lots of small fixes
This commit is contained in:
parent
db4b4d4b45
commit
9b599adc07
|
@ -1,9 +1,14 @@
|
||||||
|
# https://EditorConfig.org
|
||||||
root = true
|
root = true
|
||||||
|
|
||||||
[*]
|
[*]
|
||||||
end_of_line = lf
|
end_of_line = lf
|
||||||
insert_final_newline = true
|
insert_final_newline = true
|
||||||
|
|
||||||
[*.nix]
|
|
||||||
indent_size = 2
|
|
||||||
indent_style = space
|
indent_style = space
|
||||||
|
indent_size = 2
|
||||||
|
|
||||||
|
[Makefile]
|
||||||
|
indent_style = tab
|
||||||
|
|
||||||
|
[*.py]
|
||||||
|
indent_size = 4
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
|
# via https://nixos.wiki/wiki/CUDA
|
||||||
{
|
{
|
||||||
nix = {
|
nix = {
|
||||||
settings = {
|
settings = {
|
||||||
|
|
|
@ -25,8 +25,11 @@
|
||||||
nix.gc.options = "--delete-older-than 30d";
|
nix.gc.options = "--delete-older-than 30d";
|
||||||
|
|
||||||
imports = [
|
imports = [
|
||||||
./hardware-configuration.nix # results of hardware scan
|
|
||||||
./cachix.nix
|
./cachix.nix
|
||||||
|
(if builtins.pathExists ./hardware-configuration.nix
|
||||||
|
then ./hardware-configuration.nix # results of hardware scan
|
||||||
|
else {}
|
||||||
|
)
|
||||||
|
|
||||||
./profiles/web
|
./profiles/web
|
||||||
./profiles/web/index
|
./profiles/web/index
|
||||||
|
@ -67,10 +70,11 @@
|
||||||
./profiles/web/linktree-pbsds
|
./profiles/web/linktree-pbsds
|
||||||
./profiles/web/refleksjon-no
|
./profiles/web/refleksjon-no
|
||||||
./profiles/web/roroslyd-no
|
./profiles/web/roroslyd-no
|
||||||
./profiles/web/trivial-gradios
|
#./profiles/web/trivial-gradios
|
||||||
./profiles/web/censordodge
|
#./profiles/web/censordodge
|
||||||
./profiles/web/openspeedtest
|
#./profiles/web/openspeedtest
|
||||||
|
|
||||||
|
./profiles/domeneshop-dyndns # TODO: olavtr is hardcoded...
|
||||||
./profiles/code-remote
|
./profiles/code-remote
|
||||||
./profiles/remote-builders #
|
./profiles/remote-builders #
|
||||||
./profiles/nfs/reidun.nix # NFS mounts
|
./profiles/nfs/reidun.nix # NFS mounts
|
||||||
|
@ -78,23 +82,19 @@
|
||||||
#./profiles/xrdp
|
#./profiles/xrdp
|
||||||
|
|
||||||
./users
|
./users
|
||||||
#./users/pbsds # todo: <- make this possible
|
#./users/pbsds
|
||||||
|
./users/all.nix
|
||||||
# How to override package used by module
|
|
||||||
# https://github.com/NixOS/nixpkgs/issues/55366
|
|
||||||
# TODO: move to where relevant
|
|
||||||
<nixos-unstable/nixos/modules/services/misc/jellyfin.nix>
|
|
||||||
<nixos-unstable/nixos/modules/services/web-apps/invidious.nix>
|
|
||||||
];
|
];
|
||||||
disabledModules = [
|
|
||||||
"services/misc/jellyfin.nix"
|
|
||||||
"services/web-apps/invidious.nix"
|
|
||||||
];
|
|
||||||
services.jellyfin.package = pkgs.unstable.jellyfin;
|
|
||||||
services.invidious.package = pkgs.unstable.invidious;
|
|
||||||
|
|
||||||
# TODO: remove? Move to where relevant
|
# TODO: remove? Move to where relevant
|
||||||
nixpkgs.overlays = [ (import ./overlays) ];
|
nixpkgs.overlays = [
|
||||||
|
/** /
|
||||||
|
(final: prev: {
|
||||||
|
mapcrafter = prev.callPackage /home/pbsds/repos/nixpkgs-mapcrafter/pkgs/tools/games/minecraft/mapcrafter/default.nix { };
|
||||||
|
mapcrafter-world112 = prev.callPackage /home/pbsds/repos/nixpkgs-mapcrafter/pkgs/tools/games/minecraft/mapcrafter/default.nix { world="world112"; };
|
||||||
|
})
|
||||||
|
/**/
|
||||||
|
];
|
||||||
|
|
||||||
# Allow unstable packages.
|
# Allow unstable packages.
|
||||||
nixpkgs.config.packageOverrides = pkgs: {
|
nixpkgs.config.packageOverrides = pkgs: {
|
||||||
|
@ -131,13 +131,10 @@
|
||||||
|
|
||||||
# Virtualization
|
# Virtualization
|
||||||
|
|
||||||
#services.docker.enable = true;
|
virtualisation.podman.enable = true;
|
||||||
virtualisation = {
|
|
||||||
podman.enable = true;
|
|
||||||
# TODO: are these default since 22.11?
|
# TODO: are these default since 22.11?
|
||||||
podman.dockerCompat = true; # alias docker to podman
|
virtualisation.podman.dockerCompat = true; # alias docker to podman
|
||||||
oci-containers.backend = "podman";
|
virtualisation.oci-containers.backend = "podman";
|
||||||
};
|
|
||||||
|
|
||||||
|
|
||||||
# Networking
|
# Networking
|
||||||
|
@ -174,26 +171,22 @@
|
||||||
#networking.firewall.allowedUDPPorts = [ ... ];
|
#networking.firewall.allowedUDPPorts = [ ... ];
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
# Time zone and internationalisation properties.
|
# Time zone and internationalisation properties.
|
||||||
|
|
||||||
time.timeZone = "Europe/Oslo";
|
time.timeZone = "Europe/Oslo";
|
||||||
i18n.defaultLocale = "en_US.utf8";
|
i18n.defaultLocale = "en_US.utf8";
|
||||||
i18n.extraLocaleSettings = {
|
i18n.extraLocaleSettings.LC_ADDRESS = "nb_NO.utf8";
|
||||||
LC_ADDRESS = "nb_NO.utf8";
|
i18n.extraLocaleSettings.LC_IDENTIFICATION = "nb_NO.utf8";
|
||||||
LC_IDENTIFICATION = "nb_NO.utf8";
|
i18n.extraLocaleSettings.LC_MEASUREMENT = "nb_NO.utf8";
|
||||||
LC_MEASUREMENT = "nb_NO.utf8";
|
i18n.extraLocaleSettings.LC_MONETARY = "nb_NO.utf8";
|
||||||
LC_MONETARY = "nb_NO.utf8";
|
i18n.extraLocaleSettings.LC_NAME = "nb_NO.utf8";
|
||||||
LC_NAME = "nb_NO.utf8";
|
i18n.extraLocaleSettings.LC_NUMERIC = "nb_NO.utf8";
|
||||||
LC_NUMERIC = "nb_NO.utf8";
|
i18n.extraLocaleSettings.LC_PAPER = "nb_NO.utf8";
|
||||||
LC_PAPER = "nb_NO.utf8";
|
i18n.extraLocaleSettings.LC_TELEPHONE = "nb_NO.utf8";
|
||||||
LC_TELEPHONE = "nb_NO.utf8";
|
i18n.extraLocaleSettings.LC_TIME = "nb_NO.utf8";
|
||||||
LC_TIME = "nb_NO.utf8";
|
console.keyMap = "no";
|
||||||
};
|
|
||||||
services.xserver.layout = "no";
|
services.xserver.layout = "no";
|
||||||
services.xserver.xkbVariant = "";
|
services.xserver.xkbVariant = "";
|
||||||
console.keyMap = "no";
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
# Installed system packages
|
# Installed system packages
|
||||||
|
@ -264,7 +257,7 @@
|
||||||
glances
|
glances
|
||||||
zenith
|
zenith
|
||||||
fzf
|
fzf
|
||||||
tealdeer #tldr
|
tealdeer # tldr
|
||||||
entr
|
entr
|
||||||
axel aria
|
axel aria
|
||||||
bat
|
bat
|
||||||
|
@ -294,7 +287,8 @@
|
||||||
|
|
||||||
];
|
];
|
||||||
|
|
||||||
# TODO: make this root only?
|
# TODO: somehow make this root only?
|
||||||
|
# TODO: zsh
|
||||||
programs.bash.shellInit = ''
|
programs.bash.shellInit = ''
|
||||||
if command -v fzf-share >/dev/null; then
|
if command -v fzf-share >/dev/null; then
|
||||||
source "$(fzf-share)/key-bindings.bash"
|
source "$(fzf-share)/key-bindings.bash"
|
||||||
|
@ -335,43 +329,6 @@
|
||||||
services.openssh.forwardX11 = true;
|
services.openssh.forwardX11 = true;
|
||||||
|
|
||||||
|
|
||||||
# auto domain update
|
|
||||||
systemd.services.domeneshop-updater = {
|
|
||||||
description = "domene.shop domain updater";
|
|
||||||
#after = [ "something?.service" ];
|
|
||||||
#wants = [ "something?.service" ];
|
|
||||||
serviceConfig = let
|
|
||||||
prog = pkgs.writeShellApplication {
|
|
||||||
name = "domeneshop-dyndns-updater.sh";
|
|
||||||
runtimeInputs = with pkgs; [ curl yq ];
|
|
||||||
text = ''
|
|
||||||
test -s /var/lib/secrets/domeneshop.toml || {
|
|
||||||
>&2 echo "ERROR: /var/lib/secrets/domeneshop.toml not found!"
|
|
||||||
exit 1
|
|
||||||
}
|
|
||||||
DOMENESHOP_TOKEN="$(tomlq .secrets.DOMENESHOP_TOKEN /var/lib/secrets/domeneshop.toml --raw-output)"
|
|
||||||
DOMENESHOP_SECRET="$(tomlq .secrets.DOMENESHOP_SECRET /var/lib/secrets/domeneshop.toml --raw-output)"
|
|
||||||
curl https://"$DOMENESHOP_TOKEN":"$DOMENESHOP_SECRET"@api.domeneshop.no/v0/dyndns/update?hostname=olavtr.pbsds.net
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
in {
|
|
||||||
User = "domeneshop";
|
|
||||||
Group = "domeneshop";
|
|
||||||
DynamicUser = true;
|
|
||||||
ExecStart = "${prog}/bin/domeneshop-dyndns-updater.sh";
|
|
||||||
PrivateTmp = true;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
systemd.timers.domeneshop-updater = let interval = "5h"; in {
|
|
||||||
description = "Update domene.shop every ${interval}";
|
|
||||||
wantedBy = [ "timers.target" ];
|
|
||||||
timerConfig = {
|
|
||||||
OnBootSec = "5m";
|
|
||||||
OnUnitInactiveSec = interval;
|
|
||||||
Unit = "domeneshop-updater.service";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
|
|
||||||
# This value determines the NixOS release from which the default
|
# This value determines the NixOS release from which the default
|
||||||
# settings for stateful data, like file locations and database versions
|
# settings for stateful data, like file locations and database versions
|
||||||
|
@ -380,6 +337,4 @@
|
||||||
# Before changing this value read the documentation for this option
|
# Before changing this value read the documentation for this option
|
||||||
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
||||||
system.stateVersion = "22.11"; # Did you read the comment?
|
system.stateVersion = "22.11"; # Did you read the comment?
|
||||||
#system.stateVersion = "22.05"; # Did you read the comment?
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,46 +0,0 @@
|
||||||
# https://nixos.wiki/wiki/Overlays
|
|
||||||
let
|
|
||||||
|
|
||||||
# WARNING: this works for nixos-rebuild, but not for the nix-build trick shown on the bottom
|
|
||||||
#testing = import (fetchTarball {
|
|
||||||
# name = "pr-180823";
|
|
||||||
# url = "https://github.com/r-ryantm/nixpkgs/archive/cfe56470cb641985d43adba690d5bca5453110fe.tar.gz";
|
|
||||||
# sha256 = "0rbncjp2a99l6i4z7w2m86l40m33b3dl9qficfny47kqcfpgyx0b";
|
|
||||||
#}) {
|
|
||||||
# #config = prev.config;
|
|
||||||
#};
|
|
||||||
|
|
||||||
overridePythonPackages = old: {
|
|
||||||
overrides = final: prev: {
|
|
||||||
|
|
||||||
#pdoc = final.callPackage /home/pbsds/repos/nixpkgs-pdoc/pkgs/development/python-modules/pdoc { };
|
|
||||||
|
|
||||||
#domeneshop = final.callPackage /home/pbsds/repos/nixpkgs-domemeshop/pkgs/development/python-modules/domeneshop { };
|
|
||||||
|
|
||||||
#shap = final.callPackage /home/pbsds/repos/nixpkgs-catboost/pkgs/development/python-modules/shap { };
|
|
||||||
#catboost = final.callPackage /home/pbsds/repos/nixpkgs-catboost/pkgs/development/python-modules/catboost { };
|
|
||||||
analytics-python = final.callPackage /home/pbsds/repos/nixpkgs-gradio/pkgs/development/python-modules/analytics-python { };
|
|
||||||
ffmpy = final.callPackage /home/pbsds/repos/nixpkgs-gradio/pkgs/development/python-modules/ffmpy { };
|
|
||||||
markdown-it-py = final.callPackage /home/pbsds/repos/nixpkgs-gradio/pkgs/development/python-modules/markdown-it-py { };
|
|
||||||
gradio = final.callPackage /home/pbsds/repos/nixpkgs-gradio/pkgs/development/python-modules/gradio { };
|
|
||||||
|
|
||||||
trivial-gradios = final.callPackage ./trivial-gradios { };
|
|
||||||
|
|
||||||
};
|
|
||||||
};
|
|
||||||
in final: prev: {
|
|
||||||
|
|
||||||
#rallly = prev.callPackage ./rallly { };
|
|
||||||
|
|
||||||
mapcrafter = prev.callPackage /home/pbsds/repos/nixpkgs-mapcrafter/pkgs/tools/games/minecraft/mapcrafter/default.nix { };
|
|
||||||
mapcrafter-world112 = prev.callPackage /home/pbsds/repos/nixpkgs-mapcrafter/pkgs/tools/games/minecraft/mapcrafter/default.nix { world="world112"; };
|
|
||||||
|
|
||||||
#python3.pkgs = prev.python3.pkgs.override overridePythonPackages;
|
|
||||||
python3Packages = prev.python3Packages.override overridePythonPackages;
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
# How to test:
|
|
||||||
# nix-build -E 'with import <nixpkgs> { overlays = [ (import ./. ) ]; }; MY_PACKAGE'
|
|
||||||
|
|
||||||
# warning: using testing or unstable here (^) will infinitely recurse.
|
|
|
@ -0,0 +1,40 @@
|
||||||
|
{ config, pkgs, lib, ... }:
|
||||||
|
{
|
||||||
|
# auto domain update
|
||||||
|
|
||||||
|
systemd.services.domeneshop-updater = {
|
||||||
|
description = "domene.shop domain updater";
|
||||||
|
#after = [ "something?.service" ];
|
||||||
|
#wants = [ "something?.service" ];
|
||||||
|
serviceConfig = let
|
||||||
|
prog = pkgs.writeShellApplication {
|
||||||
|
name = "domeneshop-dyndns-updater.sh";
|
||||||
|
runtimeInputs = with pkgs; [ curl yq ];
|
||||||
|
text = ''
|
||||||
|
test -s /var/lib/secrets/domeneshop.toml || {
|
||||||
|
>&2 echo "ERROR: /var/lib/secrets/domeneshop.toml not found!"
|
||||||
|
exit 1
|
||||||
|
}
|
||||||
|
DOMENESHOP_TOKEN="$( tomlq </var/lib/secrets/domeneshop.toml .secrets.DOMENESHOP_TOKEN --raw-output)"
|
||||||
|
DOMENESHOP_SECRET="$(tomlq </var/lib/secrets/domeneshop.toml .secrets.DOMENESHOP_SECRET --raw-output)"
|
||||||
|
curl https://"$DOMENESHOP_TOKEN":"$DOMENESHOP_SECRET"@api.domeneshop.no/v0/dyndns/update?hostname=olavtr.pbsds.net
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
in {
|
||||||
|
User = "domeneshop";
|
||||||
|
Group = "domeneshop";
|
||||||
|
DynamicUser = true;
|
||||||
|
ExecStart = "${prog}/bin/domeneshop-dyndns-updater.sh";
|
||||||
|
PrivateTmp = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
systemd.timers.domeneshop-updater = let interval = "5h"; in {
|
||||||
|
description = "Update domene.shop every ${interval}";
|
||||||
|
wantedBy = [ "timers.target" ];
|
||||||
|
timerConfig = {
|
||||||
|
OnBootSec = "5m";
|
||||||
|
OnUnitInactiveSec = interval;
|
||||||
|
Unit = "domeneshop-updater.service";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -1,5 +1 @@
|
||||||
* [ ] mv nas/default.nix nas.nix
|
|
||||||
* [ ] mv website/default.nix website.nix
|
|
||||||
* [ ] move each part into web-services, and import them as modules
|
|
||||||
* [ ] make mkDomain a function
|
|
||||||
* [ ] make ACME a function
|
* [ ] make ACME a function
|
||||||
|
|
|
@ -3,6 +3,14 @@
|
||||||
# Invidious
|
# Invidious
|
||||||
# An open source alternative front-end to YouTube
|
# An open source alternative front-end to YouTube
|
||||||
|
|
||||||
|
/**/
|
||||||
|
imports = [
|
||||||
|
({ disabledModules = [ "services/web-apps/invidious.nix" ]; })
|
||||||
|
<nixos-unstable/nixos/modules/services/web-apps/invidious.nix>
|
||||||
|
({ services.invidious.package = pkgs.unstable.invidious; })
|
||||||
|
];
|
||||||
|
/**/
|
||||||
|
|
||||||
services.invidious = {
|
services.invidious = {
|
||||||
enable = true;
|
enable = true;
|
||||||
domain = mkDomain "invidious";
|
domain = mkDomain "invidious";
|
||||||
|
|
|
@ -2,6 +2,14 @@
|
||||||
{
|
{
|
||||||
# Jellyfin
|
# Jellyfin
|
||||||
|
|
||||||
|
/**/
|
||||||
|
imports = [
|
||||||
|
({ disabledModules = [ "services/misc/jellyfin.nix" ]; })
|
||||||
|
<nixos-unstable/nixos/modules/services/misc/jellyfin.nix>
|
||||||
|
({ services.jellyfin.package = pkgs.unstable.jellyfin; })
|
||||||
|
];
|
||||||
|
/**/
|
||||||
|
|
||||||
services.jellyfin = {
|
services.jellyfin = {
|
||||||
enable = true; # don't enable unless you intend to first-time-setup the admin user
|
enable = true; # don't enable unless you intend to first-time-setup the admin user
|
||||||
# from https://jellyfin.org/docs/general/networking/index.html:
|
# from https://jellyfin.org/docs/general/networking/index.html:
|
||||||
|
|
|
@ -1,26 +1,20 @@
|
||||||
* [ ] cryptpad
|
* [ ] cryptpad
|
||||||
* [ ] upterm / tmate
|
|
||||||
* [ ] shlink ?
|
* [ ] shlink ?
|
||||||
* [ ] mailcatcher
|
* [ ] mailcatcher
|
||||||
* configure stuff to send its shit here
|
* configure stuff to send its shit here
|
||||||
# TODO: kukkee or rallly
|
* [ ] https://noted.lol/2-self-hosted-alternatives-to-doodle-meeting-scheduling/
|
||||||
# https://noted.lol/2-self-hosted-alternatives-to-doodle-meeting-scheduling/
|
* [ ] kukkee
|
||||||
#https://rallly.co/
|
* [ ] rallly - https://rallly.co/
|
||||||
|
* [ ] Rocketchat - A self-hosted discord/slack alternative
|
||||||
|
* [ ] upterm / tmate - Secure terminal-session sharing
|
||||||
|
|
||||||
|
```
|
||||||
# upterm
|
services.uptermd = {
|
||||||
# Secure terminal-session sharing
|
|
||||||
|
|
||||||
services.uptermd = {
|
|
||||||
enable = false;
|
enable = false;
|
||||||
openFirewall = true;
|
openFirewall = true;
|
||||||
#listenAddress # default is "[::]";
|
#listenAddress # default is "[::]";
|
||||||
#port = 2222; # default is 2222, uses ssh
|
#port = 2222; # default is 2222, uses ssh
|
||||||
#extraFlags
|
#extraFlags
|
||||||
#hostKey = null;
|
#hostKey = null;
|
||||||
};
|
};
|
||||||
|
```
|
||||||
|
|
||||||
# Rocketchat
|
|
||||||
# A self-hosted discord/slack alternative
|
|
||||||
# TODO, docker exists, but no nixos module
|
|
||||||
|
|
|
@ -2,6 +2,24 @@
|
||||||
{
|
{
|
||||||
# trivial gradios
|
# trivial gradios
|
||||||
|
|
||||||
|
/** /
|
||||||
|
nixpkgs.overlays = [
|
||||||
|
(final: prev: {
|
||||||
|
python3Packages = prev.python3Packages.override (old: {
|
||||||
|
overrides = final: prev: {
|
||||||
|
#shap = final.callPackage /home/pbsds/repos/nixpkgs-catboost/pkgs/development/python-modules/shap { };
|
||||||
|
#catboost = final.callPackage /home/pbsds/repos/nixpkgs-catboost/pkgs/development/python-modules/catboost { };
|
||||||
|
analytics-python = final.callPackage /home/pbsds/repos/nixpkgs-gradio/pkgs/development/python-modules/analytics-python { };
|
||||||
|
ffmpy = final.callPackage /home/pbsds/repos/nixpkgs-gradio/pkgs/development/python-modules/ffmpy { };
|
||||||
|
markdown-it-py = final.callPackage /home/pbsds/repos/nixpkgs-gradio/pkgs/development/python-modules/markdown-it-py { };
|
||||||
|
gradio = final.callPackage /home/pbsds/repos/nixpkgs-gradio/pkgs/development/python-modules/gradio { };
|
||||||
|
trivial-gradios = final.callPackage ./pkg { };
|
||||||
|
};
|
||||||
|
});
|
||||||
|
})
|
||||||
|
];
|
||||||
|
/**/
|
||||||
|
|
||||||
/** /
|
/** /
|
||||||
systemd.services.trivial-gradios-heritage-graph = {
|
systemd.services.trivial-gradios-heritage-graph = {
|
||||||
description = pkgs.python3Packages.trivial-gradios.meta.description;
|
description = pkgs.python3Packages.trivial-gradios.meta.description;
|
||||||
|
|
|
@ -0,0 +1,9 @@
|
||||||
|
{ config, pkgs, lib, ... }:
|
||||||
|
let
|
||||||
|
to-import = name: value: ./. + ("/" + name);
|
||||||
|
filter-users = key: val: val == "directory" && lib.pathExists "${./.}${key}/default.nix";
|
||||||
|
imports = lib.mapAttrsToList to-import (lib.filterAttrs filter-users (builtins.readDir ./.));
|
||||||
|
in
|
||||||
|
{
|
||||||
|
inherit imports;
|
||||||
|
}
|
|
@ -1,31 +1,6 @@
|
||||||
{ config, pkgs, lib, ... }:
|
{ config, pkgs, lib, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
# User accounts
|
imports = [ <home-manager/nixos> ];
|
||||||
# Don't forget to set a password with ‘passwd’!
|
home-manager.useGlobalPkgs = true; # brrr
|
||||||
|
# When adding a new user accounts: Don't forget to set a password with ‘passwd’!
|
||||||
imports = [
|
|
||||||
<home-manager/nixos>
|
|
||||||
./pbsds
|
|
||||||
];
|
|
||||||
|
|
||||||
home-manager.useGlobalPkgs = true;
|
|
||||||
|
|
||||||
# TODO: nas stuff
|
|
||||||
# TODO: can uid mapping be done at nfs level?
|
|
||||||
users.users.pbsds.uid = 1001;
|
|
||||||
users.groups.pbsds.gid = 1001;
|
|
||||||
|
|
||||||
users.users.jornane = {
|
|
||||||
isNormalUser = true;
|
|
||||||
uid = 1002;
|
|
||||||
description = "jornane";
|
|
||||||
extraGroups = [ "networkmanager" "wheel" ]; # TODO: NAS stuff
|
|
||||||
|
|
||||||
openssh.authorizedKeys.keys = [
|
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDhGRFktIRrppVVILraEn5eTrANBIBMcpNT4qvNcd7Ut"
|
|
||||||
"ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAA/UAomSQjOHb4Im0TV70f7Jb/JpsQDd7YKHCXBmjmsrXi2dJVpw/tn+FzP4d2XJXm38hVN89yG+PQwZhf3PSHBaB4DXqFnVLFNWXTRyPPnc1U9uTEvLnZPpVJ/iv2zuS73QHrDcBdIubtdnsr239dJizUJJKwSMHszhOAN4AMYS9WivozdmyS+3o4p8mSp+tOWhq0hmVewnH0teTaHASpvE0V65xW9RGc5AWx0PgkGTXScOOf4/N8oXILn6mepODstlRKCZnBsC/LaXgJsk2+BX/Q/t4V0ytHh9iYblSavNjZZXRvygvkmV/eYAJAJ+igHubs2fEDsXfRj9J0O6JWjAmsELObCYGRbg9QkvaRq5EQgDoSW64iQUmbfB8NmYyXxg4fh0xBUrX87YkYvtHznWzD8hZkqRfj4K9Ixfk1Bsaxb5ubU3/mjGLOpZZ47zEqoen43rUxLq+eeMEQGDbq3mAcA6uX73MvBTzERrfh93rojwlUHEUDoUYyq7aN6Y9vF8/gy3KT2+pvAoUy4NDImSmJTwVcFJ+qUsAaGMECKiznte3Qn8TiD5G9nqeqCoA9edegM2N0z+ovsiXRxVqQDPh3cz/VPSsTKa8jNxhFpw4Q6KzDrtQOKXDkrhSKTxozVLYw2rYCkd2odOhjIJiN63UTNSm2z37ckKbOCqDy6LwW2ls4OzH/LOz2QDkMCwe7MYMrC66wanDhsRUZwlbSEs8aB25NB6OGg61hId3SLS8HzJ+4dmbHhciZm0oJlKRSMAqMLO6o9OVguJOl1td71rhnqAbp4UuaMqm5Zzut1ET+zkYB4t2voTuMhSrEJn1RS4hxR2rWt5jF9Nn67Mu70c0K2DE7FXqldGALC87GO7PHLTnNRg3o8FCkmVYlHNUEqHR56Incg5sC6KS9G1RL3KEHzjgzz8RjFXR5p1Qj+ZZjObVuENdWuqk7gQaxsyocCCB4pbBtF9AYDOIIGCn8rJSKUFvD8KIaTpWFsFoUXanSnAiSCT98GhfIBLbgAt4yJmegRKOML/cxplCh0z9MkNlfPdVU+LI/2RSj3NJpxd/KuR1l73IpgVNcbumXefAY95ztB/w067ZHCFlO0r+Q42NacthsMDc4Ffd+grLpo7KSmDRc+L9YdRNDgLZMbfIimHYIRRMdvEMEICXe1tUvtKBSfU1goTSXXYK2fLOBfOFIXCQponfgZ04klRjgpzCtv8juCOOrHU6r/FpIRkDNbwjWm9i8yBacZGT30bwjK8UW6JSFvDDu747f0ztKyQew8hEivOyqGDwZyrhFImasulsS0/7DB07oUQtaXJ7J8ucGsarttt02D6K8yuCh5bqEVk5Fy4Xlw=="
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,14 @@
|
||||||
|
{ config, pkgs, lib, ... }:
|
||||||
|
{
|
||||||
|
users.users.jornane = {
|
||||||
|
isNormalUser = true;
|
||||||
|
uid = 1002;
|
||||||
|
description = "jornane";
|
||||||
|
extraGroups = [ "networkmanager" "wheel" ]; # TODO: NAS stuff
|
||||||
|
|
||||||
|
openssh.authorizedKeys.keys = [
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDhGRFktIRrppVVILraEn5eTrANBIBMcpNT4qvNcd7Ut"
|
||||||
|
"ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAA/UAomSQjOHb4Im0TV70f7Jb/JpsQDd7YKHCXBmjmsrXi2dJVpw/tn+FzP4d2XJXm38hVN89yG+PQwZhf3PSHBaB4DXqFnVLFNWXTRyPPnc1U9uTEvLnZPpVJ/iv2zuS73QHrDcBdIubtdnsr239dJizUJJKwSMHszhOAN4AMYS9WivozdmyS+3o4p8mSp+tOWhq0hmVewnH0teTaHASpvE0V65xW9RGc5AWx0PgkGTXScOOf4/N8oXILn6mepODstlRKCZnBsC/LaXgJsk2+BX/Q/t4V0ytHh9iYblSavNjZZXRvygvkmV/eYAJAJ+igHubs2fEDsXfRj9J0O6JWjAmsELObCYGRbg9QkvaRq5EQgDoSW64iQUmbfB8NmYyXxg4fh0xBUrX87YkYvtHznWzD8hZkqRfj4K9Ixfk1Bsaxb5ubU3/mjGLOpZZ47zEqoen43rUxLq+eeMEQGDbq3mAcA6uX73MvBTzERrfh93rojwlUHEUDoUYyq7aN6Y9vF8/gy3KT2+pvAoUy4NDImSmJTwVcFJ+qUsAaGMECKiznte3Qn8TiD5G9nqeqCoA9edegM2N0z+ovsiXRxVqQDPh3cz/VPSsTKa8jNxhFpw4Q6KzDrtQOKXDkrhSKTxozVLYw2rYCkd2odOhjIJiN63UTNSm2z37ckKbOCqDy6LwW2ls4OzH/LOz2QDkMCwe7MYMrC66wanDhsRUZwlbSEs8aB25NB6OGg61hId3SLS8HzJ+4dmbHhciZm0oJlKRSMAqMLO6o9OVguJOl1td71rhnqAbp4UuaMqm5Zzut1ET+zkYB4t2voTuMhSrEJn1RS4hxR2rWt5jF9Nn67Mu70c0K2DE7FXqldGALC87GO7PHLTnNRg3o8FCkmVYlHNUEqHR56Incg5sC6KS9G1RL3KEHzjgzz8RjFXR5p1Qj+ZZjObVuENdWuqk7gQaxsyocCCB4pbBtF9AYDOIIGCn8rJSKUFvD8KIaTpWFsFoUXanSnAiSCT98GhfIBLbgAt4yJmegRKOML/cxplCh0z9MkNlfPdVU+LI/2RSj3NJpxd/KuR1l73IpgVNcbumXefAY95ztB/w067ZHCFlO0r+Q42NacthsMDc4Ffd+grLpo7KSmDRc+L9YdRNDgLZMbfIimHYIRRMdvEMEICXe1tUvtKBSfU1goTSXXYK2fLOBfOFIXCQponfgZ04klRjgpzCtv8juCOOrHU6r/FpIRkDNbwjWm9i8yBacZGT30bwjK8UW6JSFvDDu747f0ztKyQew8hEivOyqGDwZyrhFImasulsS0/7DB07oUQtaXJ7J8ucGsarttt02D6K8yuCh5bqEVk5Fy4Xlw=="
|
||||||
|
];
|
||||||
|
};
|
||||||
|
}
|
|
@ -1,13 +1,15 @@
|
||||||
{ config, pkgs, lib, ... }:
|
{ config, pkgs, lib, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
|
home-manager.users.pbsds = import ./home;
|
||||||
|
users.groups.pbsds.gid = 1001;
|
||||||
users.users.pbsds = {
|
users.users.pbsds = {
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
|
uid = 1001; # TODO: uid mapping be done at nfs-mount level? That way we can enforce
|
||||||
description = "pbsds";
|
description = "pbsds";
|
||||||
extraGroups = [ "pbsds" "networkmanager" "wheel" "nixbld" ]; # TODO: NAS stuff
|
extraGroups = [ "pbsds" "networkmanager" "wheel" "nixbld" ]; # TODO: NAS stuff
|
||||||
initialHashedPassword = "$6$yNgxTHcP1UYkNwuZ$1sBehnKgPjVnDe0tSV8kyfynWpfjDzuohZX6SoTrMnYFa3/aiMOtI6JppYevl.M6qYhBIT0XBvL6TqSSFWn8B/";
|
initialHashedPassword = "$6$yNgxTHcP1UYkNwuZ$1sBehnKgPjVnDe0tSV8kyfynWpfjDzuohZX6SoTrMnYFa3/aiMOtI6JppYevl.M6qYhBIT0XBvL6TqSSFWn8B/";
|
||||||
|
|
||||||
|
# TODO: fetch from github?
|
||||||
openssh.authorizedKeys.keys = [
|
openssh.authorizedKeys.keys = [
|
||||||
"ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAClYXCu7CyStjJ0AqZadUWfuA0h/3kC5FUJk4nTsR0nLXSNp26ETKYY9dID1JQCNgPDDZU3EKCNCpK+nZ/Q09L+agH5XtP6MRIDs0+aXZXy0rcLjS2fgx4ZgIiDGfBlaMCIrM/mdRzVmrYbeMotmkdsLSQ/lFBvX1IuzvUSnyYmRPCXxA== pederbs@hildring"
|
"ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAClYXCu7CyStjJ0AqZadUWfuA0h/3kC5FUJk4nTsR0nLXSNp26ETKYY9dID1JQCNgPDDZU3EKCNCpK+nZ/Q09L+agH5XtP6MRIDs0+aXZXy0rcLjS2fgx4ZgIiDGfBlaMCIrM/mdRzVmrYbeMotmkdsLSQ/lFBvX1IuzvUSnyYmRPCXxA== pederbs@hildring"
|
||||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDnVaayewel9GWGUYpTdLqfBnYnaBM10Vfq9fxeb9odwjf6pWe78il/5BCgW5EOadR/PeRv/ZYYnIT1uKEJOZkhjY2E6P2/B/JgzwPTwsrrjQsDHd5VjZty097dmf6vj0LXeJHmP9yogjPjGaSxktqyZi2CTFskRfZBPeCsoRMG+Z5bCMOHpXolvGCVWBNRcT3ITVYAAFL7HNPhcN3f5JkQgu0N+ySlMclNNSbHXXv1OIcLMKto6ZDx4DHp7NmU9uSbv8ERAfmoLCgdz1zOg0eVw9Kxs+XpUy3YFDdmPrny/Vq2LCDHljUWtjJI1uBoPF/ngavV+AuX5FHU9OSKNu7H pbsds@knut.pbsds.net"
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDnVaayewel9GWGUYpTdLqfBnYnaBM10Vfq9fxeb9odwjf6pWe78il/5BCgW5EOadR/PeRv/ZYYnIT1uKEJOZkhjY2E6P2/B/JgzwPTwsrrjQsDHd5VjZty097dmf6vj0LXeJHmP9yogjPjGaSxktqyZi2CTFskRfZBPeCsoRMG+Z5bCMOHpXolvGCVWBNRcT3ITVYAAFL7HNPhcN3f5JkQgu0N+ySlMclNNSbHXXv1OIcLMKto6ZDx4DHp7NmU9uSbv8ERAfmoLCgdz1zOg0eVw9Kxs+XpUy3YFDdmPrny/Vq2LCDHljUWtjJI1uBoPF/ngavV+AuX5FHU9OSKNu7H pbsds@knut.pbsds.net"
|
||||||
|
@ -17,17 +19,5 @@
|
||||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDHV25/jfk0upLl6JOq1tu1n+VNkMr0OOu8nZa3NBZQfqrGiLQuTTFycBd5hhoWBaZewb0R8jm/GESE4gfeiLtObe0bKXo8SVty5hNrIq06BbICXByJR99ux17psaNyp/dvZO7gkjKm3m30q7TfbZANlIwhv0XmqCz8S31ocJddFznWyK3nFau/Lvzpupi0Y+7yHkmcKiWYzZsjluQF90M5X5nIf2x4jj7WY0IkR2l41MOLk4NCQNIor6EyAXnHs78JBS3kY5p2x7t/cBpMDBmbgZePdfjGv/L4vFgYiG1wTZT77PWPA93GHueZWDGUkIvKbNriP/U+bShKnGjIfZttjerhzsFE1V/RctCFToqHkW39439nCj6eFpgUiLHkx/mAUPz/whKP+9x5I3/DQkgYZ7qA424Msdz2wXWNi3465Mtrf5XPsjWNReEWt9I29W19K5OLO9QQVrkgdioSCvxoHLvQypPscPkLVF8srzCVA6npUOrOuJ5zZcK1ax2/0v8= pbsds@frotbjoff"
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDHV25/jfk0upLl6JOq1tu1n+VNkMr0OOu8nZa3NBZQfqrGiLQuTTFycBd5hhoWBaZewb0R8jm/GESE4gfeiLtObe0bKXo8SVty5hNrIq06BbICXByJR99ux17psaNyp/dvZO7gkjKm3m30q7TfbZANlIwhv0XmqCz8S31ocJddFznWyK3nFau/Lvzpupi0Y+7yHkmcKiWYzZsjluQF90M5X5nIf2x4jj7WY0IkR2l41MOLk4NCQNIor6EyAXnHs78JBS3kY5p2x7t/cBpMDBmbgZePdfjGv/L4vFgYiG1wTZT77PWPA93GHueZWDGUkIvKbNriP/U+bShKnGjIfZttjerhzsFE1V/RctCFToqHkW39439nCj6eFpgUiLHkx/mAUPz/whKP+9x5I3/DQkgYZ7qA424Msdz2wXWNi3465Mtrf5XPsjWNReEWt9I29W19K5OLO9QQVrkgdioSCvxoHLvQypPscPkLVF8srzCVA6npUOrOuJ5zZcK1ax2/0v8= pbsds@frotbjoff"
|
||||||
#"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC8S44NzMNlCGpQ0aMqpv4YCbp4esYKLejsFRtCCA3oSgz+zq0Rbem1S1/vQehC44Ps1JPljiJgb8rj0VFUcuqnDtJP6kYRvvUDBaM7QO8Z4mZjOKYQo/MoidaPYEHakPB4fk4fdDU1u090VvTgPJvNe0UmPoTHbedk4u+OMuvMr8T56OPmwZPrCyRLtc4O+cYoig/cB+Y7DlwNI9wBx3xhShb5tuML+ZR1XyBYgprwoZML5l2pzEeK7dXdmkc4QT4TM13EcNOopsNZymH/xOCsY/yVqVJJC2Smp6mkIk+Or0zdlzxXFp4u3MS4bg5pzFVFfsqJAQGB7laMxtakMbn0if54MOA34hEAdmzdBCc+g9suuqFhA9WPqMsVlxx9khTue0MNoUVflUkm4B51aPbnPe+aycxdqMgfONroOjtBAQYfGnlRUP1qR3AD9Y2ND/NhGA9f8gTKPBRam+lRDWEGQO9HmWQdpeZbfWEyJa82HZcTCIhQyQukfa5PIzwtops= pbsds@pbsds-optiplex7060"
|
#"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC8S44NzMNlCGpQ0aMqpv4YCbp4esYKLejsFRtCCA3oSgz+zq0Rbem1S1/vQehC44Ps1JPljiJgb8rj0VFUcuqnDtJP6kYRvvUDBaM7QO8Z4mZjOKYQo/MoidaPYEHakPB4fk4fdDU1u090VvTgPJvNe0UmPoTHbedk4u+OMuvMr8T56OPmwZPrCyRLtc4O+cYoig/cB+Y7DlwNI9wBx3xhShb5tuML+ZR1XyBYgprwoZML5l2pzEeK7dXdmkc4QT4TM13EcNOopsNZymH/xOCsY/yVqVJJC2Smp6mkIk+Or0zdlzxXFp4u3MS4bg5pzFVFfsqJAQGB7laMxtakMbn0if54MOA34hEAdmzdBCc+g9suuqFhA9WPqMsVlxx9khTue0MNoUVflUkm4B51aPbnPe+aycxdqMgfONroOjtBAQYfGnlRUP1qR3AD9Y2ND/NhGA9f8gTKPBRam+lRDWEGQO9HmWQdpeZbfWEyJa82HZcTCIhQyQukfa5PIzwtops= pbsds@pbsds-optiplex7060"
|
||||||
];
|
];
|
||||||
|
|
||||||
#EDITOR = "micro";
|
|
||||||
|
|
||||||
#packages = with pkgs; [
|
|
||||||
#
|
|
||||||
#];
|
|
||||||
};
|
};
|
||||||
users.groups.pbsds = {};
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
home-manager.users.pbsds = import ./home;
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue