hesperidOS/default.nix at main · Erethon/hesperidOS · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
{
  lib,
  pkgs,
  ...
}:
{
  environment.systemPackages = with pkgs; [
    bat
    btop
    curl
    dig
    dool
    dust
    dysk
    eva
    fd
    file
    fzf
    git
    htop
    iotop
    killall
    lsof
    molly-guard
    ncdu
    nmon
    psmisc
    procs
    tmux
    tree
    vim
    wget
    whois
    zsh
  ];

  users.users.dgrig = {
    isNormalUser = true;
    extraGroups = [
      "wheel"
      "plugdev"
      # Needed for USB gadgets and printing
      # "dialout"
      # "lp"
    ];
    initialPassword = "vmonlypass";
    openssh.authorizedKeys.keys = [
      "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIPb9z1U7Sti2lls0mlcmyPwmwD91amKwVlLZHYclSoULAAAABHNzaDo="
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBg4C7jOGuVMxSvUlGaZXf0JD/jag//1kFl5okKhjQhF"
    ];
  };
  users.defaultUserShell = pkgs.zsh;

  security.sudo.wheelNeedsPassword = false;

  programs.zsh.enable = true;

  networking.firewall.enable = true;

  nix = {
    package = pkgs.lix;
    settings = {
        experimental-features = [
          "nix-command"
          "flakes"
        ];
        trusted-users = [ "dgrig" ];
    };
    optimise.automatic = true;
  };
  services = {
    openssh = {
      enable = true;
      ports = [ 222 ];
      settings = {
        PasswordAuthentication = false;
        KbdInteractiveAuthentication = false;
        PermitRootLogin = lib.mkForce "no";
      };
    };
    locate.enable = true;
    speechd.enable = false;
  };
  security.pki.certificates = [
    ''
          ts.erethon
          ==========
      -----BEGIN CERTIFICATE-----
      MIICCTCCAa+gAwIBAgIRANbTaHFEx7Zxj/1vQdt1x80wCgYIKoZIzj0EAwIwMjET
      MBEGA1UEChMKRXJldGhvbiBDQTEbMBkGA1UEAxMSRXJldGhvbiBDQSBSb290IENB
      MB4XDTI2MDEyODEzMDUyOVoXDTI3MDEyODEzMDUyOFowIjEgMB4GA1UEAxMXRXJl
      dGhvbiBJbnRlcm1lZGlhdGUgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR2
      6Kp5br9aXgA7H2Z5UrJnDZx6Q9WffrYhOhM1Z+Uk52olDRmcXWCg0DZFGUhYFoI5
      l/WJATvzfvEZ8/KvgxsAo4G1MIGyMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8E
      CDAGAQH/AgEAMB0GA1UdDgQWBBQOQTGYsWTOGBfa5Hx6Wg4UCdEEnjAfBgNVHSME
      GDAWgBQlc3sO0n/lxGKaDFc2AKWcQ7momTBMBgNVHR4BAf8EQjBAoD4wDIIKdHMu
      ZXJldGhvbjAOggxob21lLmVyZXRob24wDYILLnRzLmVyZXRob24wD4INLmhvbWUu
      ZXJldGhvbjAKBggqhkjOPQQDAgNIADBFAiA+BV1ziSjQ35w7GOYsfrt5+pfIYwYy
      OVxCjsBZODheNAIhAMWpj8i9XAnwBxMYtmt9WdFf7M0/aJlEiqfzqfq70RA6
      -----END CERTIFICATE-----
    ''
  ];

  documentation.doc.enable = false;
}