nix: basic system config

2024-07-09 10:43:13 +02:00 · 2024-07-09 10:43:13 +02:00 · e457c48757
commit e457c48757
parent 44e61805b0
4 changed files with 218 additions and 1 deletions
--- a/nix/default.nix
+++ b/nix/default.nix
@ -4,4 +4,5 @@
  native = pkgs.callPackage ./native.nix {};
  backend = pkgs.callPackage ./backend.nix {};
  web = pkgs.callPackage ./web.nix {};
+  docker = inputs.self.nixosConfigurations.main.config.formats.docker;
 }
--- a/nix/infra.nix
+++ b/nix/infra.nix
@ -0,0 +1,114 @@
+{
+  config,
+  lib,
+  pkgs,
+  self,
+  ...
+}:
+
+{
+  system.stateVersion = "24.11";
+  nixpkgs.hostPlatform = {
+    system = "x86_64-linux";
+    config = "x86_64-unknown-linux-gnu";
+  };
+  networking.hostName = "Main";
+  time.timeZone = "Europe/Berlin";
+
+  xdg = {
+    mime.enable = true;
+    autostart.enable = true;
+  };
+
+  i18n = {
+    defaultLocale = "en_NZ.UTF-8";
+    extraLocaleSettings = {
+      LC_ADDRESS = "de_DE.UTF-8";
+      LC_IDENTIFICATION = "de_DE.UTF-8";
+      LC_MEASUREMENT = "de_DE.UTF-8";
+      LC_MONETARY = "de_DE.UTF-8";
+      LC_NAME = "de_DE.UTF-8";
+      LC_NUMERIC = "de_DE.UTF-8";
+      LC_PAPER = "de_DE.UTF-8";
+      LC_TELEPHONE = "de_DE.UTF-8";
+      LC_TIME = "de_DE.UTF-8";
+      LC_CTYPE = "de_DE.UTF-8";
+      LC_COLLATE = "de_DE.UTF-8";
+      LC_MESSAGES = "en_NZ.UTF-8";
+    };
+  };
+
+  environment.variables = {
+    LOG_ICONS = "true";
+  };
+
+  services.openssh = {
+    enable = true;
+    banner = "Hackers are in Your System!!!\n";
+    settings = {
+      PasswordAuthentication = false;
+      PermitRootLogin = "prohibit-password";
+    };
+  };
+
+  fonts.fontDir.enable = true;
+
+  networking.firewall.enable = lib.mkForce false;
+
+  nix = {
+    settings = {
+      substituters = lib.mkForce [
+        "https://cache.nixos.org"
+        "https://nix-community.cachix.org"
+      ];
+      trusted-public-keys = lib.mkForce [
+        "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
+        "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
+      ];
+      trusted-users = [ "root" ];
+      sandbox = true;
+      require-sigs = true;
+      max-jobs = "auto";
+      auto-optimise-store = true;
+      allowed-users = [ "*" ];
+      experimental-features = [
+        "nix-command"
+        "flakes"
+      ];
+      warn-dirty = true;
+      use-xdg-base-directories = true;
+      keep-going = true;
+      builders-use-substitutes = true;
+    };
+    distributedBuilds = true;
+    package = pkgs.lix;
+    registry = lib.mkForce ((lib.mapAttrs (_: flake: { inherit flake; })) ((lib.filterAttrs (_: lib.isType "flake")) self.inputs) // {
+      self.flake = self;
+    });
+    nixPath = lib.mkForce [ "/etc/nix/path" ];
+  };
+
+  nixpkgs = {
+    config ={
+      allowUnfree = true;
+    };
+  };
+
+  environment.etc = lib.mapAttrs' (name: value: { name = "nix/path/${name}"; value.source = value.flake; }) config.nix.registry;
+
+  services.postgresql.enable = true;
+
+  users.users.master = {
+    isNormalUser = true;
+    shell = pkgs.nushell;
+    hashedPassword = "$2b$05$q5oW9Q25AjVAic1KY1xrIOZ6cyuleRxbsuMlW998lzOk6Us8Rplnq";
+    extraGroups = [ "wheel" ];
+    uid = 1000;
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB8oyMpS2hK3gQXyHIIVS6oilgMpemLmfhKKJ6RBMwUh johannes@joens.email"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP3pKtvhOOjG1pGJq7cVHS5uWy5IP8y1Ra/ENpmJcqOe root@zap"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFEcNAVRN66mfKmaCpxs++0094Eh4mqXkUwDPZPkIIBB johannes@joens.email"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFZDUoC+1lNR2JTY1Q+vhXpuLmKMdVl2OMFLVbQ3cGkw jopejoe1@kuraokami"
+    ];
+  };
+}