toph/dotfiles
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

ssh by default

Browse source
This commit is contained in:
Christopher Mühl 2026-01-06 03:40:45 +01:00
parent a7494307a1
commit 9046677414
No known key found for this signature in database
GPG key ID: 925AC7D69955293F
5 changed files with 81 additions and 100 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

34
configurations/nixos/aepplet/default.nix
View file

@ -10,50 +10,32 @@
]; ];
bosun = { bosun = {
# quirks = ["avahi" "docker"];
key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPjqieS4GkYAa1WRYZpxjgYsj7VGZ9U+rTFCkX8M0umD"; key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPjqieS4GkYAa1WRYZpxjgYsj7VGZ9U+rTFCkX8M0umD";
profiles = {
docker.enable = true;
work.enable = true;
};
}; };
system.stateVersion = "24.11"; system.stateVersion = "24.11";
# Enable nix flakes
nix = {
package = pkgs.nixVersions.stable;
extraOptions = ''
experimental-features = nix-command flakes
'';
};
services.openssh = {
enable = true;
settings = {
PasswordAuthentication = false;
AllowUsers = ["toph"];
};
};
# Set the default drive, which in the case of Mercury is # Set the default drive, which in the case of Mercury is
# a VirtualBox image. # a VirtualBox image.
disko.devices.disk.main.device = "/dev/sda"; disko.devices.disk.main.device = "/dev/sda";
boot.loader.grub.enable = true; boot.loader.grub.enable = true;
networking.hostName = "aepplet";
time.timeZone = "Europe/Berlin";
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
inputs.docker-compose-1.legacyPackages."x86_64-linux".docker-compose inputs.docker-compose-1.legacyPackages."x86_64-linux".docker-compose
gnumake gnumake
]; ];
console = { programs = {
font = "Lat2-Terminus16"; vim.enable = true;
keyMap = lib.mkForce "de"; git.enable = true;
}; };
programs.vim.enable = true;
programs.git.enable = true;
# Disable the firewall so that all traffic is allowed # Disable the firewall so that all traffic is allowed
networking.firewall.enable = false; networking.firewall.enable = false;

116
configurations/nixos/endurance/default.nix
View file

@ -30,27 +30,19 @@
}; };
networking = { networking = {
hostName = "endurance";
firewall.enable = false; firewall.enable = false;
interfaces.eno1.wakeOnLan.enable = true; interfaces.eno1.wakeOnLan.enable = true;
}; };
# Set your time zone.
time.timeZone = "Europe/Berlin";
console = {
font = "Lat2-Terminus16";
useXkbConfig = true; # use xkbOptions in tty.
};
xdg.portal = {
enable = true;
xdgOpenUsePortal = true;
};
programs = { programs = {
weylus.users = ["toph"]; weylus.users = ["toph"];
gnupg.agent = {
enable = true;
pinentryPackage = pkgs.pinentry-gtk2;
enableSSHSupport = true;
};
dconf.enable = true; dconf.enable = true;
steam = { steam = {
@ -58,10 +50,7 @@
protontricks.enable = true; protontricks.enable = true;
remotePlay.openFirewall = true; remotePlay.openFirewall = true;
}; };
# VR support
envision.enable = true; envision.enable = true;
# For game-related system optimisations
gamemode.enable = true; gamemode.enable = true;
_1password.enable = true; _1password.enable = true;
@ -71,6 +60,20 @@
# require enabling PolKit integration on some desktop environments (e.g. Plasma). # require enabling PolKit integration on some desktop environments (e.g. Plasma).
polkitPolicyOwners = ["toph"]; polkitPolicyOwners = ["toph"];
}; };
obs-studio = {
enable = true;
enableVirtualCamera = true;
plugins = with pkgs.obs-studio-plugins; [
wlrobs
obs-vaapi
obs-pipewire-audio-capture
obs-backgroundremoval
obs-move-transition
droidcam-obs
];
};
}; };
services = { services = {
@ -83,9 +86,6 @@
]; ];
}; };
openssh.enable = true;
openssh.settings.PasswordAuthentication = false;
hardware.openrgb.enable = true; hardware.openrgb.enable = true;
# Bluetooth manager # Bluetooth manager
@ -118,13 +118,6 @@
# ]; # ];
# }; # };
pipewire = {
enable = lib.mkForce true;
alsa.enable = true;
jack.enable = true;
pulse.enable = true;
};
usbmuxd = { usbmuxd = {
enable = true; enable = true;
package = pkgs.usbmuxd2; package = pkgs.usbmuxd2;
@ -147,19 +140,6 @@
pcscd.enable = true; pcscd.enable = true;
}; };
programs = {
thunar.enable = true;
thunar.plugins = with pkgs.xfce; [
thunar-archive-plugin
];
gnupg.agent = {
enable = true;
pinentryPackage = pkgs.pinentry-gtk2;
enableSSHSupport = true;
};
};
environment = { environment = {
# List packages installed in system profile. To search, run: # List packages installed in system profile. To search, run:
# $ nix search wget # $ nix search wget
@ -208,11 +188,6 @@
overdrive.enable = true; overdrive.enable = true;
}; };
bluetooth = {
enable = true;
powerOnBoot = true;
};
graphics = { graphics = {
enable = true; enable = true;
enable32Bit = true; enable32Bit = true;
@ -221,6 +196,11 @@
]; ];
}; };
bluetooth = {
enable = true;
powerOnBoot = true;
};
# SANE scanner support # SANE scanner support
sane = { sane = {
enable = true; enable = true;
@ -237,37 +217,27 @@
keyboard.zsa.enable = true; keyboard.zsa.enable = true;
}; };
system.stateVersion = "23.05"; # Do not change this value! # Do not change this value!
system.stateVersion = "23.05";
# Set up our bootloader boot = {
boot.loader = { # Set up our bootloader
efi.canTouchEfiVariables = true; loader = {
grub = { efi.canTouchEfiVariables = true;
enable = true; grub = {
device = "nodev"; enable = true;
efiSupport = true; device = "nodev";
efiSupport = true;
};
}; };
};
programs.obs-studio = { extraModulePackages = with config.boot.kernelPackages; [
enable = true; v4l2loopback
enableVirtualCamera = true;
plugins = with pkgs.obs-studio-plugins; [
wlrobs
obs-vaapi
obs-pipewire-audio-capture
obs-backgroundremoval
obs-move-transition
droidcam-obs
]; ];
};
boot.extraModulePackages = with config.boot.kernelPackages; [ kernelModules = ["v4l2loopback"];
v4l2loopback extraModprobeConfig = ''
]; options v4l2loopback devices=1 video_nr=1 card_label="OBS Cam" exclusive_caps=1
boot.kernelModules = ["v4l2loopback"]; '';
boot.extraModprobeConfig = '' };
options v4l2loopback devices=1 video_nr=1 card_label="OBS Cam" exclusive_caps=1
'';
} }

16
modules/generic/default.nix
View file

@ -1,12 +1,26 @@
{ pkgs, ... }: { {
pkgs,
hostname,
...
}: {
# the `modules/generic` folder is generic only across nixos and darwin, not # the `modules/generic` folder is generic only across nixos and darwin, not
# across home manager. home modules are in `modules/home` # across home manager. home modules are in `modules/home`
imports = [ imports = [
./nix.nix ./nix.nix
./profiles.nix ./profiles.nix
./secrets.nix ./secrets.nix
./ssh.nix
]; ];
# TODO: Move all of these into their own modules?
console = {
font = "Lat2-Terminus16";
useXkbConfig = true; # use xkbOptions in tty.
};
networking.hostName = hostname;
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
pre-commit pre-commit
git git

5
modules/generic/nix.nix
View file

@ -7,6 +7,11 @@
nix = { nix = {
package = pkgs.lixPackageSets.stable.lix; package = pkgs.lixPackageSets.stable.lix;
# TODO: Is this even needed with lix?
# extraOptions = ''
# experimental-features = nix-command flakes
# '';
# automatic cleanup # automatic cleanup
gc = { gc = {
automatic = true; automatic = true;

10
modules/generic/ssh.nix Normal file
View file

@ -0,0 +1,10 @@
{...}: {
services.openssh = {
enable = true;
settings = {
PasswordAuthentication = false;
# TODO: Determine which user to allow!
AllowUsers = ["toph" "root"];
};
};
}