v/infrastructure
1
0
Fork 0
Code Issues 13 Pull requests 1 Projects Releases Packages Activity Actions

chore(deps): update renovate/renovate docker tag to v37.68.4 #218

Open
renovate wants to merge 1976 commits from renovate/renovate-renovate-37.x into main
pull from: renovate/renovate-renovate-37.x
merge into: v:main
Conversation 1 Commits 1976 Files changed 188 +729 -110
10 changed files with 729 additions and 110 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files
Showing only changes of commit 42fd6e087c - Show all commits

47
common/default.nix Normal file
View file

@ -0,0 +1,47 @@
# Common/default.nix
# Inputs for this module, we don't use anything so can be empty.
{ ... }:
{
imports = [
# User account definitions
./users
./services
];
# Clean /tmp on boot.
boot.cleanTmpDir = true;
# Set your time zone.
time.timeZone = "Europe/Amsterdam";
# Nix Settings
nix = {
package = pkgs.nixUnstable;
autoOptimiseStore = true;
binaryCaches = [
"https://cachix.cachix.org"
"https://nix-community.cachix.org"
"https://nixpkgs-review-bot.cachix.org"
];
binaryCachePublicKeys = [
"cachix.cachix.org-1:eWNHQldwUO7G2VkjpnjDbWwy4KQ/HNxht7H4SSoMckM="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"nixpkgs-review-bot.cachix.org-1:eppgiDjPk7Hkzzz7XlUesk3rcEHqNDozGOrcLc8IqwE="
];
trustedUsers = [ "root" "victor" ];
extraOptions = ''
experimental-features = nix-command flakes
'';
};
nixpkgs.config.allowUnfree = true;
# Limit the systemd journal to 100 MB of disk or the
# last 7 days of logs, whichever happens first.
services.journald.extraConfig = ''
SystemMaxUse=100M
MaxFileSec=7day
'';
}

18
common/generic-lxc.nix Normal file
View file

@ -0,0 +1,18 @@
{ ... }: {
# See also: https://blog.xirion.net/posts/nixos-proxmox-lxc/
# Import nixos lxc config
imports = [
<nixpkgs/nixos/modules/virtualisation/lxc-container.nix>
];
# Supress systemd services that don't work (correctly) on LXC
systemd.suppressedSystemUnits = [
"dev-mqueue.mount"
"sys-kernel-debug.mount"
"sys-fs-fuse-connections.mount"
];
# Enable SSH daemon support.
services.openssh.enable = true;
}

14
common/generic-vm.nix Normal file
View file

@ -0,0 +1,14 @@
{ lib, ... }: {
# The global useDHCP flag is deprecated, therefore explicitly set to false here.
# Per-interface useDHCP will be mandatory in the future, so this generated config
# replicates the default behaviour.
networking.useDHCP = false;
networking.interfaces.ens18.useDHCP = lib.mkDefault true;
# Enable the OpenSSH daemon.
services.openssh.enable = true;
services.openssh.permitRootLogin = lib.mkDefault "yes";
# Enable qemu guest agent
services.qemuGuest.enable = true;
}

8
common/services/default.nix Normal file
View file

@ -0,0 +1,8 @@
{ config, lib, pkgs, ... }:
{
imports = [
./flood.nix
./unpackerr.nix
./vmagent.nix
];
}

150
common/services/flood.nix Normal file
View file

@ -0,0 +1,150 @@
{ config, pkgs, lib, ... }:
with lib;
let cfg = config.services.flood;
in
{
options.services.flood = {
enable = mkEnableOption "flood";
user = mkOption {
default = "flood";
type = types.str;
description = ''
User account under which flood runs.
'';
};
group = mkOption {
type = types.str;
default = "rtorrent";
description = ''
Group under which flood runs.
Flood needs to have the correct permissions if accessing rtorrent through the socket.
'';
};
package = mkOption {
type = types.package;
default = pkgs.flood;
defaultText = "pkgs.flood";
description = ''
The flood package to use.
'';
};
host = mkOption {
type = types.str;
default = "127.0.0.1";
description = ''
Address flood binds to.
'';
};
port = mkOption {
type = types.port;
default = 3000;
description = ''
The flood web port.
'';
};
openFirewall = mkOption {
type = types.bool;
default = false;
description = ''
Whether to open the firewall for the port in <option>services.flood.port</option>.
'';
};
rpcSocket = mkOption {
type = types.str;
readOnly = true;
default = "/run/rtorrent/rpc.sock";
description = ''
RPC socket path.
(Only used when auth=none).
'';
};
dataDir = mkOption {
type = types.str;
default = "/var/lib/flood";
description = ''
The directory where flood stores its data files.
'';
};
downloadDir = mkOption {
type = types.str;
default = "/var/lib/rtorrent/download";
description = ''
Root directory for downloaded files.
'';
};
authMode = mkOption {
type = types.str;
default = "none";
description = ''
Access control and user management method.
Either 'default' or 'none'.
'';
};
ssl = mkOption {
type = types.bool;
default = false;
description = ''
Enable SSL.
key.pem and fullchain.pem needed in runtime directory.
'';
};
baseURI = mkOption {
type = types.str;
default = "/";
description = ''
This URI will prefix all of Flood's HTTP requests
'';
};
};
config = mkIf cfg.enable {
# Create group if set to default
users.groups = mkIf (cfg.group == "rtorrent") {
rtorrent = { };
};
# Create user if set to default
users.users = mkIf (cfg.user == "flood") {
flood = {
group = cfg.group;
shell = pkgs.bashInteractive;
home = cfg.dataDir;
description = "flood Daemon user";
isSystemUser = true;
};
};
# Open firewall if option is set to do so.
networking.firewall.allowedTCPPorts = mkIf (cfg.openFirewall) [ cfg.port ];
# The actual service
systemd.services.flood = {
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
description = "flood system service";
serviceConfig = {
User = cfg.user;
Group = cfg.group;
Type = "simple";
Restart = "on-failure";
WorkingDirectory = cfg.dataDir;
ExecStart = "${cfg.package}/bin/flood --baseuri ${cfg.baseURI} --rundir ${cfg.dataDir} --host ${cfg.host} --port ${toString cfg.port} ${if cfg.ssl then "--ssl" else ""} --auth ${cfg.authMode} --rtsocket ${cfg.rpcSocket} --allowedpath ${cfg.downloadDir}";
};
};
# This is needed to create the dataDir with the correct permissions.
systemd.tmpfiles.rules = [ "d '${cfg.dataDir}' 0755 ${cfg.user} ${cfg.group} -" ];
};
}

307
common/services/unpackerr.nix Normal file
View file

@ -0,0 +1,307 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.services.unpackerr;
mkStarrOptions = { name, url }: {
url = mkOption {
type = types.str;
default = "";
example = "${url}";
description = ''
The URL to access ${name}
'';
};
apiKey = mkOption {
type = types.str;
default = "";
description = ''
The API key for accessing ${name}
'';
};
paths = mkOption {
type = types.str;
default = "";
example = "/downloads,/moreDownloads";
description = ''
List of paths where content is downloaded for ${name}
'';
};
protocols = mkOption {
type = types.str;
default = "torrent";
example = "torrent,usenet";
description = ''
Protocols to process
'';
};
timeout = mkOption {
type = types.str;
default = "10s";
description = ''
How long to wait for ${name} to respond
'';
};
deleteOrginal = mkOption {
type = types.bool;
default = false;
description = ''
Delete archives after import?
Recommend not setting this to true
'';
};
deleteDelay = mkOption {
type = types.str;
default = "5m";
description = ''
Extracts are deleted this long after import. `-1` to disable.
'';
};
};
in
{
options.services.unpackerr = {
enable = mkEnableOption "unpackerr";
user = mkOption {
default = "unpackerr";
type = types.str;
description = ''
User account under which unpackerr runs.
'';
};
group = mkOption {
type = types.str;
default = "unpackerr";
description = ''
Group under which unpackerr runs.
'';
};
package = mkOption {
type = types.package;
default = pkgs.unpackerr;
defaultText = "pkgs.unpackerr";
description = ''
The unpackerr package to use.
'';
};
debug = mkOption {
type = types.bool;
default = false;
description = ''
Turns on more logs.
'';
};
interval = mkOption {
type = types.str;
default = "2m";
description = ''
How often apps are polled, recommended 1m to 5m
'';
};
startDelay = mkOption {
type = types.str;
default = "1m";
description = ''
Files are queued at least this long before extraction
'';
};
retryDelay = mkOption {
type = types.str;
default = "5m";
description = ''
Failed extractions are retried after at least this long
'';
};
maxRetries = mkOption {
type = types.int;
default = 3;
description = ''
Times to retry failed extractions. `0` = unlimited.
'';
};
parallel = mkOption {
type = types.int;
default = 1;
description = ''
Concurrent extractions, 1 is recommended.
'';
};
fileMode = mkOption {
type = types.str;
default = "0644";
description = ''
Extracted files are written with this mode
'';
};
dirMode = mkOption {
type = types.str;
default = "0755";
description = ''
Extracted folders are written with this mode
'';
};
sonarr = mkStarrOptions { name = "Sonarr"; url = "http://localhost:8989"; };
radarr = mkStarrOptions { name = "Radarr"; url = "http://localhost:7878"; };
lidarr = mkStarrOptions { name = "Lidarr"; url = "http://localhost:8686"; };
readarr = mkStarrOptions { name = "Readarr"; url = "http://localhost:8787"; };
folder = {
path = mkOption {
type = types.str;
default = "";
description = ''
folder path, not for Starr apps.
'';
};
extractPath = mkOption {
type = types.str;
default = "";
description = ''
Where to extract to, Defaults to <option>services.unpackerr.folder.path</option>.
'';
};
deleteAfter = mkOption {
type = types.str;
default = "";
example = "10m";
description = ''
Delete extracted files and/or archives after this duration, `0` to disable.
'';
};
deleteOrginal = mkOption {
type = types.bool;
default = false;
description = ''
Delete archives after extraction
'';
};
deleteFiles = mkOption {
type = types.bool;
default = false;
description = ''
Delete extracted files after successful extraction
'';
};
moveBack = mkOption {
type = types.bool;
default = false;
description = ''
Move extracted items back into original folder
'';
};
};
extraConfig = mkOption {
type = types.attrs;
default = {};
description = ''
Extra environment variables
'';
example = {
UN_WEBHOOK_0_URL = "http://example.com";
};
};
};
config = mkIf cfg.enable {
# Create group if set to default
users.groups = mkIf (cfg.group == "unpackerr") {
unpackerr = { };
};
# Create user if set to default
users.users = mkIf (cfg.user == "unpackerr") {
unpackerr = {
group = cfg.group;
shell = pkgs.bashInteractive;
createHome = false;
description = "unpackerr Daemon user";
isSystemUser = true;
};
};
# The actual service
systemd.services.unpackerr = {
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
description = "unpackerr system service";
# Filter out all unset variables else unpackerr complains
environment = filterAttrs (n: v: stringLength v > 0) {
# General options
UN_DEBUG = "${toString cfg.debug}";
UN_INTERVAL = "${cfg.interval}";
UN_START_DELAY = "${cfg.startDelay}";
UN_RETRY_DELAY = "${cfg.retryDelay}";
UN_MAX_RETRIES = "${toString cfg.maxRetries}";
UN_PARALLEL = "${toString cfg.parallel}";
UN_FILE_MODE = "${cfg.fileMode}";
UN_DIR_MODE = "${cfg.dirMode}";
# Sonarr
UN_SONARR_0_URL = "${cfg.sonarr.url}";
UN_SONARR_0_API_KEY = "${cfg.sonarr.apiKey}";
UN_SONARR_0_PATHS_0 = "${cfg.sonarr.paths}";
UN_SONARR_0_PROTOCOLS = "${cfg.sonarr.protocols}";
UN_SONARR_0_TIMEOUT = "${cfg.sonarr.timeout}";
UN_SONARR_0_DELETE_ORIG = "${toString cfg.sonarr.deleteOrginal}";
UN_SONARR_0_DELETE_DELAY = "${cfg.sonarr.deleteDelay}";
# Radarr
UN_RADARR_0_URL = "${cfg.radarr.url}";
UN_RADARR_0_API_KEY = "${cfg.radarr.apiKey}";
UN_RADARR_0_PATHS_0 = "${cfg.radarr.paths}";
UN_RADARR_0_PROTOCOLS = "${cfg.radarr.protocols}";
UN_RADARR_0_TIMEOUT = "${cfg.radarr.timeout}";
UN_RADARR_0_DELETE_ORIG = "${toString cfg.radarr.deleteOrginal}";
UN_RADARR_0_DELETE_DELAY = "${cfg.radarr.deleteDelay}";
# Lidarr
UN_LIDARR_0_URL = "${cfg.lidarr.url}";
UN_LIDARR_0_API_KEY = "${cfg.lidarr.apiKey}";
UN_LIDARR_0_PATHS_0 = "${cfg.lidarr.paths}";
UN_LIDARR_0_PROTOCOLS = "${cfg.lidarr.protocols}";
UN_LIDARR_0_TIMEOUT = "${cfg.lidarr.timeout}";
UN_LIDARR_0_DELETE_ORIG = "${toString cfg.lidarr.deleteOrginal}";
UN_LIDARR_0_DELETE_DELAY = "${cfg.lidarr.deleteDelay}";
# Readarr
UN_READARR_0_URL = "${cfg.readarr.url}";
UN_READARR_0_API_KEY = "${cfg.readarr.apiKey}";
UN_READARR_0_PATHS_0 = "${cfg.readarr.paths}";
UN_READARR_0_PROTOCOLS = "${cfg.readarr.protocols}";
UN_READARR_0_TIMEOUT = "${cfg.readarr.timeout}";
UN_READARR_0_DELETE_ORIG = "${toString cfg.readarr.deleteOrginal}";
UN_READARR_0_DELETE_DELAY = "${cfg.readarr.deleteDelay}";
# Folder
UN_FOLDER_0_PATH = "${cfg.folder.path}";
UN_FOLDER_0_EXTRACT_PATH = "${cfg.folder.extractPath}";
UN_FOLDER_0_DELETE_AFTER = "${cfg.folder.deleteAfter}";
UN_FOLDER_0_DELETE_ORIGINAL = "${toString cfg.folder.deleteOrginal}";
UN_FOLDER_0_DELETE_FILES = "${toString cfg.folder.deleteFiles}";
UN_FOLDER_0_MOVE_BACK = "${toString cfg.folder.moveBack}";
} // cfg.extraConfig;
serviceConfig = {
User = cfg.user;
Group = cfg.group;
Type = "simple";
Restart = "on-failure";
ExecStart = "${cfg.package}/bin/unpackerr";
};
};
};
}

114
common/services/vmagent.nix Normal file
View file

@ -0,0 +1,114 @@
{ config, pkgs, lib, ... }:
with lib;
let cfg = config.services.vmagent;
in
{
options.services.vmagent = {
enable = mkEnableOption "vmagent";
user = mkOption {
default = "vmagent";
type = types.str;
description = ''
User account under which vmagent runs.
'';
};
group = mkOption {
type = types.str;
default = "vmagent";
description = ''
Group under which vmagent runs.
'';
};
package = mkOption {
default = pkgs.v.vmagent;
defaultText = "pkgs.v.vmagent";
type = types.package;
description = ''
vmagent package to use.
'';
};
dataDir = mkOption {
type = types.str;
default = "/var/lib/vmagent";
description = ''
The directory where vmagent stores its data files.
'';
};
remoteWriteUrl = mkOption {
default = "http://localhost:8428/api/v1/write";
type = types.str;
description = ''
The remote storage endpoint such as VictoriaMetrics
'';
};
prometheusConfig = mkOption {
default = "";
type = types.str;
example = ''
global:
scrape_interval: 5s
scrape_configs:
- job_name: 'apache'
static_configs:
- targets: ['apache-exporter:9117']
'';
description = ''
Config for prometheus style metrics
'';
};
openFirewall = mkOption {
type = types.bool;
default = false;
description = ''
Whether to open the firewall for the default ports.
'';
};
};
config = mkIf cfg.enable {
# Create group if set to default
users.groups = mkIf (cfg.group == "vmagent") {
vmagent = { };
};
# Create user if set to default
users.users = mkIf (cfg.user == "vmagent") {
vmagent = {
group = cfg.group;
shell = pkgs.bashInteractive;
description = "vmagent Daemon user";
home = cfg.dataDir;
isSystemUser = true;
};
};
# Open firewall if option is set to do so.
networking.firewall.allowedTCPPorts = mkIf (cfg.openFirewall) [ 8429 ];
# The actual service
systemd.services.vmagent = let
prometheusConfig = pkgs.writeText "prometheus.yml" cfg.prometheusConfig;
in {
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
description = "vmagent system service";
serviceConfig = {
User = cfg.user;
Group = cfg.group;
Type = "simple";
Restart = "on-failure";
WorkingDirectory = cfg.dataDir;
ExecStart = "${cfg.package}/bin/vmagent -remoteWrite.url=${cfg.remoteWriteUrl} -promscrape.config=${prometheusConfig}";
};
};
systemd.tmpfiles.rules = [ "d '${cfg.dataDir}' 0755 ${cfg.user} ${cfg.group} -" ];
};
}

65
common/users/default.nix Normal file
View file

@ -0,0 +1,65 @@
# common/users/default.nix
# Inputs to this NixOS module, in this case we are
# using `pkgs` so we can have some user specific packages and config
# to configure the root ssh key.
{ config, pkgs, ... }:
{
# Setup ZSH to use grml config
programs.zsh = {
enable = true;
enableCompletion = true;
syntaxHighlighting.enable = true;
interactiveShellInit = ''
source "${pkgs.grml-zsh-config}/etc/zsh/zshrc"
source "${pkgs.fzf}/share/fzf/key-bindings.zsh"
source "${pkgs.fzf}/share/fzf/completion.zsh"
eval "$(${pkgs.zoxide}/bin/zoxide init zsh)"
'';
# otherwise it'll override the grml prompt
promptInit = "";
};
environment.pathsToLink = [ "/share/zsh" ];
# Disable sudo prompt for `wheel` users.
security.sudo.wheelNeedsPassword = false;
# The block that specifies my user account.
users.extraUsers.victor = {
# This account is intended for a non-system user.
isNormalUser = true;
# My default shell
shell = pkgs.zsh;
# My SSH keys.
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDC3alaexJkUAi/81weIGGTNrkRf+x0UT0wTWNENOc8bakmgzPg0STopCwHYAHoNHDC1dorVpVfCqWsAx9ta9KOCvqo3BS7rOWlASSna2fejvnNZAy6yzdvWq8Bclg7U40ic8ubnLw7l9nompHk7kzwVN6a6wqVfM5aefEXpaE4rlXu56yF81RR1TaWMnTvD7JMzyeDHt29DPdw+/ivOy3SXC8lUOukQLycNYduBO911gegkKH7mRNrqgYCuV6PF38CZPAhboC0JbpMKsiHInfY6iTrST035JIuVfEG0oRlW7BSsSfafPBlstyvf63mjjCJ13/47PyvkxWB47UYtYUjtQvrlzQtGlxyljyARL6x6RC6WY2Hluej4kWRVrJNRtDZAx+AeYa2jgUeD+RWPUQuXYLXs+0F1A7/y/m3FiuBMpB6neptX/jRY7aI1XDZiO23Pyui0pCsl9c8PQFltwvL1N32miRGhA/2DPhrKgpLRcRNglwRPZSkc+3er1cuUrs= victor@eevee"
"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAjJmG5W+uO+KTOmzknOfzkjbCtOCpO9tSxLN2BG6hxCsKPN1U31WDiajeHrZFselpWG80710Ne3wAlWduU3aUTeXdms0N99F7CbIFHXRqU0aEu4FN3WDuv0bRLoc+Ern9V7R4DvtxyNFd66yLzvzfT2/0nudiIkWV6W8qF4W6wJF+/TVTYcwZzVTBfpqUG9LMyMB1e6c0DYISmIGT0Q5s0sb2Hrs5Xa2Q7vgAevHJJzPojGQ+zcK/nHos4/glnDGoj9iyj55zB48LycLxjpFL9GAZfBZPi0SXVRy3gEVPkeger0e4OSumYiEbZhcV3MdtffSIHmq3ehgXi0FyBeMhsw== victor@xirion.net"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMMbdjysLnmwJD5Fs/SjBPstdIQNUxy8zFHP0GlhHMJB victor@bastion"
];
# Make me admin
extraGroups = [ "wheel" ];
};
# Configure the root account
users.extraUsers.root = {
# Allow my SSH keys for logging in as root.
openssh.authorizedKeys.keys = config.users.users.victor.openssh.authorizedKeys.keys;
# Also use zsh for root
shell = pkgs.zsh;
};
# Setup packages available everywhere
environment.systemPackages = with pkgs; [
fzf
git
htop
rsync
neovim
zoxide
];
}

6
flake.nix
View file

@ -9,17 +9,15 @@
modules = [ ./hosts/bastion/configuration.nix ];
};
deploy.nodes.bastion = {
deploy.nodes.bastion = {
hostname = "localhost";
fastConnection = true;
profiles.system = {
user = "root";
path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.bastion;
};
};
checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib;
checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib;
};
}

110
hosts/bastion/configuration.nix
View file

@ -6,104 +6,23 @@
{
imports =
[ # Include the results of the hardware scan.
[
../../common
../../common/generic-vim.nix
# Include the results of the hardware scan.
./hardware-configuration.nix
];
# Use the GRUB 2 boot loader.
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
# boot.loader.grub.efiSupport = true;
# boot.loader.grub.efiInstallAsRemovable = true;
# boot.loader.efi.efiSysMountPoint = "/boot/efi";
# Define on which hard drive you want to install Grub.
boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only
networking.hostName = "bastion"; # Define your hostname.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# Set your time zone.
time.timeZone = "Europe/Amsterdam";
# The global useDHCP flag is deprecated, therefore explicitly set to false here.
# Per-interface useDHCP will be mandatory in the future, so this generated config
# replicates the default behaviour.
networking.useDHCP = false;
networking.interfaces.ens18.useDHCP = true;
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Select internationalisation properties.
# i18n.defaultLocale = "en_US.UTF-8";
# console = {
# font = "Lat2-Terminus16";
# keyMap = "us";
# };
# Enable the X11 windowing system.
# services.xserver.enable = true;
security.sudo.wheelNeedsPassword = false;
# Configure keymap in X11
# services.xserver.layout = "us";
# services.xserver.xkbOptions = "eurosign:e";
# Enable CUPS to print documents.
# services.printing.enable = true;
# Enable sound.
# sound.enable = true;
# hardware.pulseaudio.enable = true;
# Enable touchpad support (enabled default in most desktopManager).
# services.xserver.libinput.enable = true;
# Define a user account. Don't forget to set a password with passwd.
# users.users.jane = {
# isNormalUser = true;
# extraGroups = [ "wheel" ]; # Enable sudo for the user.
# };
# List packages installed in system profile. To search, run:
# $ nix search wget
# environment.systemPackages = with pkgs; [
# vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
# wget
# firefox
# ];
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# List services that you want to enable:
# Enable the OpenSSH daemon.
services.openssh.enable = true;
services.openssh.permitRootLogin = "without-password";
#services.openssh.passwordAuthentication = true;
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
#networking.firewall.enable = false;
environment.systemPackages = with pkgs; [git rsync htop neovim];
users.extraUsers.root.openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAiOUE5yEKMXvKMoQJxfAKbLi5GGOQptzUbWuAVIOnQG+AXJetF/D4Qj68X/0LGEEX78aA4Tb4rNa4imv95+I2rRvRcz8U/9sWoSdfzXLT6KjMqW/4+iNGNFEd0jx92HxPU1Sir6rOGWVwxcayEGO4NJXAjE0LvNMN0+4c9TaH4FZ1hLhyjAdkh5KgPP48JbubqI0zf+BlTJJCWDz3MtN9CHn2nERjGRodYHjq3WTwGXyq7o7Tfmko7C0CE2gBuz4f3LJdH2vz+ghkL5vzFnxzq9QgucJoRr+Pjons71L1622ZLFFHsmicJIEofOUgTrwiD5yayijp/izVFdUvUoB20w=="
];
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
@ -111,25 +30,4 @@ security.sudo.wheelNeedsPassword = false;
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "21.05"; # Did you read the comment?
# Flakes
nix = {
package = pkgs.nixUnstable;
extraOptions = ''
experimental-features = nix-command flakes
'';
};
users.extraUsers.victor = {
isNormalUser = true;
extraGroups = [ "wheel" ];
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAiOUE5yEKMXvKMoQJxfAKbLi5GGOQptzUbWuAVIOnQG+A
XJetF/D4Qj68X/0LGEEX78aA4Tb4rNa4imv95+I2rRvRcz8U/9sWoSdfzXLT6KjMqW/4+iNGNFEd0jx92HxPU1Sir
6rOGWVwxcayEGO4NJXAjE0LvNMN0+4c9TaH4FZ1hLhyjAdkh5KgPP48JbubqI0zf+BlTJJCWDz3MtN9CHn2nERjGR
odYHjq3WTwGXyq7o7Tfmko7C0CE2gBuz4f3LJdH2vz+ghkL5vzFnxzq9QgucJoRr+Pjons71L1622ZLFFHsmicJIE
ofOUgTrwiD5yayijp/izVFdUvUoB20w==" ];
};
}