93 lines
6.8 KiB
Nix
93 lines
6.8 KiB
Nix
{ config, pkgs, lib, ... }:
|
|
{
|
|
# system-wide shit
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
micro
|
|
edir
|
|
xclip
|
|
fzf
|
|
rmate-sh
|
|
|
|
vimix-gtk-themes
|
|
flat-remix-icon-theme
|
|
feh
|
|
];
|
|
# TODO: fzf for zsh
|
|
programs.bash.shellInit = ''
|
|
source "$(${pkgs.fzf}/bin/fzf-share)/key-bindings.bash"
|
|
source "$(${pkgs.fzf}/bin/fzf-share)/completion.bash"
|
|
'';
|
|
programs.bash.shellAliases."ed" = "micro"; # TODO: ${EDITOR:-micro}
|
|
environment.variables."EDITOR" = "micro";
|
|
|
|
|
|
# user and home-manager
|
|
|
|
#nix.trusted-users = [ "pbsds" ];
|
|
|
|
home-manager.users.pbsds = if config.services.xserver.desktopManager.gnome.enable
|
|
then import ./home/gnome.nix
|
|
else import ./home;
|
|
|
|
|
|
nix.settings.allowed-users = [ "pbsds" ];
|
|
nix.settings.trusted-users = [ "pbsds" ];
|
|
|
|
users.groups."pbsds".gid = 1001; # TODO: remove this, add a uid map to NFS instead
|
|
users.users."pbsds" = {
|
|
isNormalUser = true;
|
|
uid = 1001; # TODO: uid mapping be done at nfs-mount level? That way we can enforce
|
|
description = "pbsds";
|
|
extraGroups = [
|
|
"pbsds"
|
|
"users" # backward compat
|
|
"keys" # access tokens in nix.conf
|
|
#"nix-community-builder"
|
|
"libvirtd"
|
|
"networkmanager"
|
|
"audio"
|
|
"sound"
|
|
"video"
|
|
"input"
|
|
"tty"
|
|
"wheel"
|
|
# TODO: NAS stuff
|
|
] ++ lib.optionals config.virtualisation.docker.enable [
|
|
"docker"
|
|
# doesn't work...
|
|
#] ++ lib.optionals config.services.headscale.enable [
|
|
# config.services.headscale.group
|
|
];
|
|
|
|
initialHashedPassword = "$6$yNgxTHcP1UYkNwuZ$1sBehnKgPjVnDe0tSV8kyfynWpfjDzuohZX6SoTrMnYFa3/aiMOtI6JppYevl.M6qYhBIT0XBvL6TqSSFWn8B/";
|
|
|
|
# TODO: fetch from github?
|
|
openssh.authorizedKeys.keys = [
|
|
#"ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAClYXCu7CyStjJ0AqZadUWfuA0h/3kC5FUJk4nTsR0nLXSNp26ETKYY9dID1JQCNgPDDZU3EKCNCpK+nZ/Q09L+agH5XtP6MRIDs0+aXZXy0rcLjS2fgx4ZgIiDGfBlaMCIrM/mdRzVmrYbeMotmkdsLSQ/lFBvX1IuzvUSnyYmRPCXxA== pederbs@hildring"
|
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDnVaayewel9GWGUYpTdLqfBnYnaBM10Vfq9fxeb9odwjf6pWe78il/5BCgW5EOadR/PeRv/ZYYnIT1uKEJOZkhjY2E6P2/B/JgzwPTwsrrjQsDHd5VjZty097dmf6vj0LXeJHmP9yogjPjGaSxktqyZi2CTFskRfZBPeCsoRMG+Z5bCMOHpXolvGCVWBNRcT3ITVYAAFL7HNPhcN3f5JkQgu0N+ySlMclNNSbHXXv1OIcLMKto6ZDx4DHp7NmU9uSbv8ERAfmoLCgdz1zOg0eVw9Kxs+XpUy3YFDdmPrny/Vq2LCDHljUWtjJI1uBoPF/ngavV+AuX5FHU9OSKNu7H pbsds@knut.pbsds.net"
|
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC+qv5MogWwOgctQfQeHxUHF2ij6UA8BR4DLXtZClnw6A1CtOjAtZeAW62C8q9OKaIKDO0hqd2vLBkgEno4smqBDJ2ThwKuXrhiHqJzCkXZqIKKx79mpTo7aRpFgkJ7328Ee+tbqa65coL98WRhLnDg69NDaOfSCmH85/D0kuyTG7mYIMdBtFXB/IU0QC9USCSGcUGSnQAEx8S0vaXL7JP043kfEfeqwsea598qX+LFa2UfGwgLBpiWi4QEfYy6fviz2TFkbRYKQImybidzUHZkljjPupqu8U4dIx/jsJM/vew717xZPCU0ZCho77TIU+bYSitD5mjnzuD7LrAdbFgnhkD2sQlD/hUW40kPVT/Tq3DrpDRKC9tniiTaIQV1Pe0k82XwYrvV/hTl8T1ed6TuzhmUggqowAbJRbaBIa1zI672AFFQM8OBIN59ZlLy3V2RZW4fvQk2/xMRdVBT0W5Upx+9rCbH9LCGWL8gNNA/PRJ0L9Ts6cq8kf4tFhFQQrk= pbsds@bjarte"
|
|
#"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID7Ftu1LP+p+D6YWIo32V9w6ckHCIbrQWPyCNU4rBAbl root@bjarte"
|
|
#"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDlLTAf5ObSpUU490M/l6+s5m0rxayPeaH23RLvIyoCqGftf/3Yi2iHP8wusBWGrEkXg8Po9YKh2CztflqJBnhsv/HaGYRXNsz3oVf2bSURUepZBkUXkg+T1x9OGG8pfvde8ROWZ8KxwLbAKghHUusyAvtJE9ktDxLpajomXDQlo+v7Hj2v4tMKCG/vHPxf/ni3Icl/8Rwo4zjuxl1MxLftPZv9rxCFv06ujuW6f6Mu5q+damt6ReH7RpOzs1rtDjPSnrRCboY4IbT5P4v6cZCr5hgAblKXHfOzPO9WM7O9tugJeE7eJK6Ps8gvWSHs/48SONSpjcYX3NzsRfxp6RRyD0yGrTDP/Ly6TNZzwZdKPO6GkRbLFXAxSn+ex/zW//R4ECQmof3KPYyjpt7yygICSdRlRocpz5aYxytFqBhelEbQqSZTP8q3HdxqGUplAgaCc0bK+m2ob5cirx3kHK2TyQ2dyCZgOML7AjD3GaclxPjkfEipL3/uFkq6EdsdQFs= pbsds@Svanbjorg"
|
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCo5/9uHIKhhpVbcLSKslj9wdBiV4YaY/tydTfypNZBMMP2U54640t8JvHHkxCZRur8AqYupellxAqkmKn516Ut0WvfQcNgF7ieI66JHkK1j7kSFHHG1nkJHslwCh2PeYtfx5zHZZq8X9v/UjVGY182BC4BHC5zixmNiUvvc+N24BRT4NwslFmMYVcTdoNBSJXPgte4uUd+FZrAnHQrjYdJVANgI4i1d11mxlDFgJrPJj30KaIDxHAsAWgCEqGLMDO9N1cpGGbXVeXfoGvv+vdCXgbyA8BK7wWwXvy5HlvhpEJo8g84r6uKMMkEf+K1MpTiaNjdu+7/sKD/ZOyDB4RgCBs0DskouWRi+xfxABaKBj6706Z3hpj+GfpuSXrHKgGYXIL4cZHaAlz8GVsN1mUL4eJ12Sk14Od2QUHbzp7TDz5eaWuczPs5W9qXwNDMZcmBBZ3mkt9ZYPvAPRjeLpAKhhA9xPL3hbob5hhAENTWsFRFJEgpm8l362XFIOLHr/M= pbsds@rocm"
|
|
#"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDHV25/jfk0upLl6JOq1tu1n+VNkMr0OOu8nZa3NBZQfqrGiLQuTTFycBd5hhoWBaZewb0R8jm/GESE4gfeiLtObe0bKXo8SVty5hNrIq06BbICXByJR99ux17psaNyp/dvZO7gkjKm3m30q7TfbZANlIwhv0XmqCz8S31ocJddFznWyK3nFau/Lvzpupi0Y+7yHkmcKiWYzZsjluQF90M5X5nIf2x4jj7WY0IkR2l41MOLk4NCQNIor6EyAXnHs78JBS3kY5p2x7t/cBpMDBmbgZePdfjGv/L4vFgYiG1wTZT77PWPA93GHueZWDGUkIvKbNriP/U+bShKnGjIfZttjerhzsFE1V/RctCFToqHkW39439nCj6eFpgUiLHkx/mAUPz/whKP+9x5I3/DQkgYZ7qA424Msdz2wXWNi3465Mtrf5XPsjWNReEWt9I29W19K5OLO9QQVrkgdioSCvxoHLvQypPscPkLVF8srzCVA6npUOrOuJ5zZcK1ax2/0v8= pbsds@frotbjoff"
|
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDX1n/zBp0Va5VPgUHDJ2tLhR8kzQmkWIdFNVy3WHMzfx2ppR0+ch05ksZ7VYp3ROSMpykdqcjDekM6fD+BJEaHx9MwmHlFgvIVyIVwMwqtheo1gAHW6InsF41c7VRv3dlZgX8ViM9kR6YxCsy8FLkwcRtnQkMnT24LpLvmI6dZA26jAmYvxDO0iSD+7jBf+k1MFJZMxg14tMIcqMnuUhR0OyfORslafM73MKSwFqPeNvJxTq96we5RNBoZfZ63LmAm+EJ/++xoCATWQuSnbrXzIC/tUfHLbn9JUE6OgbTLOCarf/aUQHD5jeevfmNu8DYwtjrqcQsjDt2RySTX1R0OgXDbJe+voOY+9a6mSkpYV37CL5rJGTZYFxLLlC2BZMhmhl/axsK/YGyki9z0zKey65MDl5GxOEaTmVqkextiLMp3qBxvCEOzE6/MsVrOkX/gbNglqFlCVPXxKDBsm5NM/KbqPFuntX+w9UReTAS8MBwBDLM3z0dqT8MaK400wmM= pbsds@noximilien"
|
|
#"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC7fYndgIXJM+tLSfkbprWc8ClOI58wlaZCg6I+wMYINeOwxLU24BmIyQAhNeqhHYBdXiyIAl5KN3+YajN1nx6zq2XPXLut31Xtf+0yMdRMX4rXgqOnsBeG4eTfNsPx+v7VNANth8dIADpk59Y9ioWB6JI6NF0wfkqrCSTpt2q9gpTA35MBe41hlaxqxYGq+PlfZyJbN4TJCORZROkjw1P6K+EoYUHTHmduMZSAnpzx5bTHL2r1VK1jLRL4q2O1LP9G7eVYUsZKxKznJqtAeoOGBL4OX2JeIXT51/pXTW0NNyVPELD6aUUZjK8aVK2JDXupXegYO8cHqwLaz7rZj3G8evGamSlGvAYR4Gwvvp4Du8ZRZVM3Gt1allhPMTLnm/gy9Lta35D8SHH0IUKWD3buo5HZliZgSMAvoSrT03vpuGILLoWEkTjpPT0qKIlBd/qlACBzKC9Wwmda5WWgMsfe0zP4zNLVdves5nkMrbY91TYSFM0FuDCaRsK5Mrhx7i0= root@noximilien"
|
|
#"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBHdkKmRB0WjD3L+k8GNTVJDLpOUqLBMW17ld/Jzapo6 pbsds@bolle"
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDpuDBMll1viLKd/wm1lCy9iozyKeXMBHDwhdJOpeRLe pbsds@nord"
|
|
#"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINnS1TmV9q7n+s7+RouuB6vQllnhqNCE1RqPmTMJ2/29 root@nord"
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOm2UFDD+qsnKvlBBZ/nhBqY9yeLewwF/bexD2SUL7E3 pbsds@sopp"
|
|
#"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL6eTQkxO/1XflHpGf3478+Z7HFYYaf1d4M6mvSK2nAU root@sopp"
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJVohqGMKp/UEZtb71RSBBXOEGX4o3lN5GYBlP7HEKbs root@brumlebasse"
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILocbYCqu63RT2+mE0l+ZWWw9RVHNcydtLXbLklg6oPe pederbs@pvv" # key has passwd
|
|
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIIGcGEhM6qo3ARAsHx8V/FhryVaG0gOLmL6J1NL3fyn user@pinebook"
|
|
];
|
|
};
|
|
|
|
#virtualisation.vmVariant = {
|
|
# users.users."pbsds".initialHashedPassword = "TODO";
|
|
#}
|
|
|
|
}
|