diff options
author | tzlil <tzlils@protonmail.com> | 2022-12-13 15:21:30 +0200 |
---|---|---|
committer | tzlil <tzlils@protonmail.com> | 2022-12-13 15:21:30 +0200 |
commit | f51f8e398fffe33dcbb4b9f9db95708e7a3dde82 (patch) | |
tree | 08a9c853a29b01c53be526aecc8d2505f5086af5 /profiles | |
parent | 24637dfdfdd6dc8d116542f16a07d808c9e43c36 (diff) |
stuff
Diffstat (limited to 'profiles')
-rw-r--r-- | profiles/core.nix | 5 | ||||
-rw-r--r-- | profiles/graphical.nix | 34 | ||||
-rw-r--r-- | profiles/network.nix | 24 | ||||
-rw-r--r-- | profiles/ssh.nix | 34 | ||||
-rw-r--r-- | profiles/user.nix | 16 |
5 files changed, 106 insertions, 7 deletions
diff --git a/profiles/core.nix b/profiles/core.nix index 01ec85a..f578621 100644 --- a/profiles/core.nix +++ b/profiles/core.nix @@ -22,5 +22,10 @@ }; users.mutableUsers = false; environment.defaultPackages = lib.mkForce []; + + # dont do this + users.users.root.initialPassword = "hunter2"; + + age.identityPaths = [ "/nix/persist/etc/ssh/ssh_host_ed25519_key" ]; }; } \ No newline at end of file diff --git a/profiles/graphical.nix b/profiles/graphical.nix new file mode 100644 index 0000000..f3bff3a --- /dev/null +++ b/profiles/graphical.nix @@ -0,0 +1,34 @@ +{ pkgs, lib, config, inputs, ... }: + +{ + config = { + home-manager.users.tzlil = {...}: { + fonts.fontconfig.enable = true; + + home.packages = with pkgs; [ + iosevka + gnome3.adwaita-icon-theme + noto-fonts + noto-fonts-emoji + noto-fonts-cjk + ]; + + # gtk = { + # theme.package = pkgs.gnome.gnome-themes-extra; + # theme.name = "Adwaita-dark"; + # enable = true; + # gtk3.extraConfig = { + # gtk-application-prefer-dark-theme = 1; + # gtk-xft-hinting = 1; + # gtk-xft-hintstyle = "slight"; + # gtk-xft-antialias = 1; # => font-antialiasing="grayscale" + # gtk-xft-rgba = "rgb"; # => font-rgb-order="rgb" + # }; + # font = { + # package = pkgs.noto-fonts; + # name = "Noto Sans 11"; + # }; + # }; + }; + }; +} \ No newline at end of file diff --git a/profiles/network.nix b/profiles/network.nix index 5aee7a1..8e6a83d 100644 --- a/profiles/network.nix +++ b/profiles/network.nix @@ -15,5 +15,29 @@ nameservers = ["127.0.0.1" "::1"]; networkmanager.dns = "none"; }; + + services.dnscrypt-proxy2 = { + enable = true; + settings = { + ipv6_servers = true; + require_dnssec = true; + + sources.public-resolvers = { + urls = [ + "https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md" + "https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md" + ]; + cache_file = "/var/lib/dnscrypt-proxy2/public-resolvers.md"; + minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3"; + }; + + # You can choose a specific set of servers from https://github.com/DNSCrypt/dnscrypt-resolvers/blob/master/v3/public-resolvers.md + # server_names = [ ... ]; + }; + }; + + systemd.services.dnscrypt-proxy2.serviceConfig = { + StateDirectory = "dnscrypt-proxy"; + }; }; } \ No newline at end of file diff --git a/profiles/ssh.nix b/profiles/ssh.nix new file mode 100644 index 0000000..e0a623a --- /dev/null +++ b/profiles/ssh.nix @@ -0,0 +1,34 @@ +{ pkgs, lib, config, inputs, ... }: + +{ + config = { + services.openssh = { + enable = true; + openFirewall = false; + passwordAuthentication = false; + kbdInteractiveAuthentication = false; + allowSFTP = false; + permitRootLogin = "no"; + startWhenNeeded = true; + extraConfig = '' + AllowTcpForwarding yes + X11Forwarding no + AllowAgentForwarding no + AllowStreamLocalForwarding no + AuthenticationMethods publickey + StreamLocalBindUnlink yes + + AllowUsers tzlil + ''; + }; + environment.persistence."/nix/persist" = { + hideMounts = true; + files = [ + "/etc/ssh/ssh_host_ed25519_key" + "/etc/ssh/ssh_host_ed25519_key.pub" + "/etc/ssh/ssh_host_rsa_key" + "/etc/ssh/ssh_host_rsa_key.pub" + ]; + }; + }; +} \ No newline at end of file diff --git a/profiles/user.nix b/profiles/user.nix index ee29bad..3df7c18 100644 --- a/profiles/user.nix +++ b/profiles/user.nix @@ -7,7 +7,6 @@ }: { imports = [ inputs.home-manager.nixosModules."home-manager" - inputs.agenix.nixosModules ]; config = { users.users.tzlil = { @@ -29,13 +28,13 @@ file = ../secrets/id_ed25519.age; mode = "600"; owner = "tzlil"; - group = "tzlil"; + group = "users"; }; - home-manager.nixosModules.home-manager = { - home-manager.useGlobalPkgs = true; - home-manager.useUserPackages = true; - home-manager.backupFileExtension = "backup"; + home-manager = { + useGlobalPkgs = true; + useUserPackages = true; + backupFileExtension = "backup"; }; home-manager.users.tzlil = {pkgs, ...}@hm: { @@ -44,7 +43,10 @@ username = "tzlil"; homeDirectory = "/home/tzlil"; }; - programs.ssh.matchBlocks."*".identityFile = config.age.secrets."id_ed25519".path; + programs.ssh = { + enable = true; + matchBlocks."*".identityFile = config.age.secrets."id_ed25519".path; + }; }; }; } \ No newline at end of file |