summary refs log tree commit diff
path: root/profiles
diff options
context:
space:
mode:
Diffstat (limited to 'profiles')
-rw-r--r--profiles/core.nix5
-rw-r--r--profiles/graphical.nix34
-rw-r--r--profiles/network.nix24
-rw-r--r--profiles/ssh.nix34
-rw-r--r--profiles/user.nix16
5 files changed, 106 insertions, 7 deletions
diff --git a/profiles/core.nix b/profiles/core.nix
index 01ec85a..f578621 100644
--- a/profiles/core.nix
+++ b/profiles/core.nix
@@ -22,5 +22,10 @@
     };
     users.mutableUsers = false;
     environment.defaultPackages = lib.mkForce [];
+
+    # dont do this
+    users.users.root.initialPassword = "hunter2";
+
+    age.identityPaths = [ "/nix/persist/etc/ssh/ssh_host_ed25519_key" ];
   };
 }
\ No newline at end of file
diff --git a/profiles/graphical.nix b/profiles/graphical.nix
new file mode 100644
index 0000000..f3bff3a
--- /dev/null
+++ b/profiles/graphical.nix
@@ -0,0 +1,34 @@
+{ pkgs, lib, config, inputs, ... }:
+
+{
+  config = {
+    home-manager.users.tzlil = {...}: {
+      fonts.fontconfig.enable = true;
+
+      home.packages = with pkgs; [
+        iosevka
+        gnome3.adwaita-icon-theme
+        noto-fonts
+        noto-fonts-emoji
+        noto-fonts-cjk
+      ];
+
+      # gtk = {
+      #   theme.package = pkgs.gnome.gnome-themes-extra;
+      #   theme.name = "Adwaita-dark";
+      #   enable = true;
+      #   gtk3.extraConfig = {
+      #     gtk-application-prefer-dark-theme = 1;
+      #     gtk-xft-hinting = 1;
+      #     gtk-xft-hintstyle = "slight";
+      #     gtk-xft-antialias = 1; # => font-antialiasing="grayscale"
+      #     gtk-xft-rgba = "rgb"; # => font-rgb-order="rgb"
+      #   };
+      #   font = {
+      #     package = pkgs.noto-fonts;
+      #     name = "Noto Sans 11";
+      #   };
+      # };
+    };
+  };
+}
\ No newline at end of file
diff --git a/profiles/network.nix b/profiles/network.nix
index 5aee7a1..8e6a83d 100644
--- a/profiles/network.nix
+++ b/profiles/network.nix
@@ -15,5 +15,29 @@
       nameservers = ["127.0.0.1" "::1"];
       networkmanager.dns = "none";
     };
+
+    services.dnscrypt-proxy2 = {
+    enable = true;
+    settings = {
+      ipv6_servers = true;
+      require_dnssec = true;
+
+      sources.public-resolvers = {
+        urls = [
+          "https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md"
+          "https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md"
+        ];
+        cache_file = "/var/lib/dnscrypt-proxy2/public-resolvers.md";
+        minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3";
+      };
+
+      # You can choose a specific set of servers from https://github.com/DNSCrypt/dnscrypt-resolvers/blob/master/v3/public-resolvers.md
+      # server_names = [ ... ];
+    };
+    };
+
+    systemd.services.dnscrypt-proxy2.serviceConfig = {
+      StateDirectory = "dnscrypt-proxy";
+    };
   };
 }
\ No newline at end of file
diff --git a/profiles/ssh.nix b/profiles/ssh.nix
new file mode 100644
index 0000000..e0a623a
--- /dev/null
+++ b/profiles/ssh.nix
@@ -0,0 +1,34 @@
+{ pkgs, lib, config, inputs, ... }:
+
+{
+  config = {
+    services.openssh = {
+      enable = true;
+      openFirewall = false;
+      passwordAuthentication = false;
+      kbdInteractiveAuthentication = false;
+      allowSFTP = false;
+      permitRootLogin = "no";
+      startWhenNeeded = true;
+      extraConfig = ''
+        AllowTcpForwarding yes
+        X11Forwarding no
+        AllowAgentForwarding no
+        AllowStreamLocalForwarding no
+        AuthenticationMethods publickey
+        StreamLocalBindUnlink yes
+
+        AllowUsers tzlil
+      '';
+    };
+    environment.persistence."/nix/persist" = {
+      hideMounts = true;
+      files = [
+        "/etc/ssh/ssh_host_ed25519_key"
+        "/etc/ssh/ssh_host_ed25519_key.pub"
+        "/etc/ssh/ssh_host_rsa_key"
+        "/etc/ssh/ssh_host_rsa_key.pub"
+      ];
+    };
+  };
+}
\ No newline at end of file
diff --git a/profiles/user.nix b/profiles/user.nix
index ee29bad..3df7c18 100644
--- a/profiles/user.nix
+++ b/profiles/user.nix
@@ -7,7 +7,6 @@
 }: {
   imports = [
     inputs.home-manager.nixosModules."home-manager"
-    inputs.agenix.nixosModules
   ];
   config = {
     users.users.tzlil = {
@@ -29,13 +28,13 @@
       file = ../secrets/id_ed25519.age;
       mode = "600";
       owner = "tzlil";
-      group = "tzlil";
+      group = "users";
     };
 
-    home-manager.nixosModules.home-manager = {
-      home-manager.useGlobalPkgs = true;
-      home-manager.useUserPackages = true;
-      home-manager.backupFileExtension = "backup";
+    home-manager = {
+      useGlobalPkgs = true;
+      useUserPackages = true;
+      backupFileExtension = "backup";
     };
 
     home-manager.users.tzlil = {pkgs, ...}@hm: {
@@ -44,7 +43,10 @@
         username = "tzlil";
         homeDirectory = "/home/tzlil";
       };
-      programs.ssh.matchBlocks."*".identityFile = config.age.secrets."id_ed25519".path;
+      programs.ssh = {
+        enable = true;
+        matchBlocks."*".identityFile = config.age.secrets."id_ed25519".path;
+      };
     };
   };
 }
\ No newline at end of file