1 files changed, 124 insertions, 0 deletions
diff --git a/roles/development-server.nix b/roles/development-server.nix
new file mode 100644
index 0000000..b0e80e5
--- /dev/null
+++ b/roles/development-server.nix
@@ -0,0 +1,124 @@
+{
+  me,
+  pkgs,
+  auxiliaryPkgs,
+  unstablePkgs,
+  ...
+}:
+{
+  imports = [
+    ./nix.nix
+    ./user.nix
+    ./locale.nix
+    ./vim.nix
+    ./tmux.nix
+    ./nix-ld.nix
+  ];
+
+  services.envfs.enable = true;
+
+  virtualisation = {
+    libvirtd.enable = true;
+    docker = {
+      enable = true;
+      daemon.settings.dns = [ "1.1.1.1" "1.0.0.1" ];
+    };
+  };
+
+  # fish enables this by default,
+  # it makes every nixos rebuild very slow.
+  documentation.man.generateCaches = false;
+  documentation = {
+    info.enable = true;
+    doc.enable = true;
+    dev.enable = true;
+    nixos = {
+      enable = true;
+      includeAllModules = true;
+    };
+  };
+
+  networking.hostName = me.name;
+  services.resolved.enable = true;
+
+  users.users.mel.openssh.authorizedKeys.keys = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINTG/DHTkuQgwLakSBuXx3XBe+WjUmDlSgLBGzldx/ZD mel@moissanite"
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDlqytVSNMFAfbB+rdiNktv3WYViVBMeK7zUO2Pjfii+ mel@corsac"
+  ];
+  services = {
+    acpid.enable = true;
+    tailscale.enable = true;
+
+    openssh = {
+      enable = true;
+      ports = [ 62322 ]; # listen on random port
+      openFirewall = true;
+      settings = {
+        PasswordAuthentication = false;
+        KbdInteractiveAuthentication = false;
+        PermitRootLogin = "no";
+      };
+    };
+
+    # annoy every ssh spammer
+    endlessh = {
+      enable = true;
+      port = 22;
+      openFirewall = true;
+    };
+
+    # ban those who found the real port
+    fail2ban.enable = true;
+
+    # sometimes needed for gnupg
+    pcscd.enable = true;
+  };
+
+  programs = {
+    fish.enable = true;
+    git.enable = true;
+
+    gnupg.agent = {
+      enable = true;
+      enableSSHSupport = true;
+      pinentryPackage = pkgs.pinentry-curses;
+    };
+  };
+
+  environment.systemPackages = (with pkgs; [
+    file unzip jq dig htop wget screen dive
+    gnupg pinentry-curses age agenix minisign openssl cryptsetup pamtester
+    inetutils pciutils usbutils lshw lsof inxi iw pmutils acpi acpid
+    minicom miniserve netcat-gnu socat tcpdump nmap iftop iperf mtr arp-scan ethtool
+    mitmproxy 
+    yt-dlp ffmpeg_7-full imagemagick
+    senpai
+    qemu_full virtiofsd
+
+    openvpn openvpn3 update-resolv-conf
+
+    ripgrep hyperfine parallel just fzf bat delta eza fd tokei didyoumean
+    universal-ctags compiledb graphviz
+    python3 uv ruff
+    nodejs_22 deno yarn
+    rustc rustup cargo rustfmt
+    go gopls delve go-task gotags golangci-lint
+    meson cmake gnumake ninja gdb gcc clang clang-tools
+    hare haredoc
+    jdk maven gradle
+    nil nixfmt-rfc-style
+    nixpkgs-review nixpkgs-fmt nixpkgs-lint-community
+    postgresql
+    helix alacritty
+
+    ubootTools dtc cloud-utils
+    borgbackup
+
+    man-pages man-pages-posix
+  ]) ++ (with unstablePkgs; [
+    claude-code gemini-cli
+  ]) ++ (with auxiliaryPkgs; [
+  ]);
+
+  environment.etc.openvpn.source = "${pkgs.update-resolv-conf}/libexec/openvpn";
+}