blob: b0e80e5e49f290602ba253fc8d8a9e2383d1f589 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
|
{
me,
pkgs,
auxiliaryPkgs,
unstablePkgs,
...
}:
{
imports = [
./nix.nix
./user.nix
./locale.nix
./vim.nix
./tmux.nix
./nix-ld.nix
];
services.envfs.enable = true;
virtualisation = {
libvirtd.enable = true;
docker = {
enable = true;
daemon.settings.dns = [ "1.1.1.1" "1.0.0.1" ];
};
};
# fish enables this by default,
# it makes every nixos rebuild very slow.
documentation.man.generateCaches = false;
documentation = {
info.enable = true;
doc.enable = true;
dev.enable = true;
nixos = {
enable = true;
includeAllModules = true;
};
};
networking.hostName = me.name;
services.resolved.enable = true;
users.users.mel.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINTG/DHTkuQgwLakSBuXx3XBe+WjUmDlSgLBGzldx/ZD mel@moissanite"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDlqytVSNMFAfbB+rdiNktv3WYViVBMeK7zUO2Pjfii+ mel@corsac"
];
services = {
acpid.enable = true;
tailscale.enable = true;
openssh = {
enable = true;
ports = [ 62322 ]; # listen on random port
openFirewall = true;
settings = {
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
PermitRootLogin = "no";
};
};
# annoy every ssh spammer
endlessh = {
enable = true;
port = 22;
openFirewall = true;
};
# ban those who found the real port
fail2ban.enable = true;
# sometimes needed for gnupg
pcscd.enable = true;
};
programs = {
fish.enable = true;
git.enable = true;
gnupg.agent = {
enable = true;
enableSSHSupport = true;
pinentryPackage = pkgs.pinentry-curses;
};
};
environment.systemPackages = (with pkgs; [
file unzip jq dig htop wget screen dive
gnupg pinentry-curses age agenix minisign openssl cryptsetup pamtester
inetutils pciutils usbutils lshw lsof inxi iw pmutils acpi acpid
minicom miniserve netcat-gnu socat tcpdump nmap iftop iperf mtr arp-scan ethtool
mitmproxy
yt-dlp ffmpeg_7-full imagemagick
senpai
qemu_full virtiofsd
openvpn openvpn3 update-resolv-conf
ripgrep hyperfine parallel just fzf bat delta eza fd tokei didyoumean
universal-ctags compiledb graphviz
python3 uv ruff
nodejs_22 deno yarn
rustc rustup cargo rustfmt
go gopls delve go-task gotags golangci-lint
meson cmake gnumake ninja gdb gcc clang clang-tools
hare haredoc
jdk maven gradle
nil nixfmt-rfc-style
nixpkgs-review nixpkgs-fmt nixpkgs-lint-community
postgresql
helix alacritty
ubootTools dtc cloud-utils
borgbackup
man-pages man-pages-posix
]) ++ (with unstablePkgs; [
claude-code gemini-cli
]) ++ (with auxiliaryPkgs; [
]);
environment.etc.openvpn.source = "${pkgs.update-resolv-conf}/libexec/openvpn";
}
|
