From 4a70846459d8ecd30a45967dfe2e90cc9ed3e21e Mon Sep 17 00:00:00 2001 From: CherryKitten Date: Sun, 24 Mar 2024 19:02:22 +0100 Subject: [PATCH] big changes again.. --- modules/common/default.nix | 6 +- modules/common/home.nix | 74 ------------------- modules/common/security.nix | 43 +++++++++++ modules/{common => }/nvim/default.nix | 0 modules/{common => }/nvim/keymap.lua | 0 modules/{common => }/nvim/options.lua | 0 modules/{common => }/nvim/plugins/conform.lua | 0 .../{common => }/nvim/plugins/dashboard.lua | 0 .../{common => }/nvim/plugins/neo-tree.lua | 0 modules/{common => }/nvim/plugins/noice.lua | 0 modules/users/default.nix | 19 +++++ modules/users/sammy.nix | 43 +++++++++++ users/sammy.nix | 43 +++++++++++ 13 files changed, 150 insertions(+), 78 deletions(-) delete mode 100644 modules/common/home.nix create mode 100644 modules/common/security.nix rename modules/{common => }/nvim/default.nix (100%) rename modules/{common => }/nvim/keymap.lua (100%) rename modules/{common => }/nvim/options.lua (100%) rename modules/{common => }/nvim/plugins/conform.lua (100%) rename modules/{common => }/nvim/plugins/dashboard.lua (100%) rename modules/{common => }/nvim/plugins/neo-tree.lua (100%) rename modules/{common => }/nvim/plugins/noice.lua (100%) create mode 100644 modules/users/default.nix create mode 100644 modules/users/sammy.nix create mode 100644 users/sammy.nix diff --git a/modules/common/default.nix b/modules/common/default.nix index a3a5ed5..19b7fed 100644 --- a/modules/common/default.nix +++ b/modules/common/default.nix @@ -5,14 +5,12 @@ ... }: { imports = [ - ../../users - ./home.nix + ../users + ./security.nix ./yubikey.nix ]; nix.settings.experimental-features = ["nix-command" "flakes"]; - services.openssh.enable = true; - networking.firewall.allowedTCPPorts = [22]; time.timeZone = "Europe/Berlin"; diff --git a/modules/common/home.nix b/modules/common/home.nix deleted file mode 100644 index a399b69..0000000 --- a/modules/common/home.nix +++ /dev/null @@ -1,74 +0,0 @@ -{ - lib, - config, - pkgs, - ... -}: { - home-manager.useGlobalPkgs = true; - home-manager.users.sammy = { - imports = [./nvim]; - home.username = "sammy"; - home.homeDirectory = "/home/sammy"; - home.stateVersion = "23.11"; # Please read the comment before changing. - home.packages = with pkgs; [ - bat - lsd - gnupg - kitty - tmux - ]; - - programs = { - home-manager.enable = true; - - git = { - enable = true; - userName = "CherryKitten"; - userEmail = "git@cherrykitten.dev"; - signing.key = "0xC01A7CBBA617BD5F"; - signing.signByDefault = true; - extraConfig = { - init = {defaultBranch = "main";}; - core = {editor = "nvim";}; - pull.rebase = true; - }; - }; - - nushell = { - enable = true; - }; - }; - - # Home Manager is pretty good at managing dotfiles. The primary way to manage - # plain files is through 'home.file'. - home.file = { - # # Building this configuration will create a copy of 'dotfiles/screenrc' in - # # the Nix store. Activating the configuration will then make '~/.screenrc' a - # # symlink to the Nix store copy. - # ".screenrc".source = dotfiles/screenrc; - - # # You can also set the file content immediately. - # ".gradle/gradle.properties".text = '' - # org.gradle.console=verbose - # org.gradle.daemon.idletimeout=3600000 - # ''; - }; - - # Home Manager can also manage your environment variables through - # 'home.sessionVariables'. If you don't want to manage your shell through Home - # Manager then you have to manually source 'hm-session-vars.sh' located at - # either - # - # ~/.nix-profile/etc/profile.d/hm-session-vars.sh - # - # or - # - # /etc/profiles/per-user/sammy/etc/profile.d/hm-session-vars.sh - # - home.sessionVariables = { - EDITOR = "nvim"; - }; - - # Let Home Manager install and manage itself. - }; -} diff --git a/modules/common/security.nix b/modules/common/security.nix new file mode 100644 index 0000000..f47b547 --- /dev/null +++ b/modules/common/security.nix @@ -0,0 +1,43 @@ +{pkgs, ...}: { + networking.firewall.allowedTCPPorts = [22]; + + services.openssh = { + enable = true; + banner = "nyanya :3"; + logLevel = "VERBOSE"; + settings = { + PermitRootLogin = "no"; + PasswordAuthentication = false; + Macs = [ + "hmac-sha2-512" + "hmac-sha2-256" + ]; + KexAlgorithms = [ + "sntrup761x25519-sha512@openssh.com" + "curve25519-sha256" + "curve25519-sha256@libssh.org" + "diffie-hellman-group-exchange-sha256" + ]; + Ciphers = [ + "aes256-gcm@openssh.com" + "aes128-gcm@openssh.com" + "aes256-ctr" + "aes192-ctr" + "aes128-ctr" + ]; + }; + }; + + security = { + sudo = { + enable = true; + wheelNeedsPassword = false; + keepTerminfo = true; + }; + }; + + services.fail2ban = { + enable = true; + maxretry = 5; + }; +} diff --git a/modules/common/nvim/default.nix b/modules/nvim/default.nix similarity index 100% rename from modules/common/nvim/default.nix rename to modules/nvim/default.nix diff --git a/modules/common/nvim/keymap.lua b/modules/nvim/keymap.lua similarity index 100% rename from modules/common/nvim/keymap.lua rename to modules/nvim/keymap.lua diff --git a/modules/common/nvim/options.lua b/modules/nvim/options.lua similarity index 100% rename from modules/common/nvim/options.lua rename to modules/nvim/options.lua diff --git a/modules/common/nvim/plugins/conform.lua b/modules/nvim/plugins/conform.lua similarity index 100% rename from modules/common/nvim/plugins/conform.lua rename to modules/nvim/plugins/conform.lua diff --git a/modules/common/nvim/plugins/dashboard.lua b/modules/nvim/plugins/dashboard.lua similarity index 100% rename from modules/common/nvim/plugins/dashboard.lua rename to modules/nvim/plugins/dashboard.lua diff --git a/modules/common/nvim/plugins/neo-tree.lua b/modules/nvim/plugins/neo-tree.lua similarity index 100% rename from modules/common/nvim/plugins/neo-tree.lua rename to modules/nvim/plugins/neo-tree.lua diff --git a/modules/common/nvim/plugins/noice.lua b/modules/nvim/plugins/noice.lua similarity index 100% rename from modules/common/nvim/plugins/noice.lua rename to modules/nvim/plugins/noice.lua diff --git a/modules/users/default.nix b/modules/users/default.nix new file mode 100644 index 0000000..5b4baa4 --- /dev/null +++ b/modules/users/default.nix @@ -0,0 +1,19 @@ +{ + lib, + config, + pkgs, + ... +}: { + users.users = { + sammy = { + isNormalUser = true; + extraGroups = ["networkmanager" "wheel" "docker"]; + shell = pkgs.nushell; + }; + }; + + home-manager.useGlobalPkgs = true; + home-manager.users = { + sammy.imports = [./sammy.nix]; + }; +} diff --git a/modules/users/sammy.nix b/modules/users/sammy.nix new file mode 100644 index 0000000..52dd751 --- /dev/null +++ b/modules/users/sammy.nix @@ -0,0 +1,43 @@ +{ + lib, + config, + pkgs, + ... +}: { + imports = [../nvim]; + home.username = "sammy"; + home.homeDirectory = "/home/sammy"; + home.stateVersion = "23.11"; # Please read the comment before changing. + home.packages = with pkgs; [ + bat + lsd + gnupg + kitty + tmux + ]; + + programs = { + home-manager.enable = true; + + git = { + enable = true; + userName = "CherryKitten"; + userEmail = "git@cherrykitten.dev"; + signing.key = "0xC01A7CBBA617BD5F"; + signing.signByDefault = true; + extraConfig = { + init = {defaultBranch = "main";}; + core = {editor = "nvim";}; + pull.rebase = true; + }; + }; + + nushell = { + enable = true; + }; + }; + + home.sessionVariables = { + EDITOR = "nvim"; + }; +} diff --git a/users/sammy.nix b/users/sammy.nix new file mode 100644 index 0000000..2e9db94 --- /dev/null +++ b/users/sammy.nix @@ -0,0 +1,43 @@ +{ + lib, + config, + pkgs, + ... +}: { + imports = [./nvim]; + home.username = "sammy"; + home.homeDirectory = "/home/sammy"; + home.stateVersion = "23.11"; # Please read the comment before changing. + home.packages = with pkgs; [ + bat + lsd + gnupg + kitty + tmux + ]; + + programs = { + home-manager.enable = true; + + git = { + enable = true; + userName = "CherryKitten"; + userEmail = "git@cherrykitten.dev"; + signing.key = "0xC01A7CBBA617BD5F"; + signing.signByDefault = true; + extraConfig = { + init = {defaultBranch = "main";}; + core = {editor = "nvim";}; + pull.rebase = true; + }; + }; + + nushell = { + enable = true; + }; + }; + + home.sessionVariables = { + EDITOR = "nvim"; + }; +}