big changes again..
This commit is contained in:
parent
87be395fcc
commit
4a70846459
13 changed files with 150 additions and 78 deletions
|
@ -5,14 +5,12 @@
|
|||
...
|
||||
}: {
|
||||
imports = [
|
||||
../../users
|
||||
./home.nix
|
||||
../users
|
||||
./security.nix
|
||||
./yubikey.nix
|
||||
];
|
||||
|
||||
nix.settings.experimental-features = ["nix-command" "flakes"];
|
||||
services.openssh.enable = true;
|
||||
networking.firewall.allowedTCPPorts = [22];
|
||||
|
||||
time.timeZone = "Europe/Berlin";
|
||||
|
||||
|
|
|
@ -1,74 +0,0 @@
|
|||
{
|
||||
lib,
|
||||
config,
|
||||
pkgs,
|
||||
...
|
||||
}: {
|
||||
home-manager.useGlobalPkgs = true;
|
||||
home-manager.users.sammy = {
|
||||
imports = [./nvim];
|
||||
home.username = "sammy";
|
||||
home.homeDirectory = "/home/sammy";
|
||||
home.stateVersion = "23.11"; # Please read the comment before changing.
|
||||
home.packages = with pkgs; [
|
||||
bat
|
||||
lsd
|
||||
gnupg
|
||||
kitty
|
||||
tmux
|
||||
];
|
||||
|
||||
programs = {
|
||||
home-manager.enable = true;
|
||||
|
||||
git = {
|
||||
enable = true;
|
||||
userName = "CherryKitten";
|
||||
userEmail = "git@cherrykitten.dev";
|
||||
signing.key = "0xC01A7CBBA617BD5F";
|
||||
signing.signByDefault = true;
|
||||
extraConfig = {
|
||||
init = {defaultBranch = "main";};
|
||||
core = {editor = "nvim";};
|
||||
pull.rebase = true;
|
||||
};
|
||||
};
|
||||
|
||||
nushell = {
|
||||
enable = true;
|
||||
};
|
||||
};
|
||||
|
||||
# Home Manager is pretty good at managing dotfiles. The primary way to manage
|
||||
# plain files is through 'home.file'.
|
||||
home.file = {
|
||||
# # Building this configuration will create a copy of 'dotfiles/screenrc' in
|
||||
# # the Nix store. Activating the configuration will then make '~/.screenrc' a
|
||||
# # symlink to the Nix store copy.
|
||||
# ".screenrc".source = dotfiles/screenrc;
|
||||
|
||||
# # You can also set the file content immediately.
|
||||
# ".gradle/gradle.properties".text = ''
|
||||
# org.gradle.console=verbose
|
||||
# org.gradle.daemon.idletimeout=3600000
|
||||
# '';
|
||||
};
|
||||
|
||||
# Home Manager can also manage your environment variables through
|
||||
# 'home.sessionVariables'. If you don't want to manage your shell through Home
|
||||
# Manager then you have to manually source 'hm-session-vars.sh' located at
|
||||
# either
|
||||
#
|
||||
# ~/.nix-profile/etc/profile.d/hm-session-vars.sh
|
||||
#
|
||||
# or
|
||||
#
|
||||
# /etc/profiles/per-user/sammy/etc/profile.d/hm-session-vars.sh
|
||||
#
|
||||
home.sessionVariables = {
|
||||
EDITOR = "nvim";
|
||||
};
|
||||
|
||||
# Let Home Manager install and manage itself.
|
||||
};
|
||||
}
|
43
modules/common/security.nix
Normal file
43
modules/common/security.nix
Normal file
|
@ -0,0 +1,43 @@
|
|||
{pkgs, ...}: {
|
||||
networking.firewall.allowedTCPPorts = [22];
|
||||
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
banner = "nyanya :3";
|
||||
logLevel = "VERBOSE";
|
||||
settings = {
|
||||
PermitRootLogin = "no";
|
||||
PasswordAuthentication = false;
|
||||
Macs = [
|
||||
"hmac-sha2-512"
|
||||
"hmac-sha2-256"
|
||||
];
|
||||
KexAlgorithms = [
|
||||
"sntrup761x25519-sha512@openssh.com"
|
||||
"curve25519-sha256"
|
||||
"curve25519-sha256@libssh.org"
|
||||
"diffie-hellman-group-exchange-sha256"
|
||||
];
|
||||
Ciphers = [
|
||||
"aes256-gcm@openssh.com"
|
||||
"aes128-gcm@openssh.com"
|
||||
"aes256-ctr"
|
||||
"aes192-ctr"
|
||||
"aes128-ctr"
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
security = {
|
||||
sudo = {
|
||||
enable = true;
|
||||
wheelNeedsPassword = false;
|
||||
keepTerminfo = true;
|
||||
};
|
||||
};
|
||||
|
||||
services.fail2ban = {
|
||||
enable = true;
|
||||
maxretry = 5;
|
||||
};
|
||||
}
|
19
modules/users/default.nix
Normal file
19
modules/users/default.nix
Normal file
|
@ -0,0 +1,19 @@
|
|||
{
|
||||
lib,
|
||||
config,
|
||||
pkgs,
|
||||
...
|
||||
}: {
|
||||
users.users = {
|
||||
sammy = {
|
||||
isNormalUser = true;
|
||||
extraGroups = ["networkmanager" "wheel" "docker"];
|
||||
shell = pkgs.nushell;
|
||||
};
|
||||
};
|
||||
|
||||
home-manager.useGlobalPkgs = true;
|
||||
home-manager.users = {
|
||||
sammy.imports = [./sammy.nix];
|
||||
};
|
||||
}
|
43
modules/users/sammy.nix
Normal file
43
modules/users/sammy.nix
Normal file
|
@ -0,0 +1,43 @@
|
|||
{
|
||||
lib,
|
||||
config,
|
||||
pkgs,
|
||||
...
|
||||
}: {
|
||||
imports = [../nvim];
|
||||
home.username = "sammy";
|
||||
home.homeDirectory = "/home/sammy";
|
||||
home.stateVersion = "23.11"; # Please read the comment before changing.
|
||||
home.packages = with pkgs; [
|
||||
bat
|
||||
lsd
|
||||
gnupg
|
||||
kitty
|
||||
tmux
|
||||
];
|
||||
|
||||
programs = {
|
||||
home-manager.enable = true;
|
||||
|
||||
git = {
|
||||
enable = true;
|
||||
userName = "CherryKitten";
|
||||
userEmail = "git@cherrykitten.dev";
|
||||
signing.key = "0xC01A7CBBA617BD5F";
|
||||
signing.signByDefault = true;
|
||||
extraConfig = {
|
||||
init = {defaultBranch = "main";};
|
||||
core = {editor = "nvim";};
|
||||
pull.rebase = true;
|
||||
};
|
||||
};
|
||||
|
||||
nushell = {
|
||||
enable = true;
|
||||
};
|
||||
};
|
||||
|
||||
home.sessionVariables = {
|
||||
EDITOR = "nvim";
|
||||
};
|
||||
}
|
43
users/sammy.nix
Normal file
43
users/sammy.nix
Normal file
|
@ -0,0 +1,43 @@
|
|||
{
|
||||
lib,
|
||||
config,
|
||||
pkgs,
|
||||
...
|
||||
}: {
|
||||
imports = [./nvim];
|
||||
home.username = "sammy";
|
||||
home.homeDirectory = "/home/sammy";
|
||||
home.stateVersion = "23.11"; # Please read the comment before changing.
|
||||
home.packages = with pkgs; [
|
||||
bat
|
||||
lsd
|
||||
gnupg
|
||||
kitty
|
||||
tmux
|
||||
];
|
||||
|
||||
programs = {
|
||||
home-manager.enable = true;
|
||||
|
||||
git = {
|
||||
enable = true;
|
||||
userName = "CherryKitten";
|
||||
userEmail = "git@cherrykitten.dev";
|
||||
signing.key = "0xC01A7CBBA617BD5F";
|
||||
signing.signByDefault = true;
|
||||
extraConfig = {
|
||||
init = {defaultBranch = "main";};
|
||||
core = {editor = "nvim";};
|
||||
pull.rebase = true;
|
||||
};
|
||||
};
|
||||
|
||||
nushell = {
|
||||
enable = true;
|
||||
};
|
||||
};
|
||||
|
||||
home.sessionVariables = {
|
||||
EDITOR = "nvim";
|
||||
};
|
||||
}
|
Loading…
Reference in a new issue