaMqm5Zzut1ET+zkYB4t2voTuMhSrEJn1RS4hxR2rWt5jF9Nn67Mu70c0K2DE7FXqldGALC87GO7PHLTnNRg3o8FCkmVYlHNUEqHR56Incg5sC6KS9G1RL3KEHzjgzz8RjFXR5p1Qj+ZZjObVuENdWuqk7gQaxsyocCCB4pbBtF9AYDOIIGCn8rJSKUFvD8KIaTpWFsFoUXanSnAiSCT98GhfIBLbgAt4yJmegRKOML/cxplCh0z9MkNlfPdVU+LI/2RSj3NJpxd/KuR1l73IpgVNcbumXefAY95ztB/w067ZHCFlO0r+Q42NacthsMDc4Ffd+grLpo7KSmDRc+L9YdRNDgLZMbfIimHYIRRMdvEMEICXe1tUvtKBSfU1goTSXXYK2fLOBfOFIXCQponfgZ04klRjgpzCtv8juCOOrHU6r/FpIRkDNbwjWm9i8yBacZGT30bwjK8UW6JSFvDDu747f0ztKyQew8hEivOyqGDwZyrhFImasulsS0/7DB07oUQtaXJ7J8ucGsarttt02D6K8yuCh5bqEVk5Fy4Xlw=="
];
};
} }

14
users/jornane/default.nix Normal file
View File

@ -0,0 +1,14 @@
{ config, pkgs, lib, ... }:
{
users.users.jornane = {
isNormalUser = true;
uid = 1002;
description = "jornane";
extraGroups = [ "networkmanager" "wheel" ]; # TODO: NAS stuff
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDhGRFktIRrppVVILraEn5eTrANBIBMcpNT4qvNcd7Ut"
"ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAA/UAomSQjOHb4Im0TV70f7Jb/JpsQDd7YKHCXBmjmsrXi2dJVpw/tn+FzP4d2XJXm38hVN89yG+PQwZhf3PSHBaB4DXqFnVLFNWXTRyPPnc1U9uTEvLnZPpVJ/iv2zuS73QHrDcBdIubtdnsr239dJizUJJKwSMHszhOAN4AMYS9WivozdmyS+3o4p8mSp+tOWhq0hmVewnH0teTaHASpvE0V65xW9RGc5AWx0PgkGTXScOOf4/N8oXILn6mepODstlRKCZnBsC/LaXgJsk2+BX/Q/t4V0ytHh9iYblSavNjZZXRvygvkmV/eYAJAJ+igHubs2fEDsXfRj9J0O6JWjAmsELObCYGRbg9QkvaRq5EQgDoSW64iQUmbfB8NmYyXxg4fh0xBUrX87YkYvtHznWzD8hZkqRfj4K9Ixfk1Bsaxb5ubU3/mjGLOpZZ47zEqoen43rUxLq+eeMEQGDbq3mAcA6uX73MvBTzERrfh93rojwlUHEUDoUYyq7aN6Y9vF8/gy3KT2+pvAoUy4NDImSmJTwVcFJ+qUsAaGMECKiznte3Qn8TiD5G9nqeqCoA9edegM2N0z+ovsiXRxVqQDPh3cz/VPSsTKa8jNxhFpw4Q6KzDrtQOKXDkrhSKTxozVLYw2rYCkd2odOhjIJiN63UTNSm2z37ckKbOCqDy6LwW2ls4OzH/LOz2QDkMCwe7MYMrC66wanDhsRUZwlbSEs8aB25NB6OGg61hId3SLS8HzJ+4dmbHhciZm0oJlKRSMAqMLO6o9OVguJOl1td71rhnqAbp4UuaMqm5Zzut1ET+zkYB4t2voTuMhSrEJn1RS4hxR2rWt5jF9Nn67Mu70c0K2DE7FXqldGALC87GO7PHLTnNRg3o8FCkmVYlHNUEqHR56Incg5sC6KS9G1RL3KEHzjgzz8RjFXR5p1Qj+ZZjObVuENdWuqk7gQaxsyocCCB4pbBtF9AYDOIIGCn8rJSKUFvD8KIaTpWFsFoUXanSnAiSCT98GhfIBLbgAt4yJmegRKOML/cxplCh0z9MkNlfPdVU+LI/2RSj3NJpxd/KuR1l73IpgVNcbumXefAY95ztB/w067ZHCFlO0r+Q42NacthsMDc4Ffd+grLpo7KSmDRc+L9YdRNDgLZMbfIimHYIRRMdvEMEICXe1tUvtKBSfU1goTSXXYK2fLOBfOFIXCQponfgZ04klRjgpzCtv8juCOOrHU6r/FpIRkDNbwjWm9i8yBacZGT30bwjK8UW6JSFvDDu747f0ztKyQew8hEivOyqGDwZyrhFImasulsS0/7DB07oUQtaXJ7J8ucGsarttt02D6K8yuCh5bqEVk5Fy4Xlw=="
];
};
}

View File

@ -1,13 +1,15 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
{ {
home-manager.users.pbsds = import ./home;
users.groups.pbsds.gid = 1001;
users.users.pbsds = { users.users.pbsds = {
isNormalUser = true; isNormalUser = true;
uid = 1001; # TODO: uid mapping be done at nfs-mount level? That way we can enforce
description = "pbsds"; description = "pbsds";
extraGroups = [ "pbsds" "networkmanager" "wheel" "nixbld" ]; # TODO: NAS stuff extraGroups = [ "pbsds" "networkmanager" "wheel" "nixbld" ]; # TODO: NAS stuff
initialHashedPassword = "$6$yNgxTHcP1UYkNwuZ$1sBehnKgPjVnDe0tSV8kyfynWpfjDzuohZX6SoTrMnYFa3/aiMOtI6JppYevl.M6qYhBIT0XBvL6TqSSFWn8B/"; initialHashedPassword = "$6$yNgxTHcP1UYkNwuZ$1sBehnKgPjVnDe0tSV8kyfynWpfjDzuohZX6SoTrMnYFa3/aiMOtI6JppYevl.M6qYhBIT0XBvL6TqSSFWn8B/";
# TODO: fetch from github?
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
"ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAClYXCu7CyStjJ0AqZadUWfuA0h/3kC5FUJk4nTsR0nLXSNp26ETKYY9dID1JQCNgPDDZU3EKCNCpK+nZ/Q09L+agH5XtP6MRIDs0+aXZXy0rcLjS2fgx4ZgIiDGfBlaMCIrM/mdRzVmrYbeMotmkdsLSQ/lFBvX1IuzvUSnyYmRPCXxA== pederbs@hildring" "ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAClYXCu7CyStjJ0AqZadUWfuA0h/3kC5FUJk4nTsR0nLXSNp26ETKYY9dID1JQCNgPDDZU3EKCNCpK+nZ/Q09L+agH5XtP6MRIDs0+aXZXy0rcLjS2fgx4ZgIiDGfBlaMCIrM/mdRzVmrYbeMotmkdsLSQ/lFBvX1IuzvUSnyYmRPCXxA== pederbs@hildring"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDnVaayewel9GWGUYpTdLqfBnYnaBM10Vfq9fxeb9odwjf6pWe78il/5BCgW5EOadR/PeRv/ZYYnIT1uKEJOZkhjY2E6P2/B/JgzwPTwsrrjQsDHd5VjZty097dmf6vj0LXeJHmP9yogjPjGaSxktqyZi2CTFskRfZBPeCsoRMG+Z5bCMOHpXolvGCVWBNRcT3ITVYAAFL7HNPhcN3f5JkQgu0N+ySlMclNNSbHXXv1OIcLMKto6ZDx4DHp7NmU9uSbv8ERAfmoLCgdz1zOg0eVw9Kxs+XpUy3YFDdmPrny/Vq2LCDHljUWtjJI1uBoPF/ngavV+AuX5FHU9OSKNu7H pbsds@knut.pbsds.net" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDnVaayewel9GWGUYpTdLqfBnYnaBM10Vfq9fxeb9odwjf6pWe78il/5BCgW5EOadR/PeRv/ZYYnIT1uKEJOZkhjY2E6P2/B/JgzwPTwsrrjQsDHd5VjZty097dmf6vj0LXeJHmP9yogjPjGaSxktqyZi2CTFskRfZBPeCsoRMG+Z5bCMOHpXolvGCVWBNRcT3ITVYAAFL7HNPhcN3f5JkQgu0N+ySlMclNNSbHXXv1OIcLMKto6ZDx4DHp7NmU9uSbv8ERAfmoLCgdz1zOg0eVw9Kxs+XpUy3YFDdmPrny/Vq2LCDHljUWtjJI1uBoPF/ngavV+AuX5FHU9OSKNu7H pbsds@knut.pbsds.net"
@ -17,17 +19,5 @@
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDHV25/jfk0upLl6JOq1tu1n+VNkMr0OOu8nZa3NBZQfqrGiLQuTTFycBd5hhoWBaZewb0R8jm/GESE4gfeiLtObe0bKXo8SVty5hNrIq06BbICXByJR99ux17psaNyp/dvZO7gkjKm3m30q7TfbZANlIwhv0XmqCz8S31ocJddFznWyK3nFau/Lvzpupi0Y+7yHkmcKiWYzZsjluQF90M5X5nIf2x4jj7WY0IkR2l41MOLk4NCQNIor6EyAXnHs78JBS3kY5p2x7t/cBpMDBmbgZePdfjGv/L4vFgYiG1wTZT77PWPA93GHueZWDGUkIvKbNriP/U+bShKnGjIfZttjerhzsFE1V/RctCFToqHkW39439nCj6eFpgUiLHkx/mAUPz/whKP+9x5I3/DQkgYZ7qA424Msdz2wXWNi3465Mtrf5XPsjWNReEWt9I29W19K5OLO9QQVrkgdioSCvxoHLvQypPscPkLVF8srzCVA6npUOrOuJ5zZcK1ax2/0v8= pbsds@frotbjoff" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDHV25/jfk0upLl6JOq1tu1n+VNkMr0OOu8nZa3NBZQfqrGiLQuTTFycBd5hhoWBaZewb0R8jm/GESE4gfeiLtObe0bKXo8SVty5hNrIq06BbICXByJR99ux17psaNyp/dvZO7gkjKm3m30q7TfbZANlIwhv0XmqCz8S31ocJddFznWyK3nFau/Lvzpupi0Y+7yHkmcKiWYzZsjluQF90M5X5nIf2x4jj7WY0IkR2l41MOLk4NCQNIor6EyAXnHs78JBS3kY5p2x7t/cBpMDBmbgZePdfjGv/L4vFgYiG1wTZT77PWPA93GHueZWDGUkIvKbNriP/U+bShKnGjIfZttjerhzsFE1V/RctCFToqHkW39439nCj6eFpgUiLHkx/mAUPz/whKP+9x5I3/DQkgYZ7qA424Msdz2wXWNi3465Mtrf5XPsjWNReEWt9I29W19K5OLO9QQVrkgdioSCvxoHLvQypPscPkLVF8srzCVA6npUOrOuJ5zZcK1ax2/0v8= pbsds@frotbjoff"
#"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC8S44NzMNlCGpQ0aMqpv4YCbp4esYKLejsFRtCCA3oSgz+zq0Rbem1S1/vQehC44Ps1JPljiJgb8rj0VFUcuqnDtJP6kYRvvUDBaM7QO8Z4mZjOKYQo/MoidaPYEHakPB4fk4fdDU1u090VvTgPJvNe0UmPoTHbedk4u+OMuvMr8T56OPmwZPrCyRLtc4O+cYoig/cB+Y7DlwNI9wBx3xhShb5tuML+ZR1XyBYgprwoZML5l2pzEeK7dXdmkc4QT4TM13EcNOopsNZymH/xOCsY/yVqVJJC2Smp6mkIk+Or0zdlzxXFp4u3MS4bg5pzFVFfsqJAQGB7laMxtakMbn0if54MOA34hEAdmzdBCc+g9suuqFhA9WPqMsVlxx9khTue0MNoUVflUkm4B51aPbnPe+aycxdqMgfONroOjtBAQYfGnlRUP1qR3AD9Y2ND/NhGA9f8gTKPBRam+lRDWEGQO9HmWQdpeZbfWEyJa82HZcTCIhQyQukfa5PIzwtops= pbsds@pbsds-optiplex7060" #"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC8S44NzMNlCGpQ0aMqpv4YCbp4esYKLejsFRtCCA3oSgz+zq0Rbem1S1/vQehC44Ps1JPljiJgb8rj0VFUcuqnDtJP6kYRvvUDBaM7QO8Z4mZjOKYQo/MoidaPYEHakPB4fk4fdDU1u090VvTgPJvNe0UmPoTHbedk4u+OMuvMr8T56OPmwZPrCyRLtc4O+cYoig/cB+Y7DlwNI9wBx3xhShb5tuML+ZR1XyBYgprwoZML5l2pzEeK7dXdmkc4QT4TM13EcNOopsNZymH/xOCsY/yVqVJJC2Smp6mkIk+Or0zdlzxXFp4u3MS4bg5pzFVFfsqJAQGB7laMxtakMbn0if54MOA34hEAdmzdBCc+g9suuqFhA9WPqMsVlxx9khTue0MNoUVflUkm4B51aPbnPe+aycxdqMgfONroOjtBAQYfGnlRUP1qR3AD9Y2ND/NhGA9f8gTKPBRam+lRDWEGQO9HmWQdpeZbfWEyJa82HZcTCIhQyQukfa5PIzwtops= pbsds@pbsds-optiplex7060"
]; ];
#EDITOR = "micro";
#packages = with pkgs; [
#
#];
}; };
users.groups.pbsds = {};
home-manager.users.pbsds = import ./home;
} }