From f51f8e398fffe33dcbb4b9f9db95708e7a3dde82 Mon Sep 17 00:00:00 2001 From: tzlil Date: Tue, 13 Dec 2022 15:21:30 +0200 Subject: stuff --- profiles/core.nix | 5 +++++ profiles/graphical.nix | 34 ++++++++++++++++++++++++++++++++++ profiles/network.nix | 24 ++++++++++++++++++++++++ profiles/ssh.nix | 34 ++++++++++++++++++++++++++++++++++ profiles/user.nix | 16 +++++++++------- 5 files changed, 106 insertions(+), 7 deletions(-) create mode 100644 profiles/graphical.nix create mode 100644 profiles/ssh.nix (limited to 'profiles') diff --git a/profiles/core.nix b/profiles/core.nix index 01ec85a..f578621 100644 --- a/profiles/core.nix +++ b/profiles/core.nix @@ -22,5 +22,10 @@ }; users.mutableUsers = false; environment.defaultPackages = lib.mkForce []; + + # dont do this + users.users.root.initialPassword = "hunter2"; + + age.identityPaths = [ "/nix/persist/etc/ssh/ssh_host_ed25519_key" ]; }; } \ No newline at end of file diff --git a/profiles/graphical.nix b/profiles/graphical.nix new file mode 100644 index 0000000..f3bff3a --- /dev/null +++ b/profiles/graphical.nix @@ -0,0 +1,34 @@ +{ pkgs, lib, config, inputs, ... }: + +{ + config = { + home-manager.users.tzlil = {...}: { + fonts.fontconfig.enable = true; + + home.packages = with pkgs; [ + iosevka + gnome3.adwaita-icon-theme + noto-fonts + noto-fonts-emoji + noto-fonts-cjk + ]; + + # gtk = { + # theme.package = pkgs.gnome.gnome-themes-extra; + # theme.name = "Adwaita-dark"; + # enable = true; + # gtk3.extraConfig = { + # gtk-application-prefer-dark-theme = 1; + # gtk-xft-hinting = 1; + # gtk-xft-hintstyle = "slight"; + # gtk-xft-antialias = 1; # => font-antialiasing="grayscale" + # gtk-xft-rgba = "rgb"; # => font-rgb-order="rgb" + # }; + # font = { + # package = pkgs.noto-fonts; + # name = "Noto Sans 11"; + # }; + # }; + }; + }; +} \ No newline at end of file diff --git a/profiles/network.nix b/profiles/network.nix index 5aee7a1..8e6a83d 100644 --- a/profiles/network.nix +++ b/profiles/network.nix @@ -15,5 +15,29 @@ nameservers = ["127.0.0.1" "::1"]; networkmanager.dns = "none"; }; + + services.dnscrypt-proxy2 = { + enable = true; + settings = { + ipv6_servers = true; + require_dnssec = true; + + sources.public-resolvers = { + urls = [ + "https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md" + "https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md" + ]; + cache_file = "/var/lib/dnscrypt-proxy2/public-resolvers.md"; + minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3"; + }; + + # You can choose a specific set of servers from https://github.com/DNSCrypt/dnscrypt-resolvers/blob/master/v3/public-resolvers.md + # server_names = [ ... ]; + }; + }; + + systemd.services.dnscrypt-proxy2.serviceConfig = { + StateDirectory = "dnscrypt-proxy"; + }; }; } \ No newline at end of file diff --git a/profiles/ssh.nix b/profiles/ssh.nix new file mode 100644 index 0000000..e0a623a --- /dev/null +++ b/profiles/ssh.nix @@ -0,0 +1,34 @@ +{ pkgs, lib, config, inputs, ... }: + +{ + config = { + services.openssh = { + enable = true; + openFirewall = false; + passwordAuthentication = false; + kbdInteractiveAuthentication = false; + allowSFTP = false; + permitRootLogin = "no"; + startWhenNeeded = true; + extraConfig = '' + AllowTcpForwarding yes + X11Forwarding no + AllowAgentForwarding no + AllowStreamLocalForwarding no + AuthenticationMethods publickey + StreamLocalBindUnlink yes + + AllowUsers tzlil + ''; + }; + environment.persistence."/nix/persist" = { + hideMounts = true; + files = [ + "/etc/ssh/ssh_host_ed25519_key" + "/etc/ssh/ssh_host_ed25519_key.pub" + "/etc/ssh/ssh_host_rsa_key" + "/etc/ssh/ssh_host_rsa_key.pub" + ]; + }; + }; +} \ No newline at end of file diff --git a/profiles/user.nix b/profiles/user.nix index ee29bad..3df7c18 100644 --- a/profiles/user.nix +++ b/profiles/user.nix @@ -7,7 +7,6 @@ }: { imports = [ inputs.home-manager.nixosModules."home-manager" - inputs.agenix.nixosModules ]; config = { users.users.tzlil = { @@ -29,13 +28,13 @@ file = ../secrets/id_ed25519.age; mode = "600"; owner = "tzlil"; - group = "tzlil"; + group = "users"; }; - home-manager.nixosModules.home-manager = { - home-manager.useGlobalPkgs = true; - home-manager.useUserPackages = true; - home-manager.backupFileExtension = "backup"; + home-manager = { + useGlobalPkgs = true; + useUserPackages = true; + backupFileExtension = "backup"; }; home-manager.users.tzlil = {pkgs, ...}@hm: { @@ -44,7 +43,10 @@ username = "tzlil"; homeDirectory = "/home/tzlil"; }; - programs.ssh.matchBlocks."*".identityFile = config.age.secrets."id_ed25519".path; + programs.ssh = { + enable = true; + matchBlocks."*".identityFile = config.age.secrets."id_ed25519".path; + }; }; }; } \ No newline at end of file -- cgit 1.4.1