blob: df448dcb2bc03aa02d7154dc4d206485f12d2592 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
|
# SPDX-FileCopyrightText: 2022-2023 Alyssa Ross <hi@alyssa.is>
# SPDX-License-Identifier: MIT
{ config, lib, pkgs, ... }:
{
imports = [
<nixpkgs/nixos/modules/installer/netboot/netboot.nix>
<nixpkgs/nixos/modules/profiles/all-hardware.nix>
<nixpkgs/nixos/modules/profiles/base.nix>
<nixpkgs/nixos/modules/profiles/minimal.nix>
];
systemd.additionalUpstreamSystemUnits = [
"systemd-journal-gatewayd.socket"
"systemd-journal-gatewayd.service"
];
networking.firewall.allowedTCPPorts = [ 19531 ];
networking.firewall.logRefusedConnections = false;
programs.ssh.knownHostsFiles = [
(builtins.toFile "known_hosts" ''
cache.dataaturservice.se ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCVYiVyrdI4DCJ8/nPYIdp0nX/NizEogjZC38rePIvb689qZbzu9KJ6kUr9l215hRMSG3bFYIUA9E5f6h8O+Iun9xyNoqwrdGDfsnEBzCk3JvL4UC0SQbdE3mUnFdPFysW4KhBWYAaoYIJbBnPz4I0tjJr/gbvRIoT2zaQNrl1d2iaKCJIUEfgrjwZLhAmqhhrWGlo4goc/2DxPOwtE8vd0ETCp2g906QFXZxAVdE3gMTJIdhDel9dYRvuO3OyyPoIBYRO7wya3gqNRsSjdStG/8JG/7CAYfKqPeIn+c9g/xHNqXQGj8cuBczxcITzzFrQcEHSEcZpwPgpfZ+YiwLZwKaR92ZC192eCGzAsBhempjAxjqpWp0EXsV+IE34YhgeaifVlvdPYQy1ZZwHpnw1MvJAq7lx5SU+jWqrWd/fYGli7Mb/teIf24tr3Ez5hfRZAzq4ts5kF8G/oJ3onUnoX/G6uDKWIaWI7ZSPE4HE3VbvxfYHv8p4KIa/2oPVCxWM=
cache.dataaturservice.se ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILGvP2lmdHcYlmV8uLlAhp0ylLUymDR4WUamjO1lScNS
'')
];
nix.settings.secret-key-files = [ "/etc/nix/key" ];
nix.settings.substituters = [ "https://cache.dataaturservice.se/spectrum/" ];
nix.settings.post-build-hook = pkgs.writeShellScript "post-build-hook" ''
export PATH=${lib.makeBinPath [ config.nix.package config.programs.ssh.package ]}
nix --extra-experimental-features nix-command copy $(nix-store -r $DRV_PATH) \
--to ssh-ng://spectrum-build@cache.dataaturservice.se?remote-store=file:///var/www/spectrum
nix --extra-experimental-features nix-command store copy-log $OUT_PATHS \
--to ssh-ng://spectrum-build@cache.dataaturservice.se?remote-store=file:///var/www/spectrum
'';
security.sudo.wheelNeedsPassword = false;
services.openssh.enable = true;
services.openssh.settings.LogLevel = "ERROR";
services.openssh.hostKeys = [
{ type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
];
users.users.qyliss = {
description = "Alyssa Ross";
extraGroups = [ "wheel" ];
isNormalUser = true;
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDO11Pr7jKaRZ2It1yB312SKFN8mCV7aVYdry16LNwtnA6EDgFxyshG4Zmhl9asxQ9wa1lT3tdKB6ArA+VKxXMZB0zm15jYSLKpHQxMT7T3SqtTluJQpJD9zRtWeHbW/e1mtgn3tPYTHERB4HVGKIeGk97eOR2YOdXPHOIWhOXpogDtUlyt1bmWl0gyRHbWhViLeReHYhsu0KbZlo+ntN9aN7lPVkDfa7gUARv6IeGE5hAYHPRWmQ3VJCDaQnzsTtesLPFiNmV6Pq7qtWbHVNOG9XQLXJhD/305+yDZ2y/+KuBEQCroiWF8fPY/8gutfkZ0ZLjdGbXl38j5v+yRjreh+wjcN5MYWCWM18hMdutpoMd9D7PXaZz90V2vS+mRC81t3zXKrAy3Ke+LQBmlWSWxmKWdDoOTGOHjyPuCC/q+In7Q8hetB9/b9WUXTwEaaE3lUsa7y5JHAekNmdSoN3WD10nGYVUMvRRPGAlyqZTQdvxhn+6Pyu2piwIv/TMmC1CwiHr+fLbHxXQF745sOBQNmrdfiOzqDsKleybNB6i0AdDm5UZcYRcMLuxmryxN8O8qNUdMjMGoCeFcGwAIieqM+0xkPiByKr8ky2yV2lwOaZ4jrp/3j5GsGoQlvNKIPdCA/GQFad6vuqvhlbWcbdfiNpawrppLcJBsGB2NVjGbNQ=="
];
};
xdg.mime.enable = false;
}
|