blob: feeaba125968db48aa19857814c5f3cf96972320 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
|
# SPDX-FileCopyrightText: 2022-2023 Alyssa Ross <hi@alyssa.is>
# SPDX-License-Identifier: MIT
{ config, lib, modulesPath, pkgs, ... }:
{
imports = [
(modulesPath + "/profiles/minimal.nix")
];
boot.loader.grub.enable = false;
fileSystems = {
"/" = {
fsType = "tmpfs";
options = [ "mode=0755" ];
};
};
systemd.additionalUpstreamSystemUnits = [
"systemd-journal-gatewayd.socket"
"systemd-journal-gatewayd.service"
];
networking.firewall.allowedTCPPorts = [ 19531 ];
networking.firewall.logRefusedConnections = false;
programs.ssh.knownHostsFiles = [
(builtins.toFile "known_hosts" ''
cache.dataaturservice.se ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJnbwqoAuHw5d+geUnVc5ugj6o4JHaXCL61SgpAoGGq4
cache.dataaturservice.se ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDRQHrGcWsis2uYbL57yoqd2OrEoz0eCNXDlJkEgfZuYO/cvKki8ivFQB26TErcrvj1qohtsPm6IP4tJe3S80fwEOdq1VIXfjcdZkmrAFux95jHrUOdhZfG++Hn1R9D8m6weNsyXEjzP+NNMI/+IYivCEroHccvVByxaaPqWY+ykgaaBnUqq9DdTF+77Y+iPdVrqk/BM/5RzAH4red+ZsA+2wiGoC2qyOPV//O/gLUoBrQSHPNV5c4oVGZ8+0yXqUcPWnTUnXkRVU9HfwiW8DjqSzSb/kc7NyrDFvPoRGIxMMSLGbNbB3Im7qFpcFkQ2zm/+a6kbx+FkIK03LRoOXQSdt7GrKF5ulb970/HiSsNU66PSV/3mo/tATOaubssbvPryID9ixUtbbAxEkWIdJkR+/xSgROytRggF1nq4pRzPZO+xpgEb/o62Ulwd8HpwG/lITr+Z/ywcY+K1qmdIGyPNVUSTyZgusKyQx4tyG+wcTD2QbkejiYtuhKufApGQ9M=
'')
];
nix.settings.secret-key-files = [ "/etc/nix/key" ];
nix.settings.substituters = [ "https://cache.dataaturservice.se/spectrum/" ];
nix.settings.post-build-hook = pkgs.writeShellScript "post-build-hook" ''
export PATH=${lib.makeBinPath [ config.nix.package config.programs.ssh.package ]}
nix --extra-experimental-features nix-command copy $(nix-store -r $DRV_PATH) \
--to ssh-ng://spectrum-build@cache.dataaturservice.se?remote-store=file:///var/www/spectrum
nix --extra-experimental-features nix-command store copy-log $OUT_PATHS \
--to ssh-ng://spectrum-build@cache.dataaturservice.se?remote-store=file:///var/www/spectrum
'';
security.sudo.wheelNeedsPassword = false;
services.openssh.enable = true;
services.openssh.settings.LogLevel = "ERROR";
services.openssh.hostKeys = [
{ type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
];
users.users.qyliss = {
description = "Alyssa Ross";
extraGroups = [ "wheel" ];
isNormalUser = true;
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDO11Pr7jKaRZ2It1yB312SKFN8mCV7aVYdry16LNwtnA6EDgFxyshG4Zmhl9asxQ9wa1lT3tdKB6ArA+VKxXMZB0zm15jYSLKpHQxMT7T3SqtTluJQpJD9zRtWeHbW/e1mtgn3tPYTHERB4HVGKIeGk97eOR2YOdXPHOIWhOXpogDtUlyt1bmWl0gyRHbWhViLeReHYhsu0KbZlo+ntN9aN7lPVkDfa7gUARv6IeGE5hAYHPRWmQ3VJCDaQnzsTtesLPFiNmV6Pq7qtWbHVNOG9XQLXJhD/305+yDZ2y/+KuBEQCroiWF8fPY/8gutfkZ0ZLjdGbXl38j5v+yRjreh+wjcN5MYWCWM18hMdutpoMd9D7PXaZz90V2vS+mRC81t3zXKrAy3Ke+LQBmlWSWxmKWdDoOTGOHjyPuCC/q+In7Q8hetB9/b9WUXTwEaaE3lUsa7y5JHAekNmdSoN3WD10nGYVUMvRRPGAlyqZTQdvxhn+6Pyu2piwIv/TMmC1CwiHr+fLbHxXQF745sOBQNmrdfiOzqDsKleybNB6i0AdDm5UZcYRcMLuxmryxN8O8qNUdMjMGoCeFcGwAIieqM+0xkPiByKr8ky2yV2lwOaZ4jrp/3j5GsGoQlvNKIPdCA/GQFad6vuqvhlbWcbdfiNpawrppLcJBsGB2NVjGbNQ=="
];
};
xdg.mime.enable = false;
}
|