derped/nixos
1
0
Fork 0
Code Releases Activity

Started work on modularized machine config, does not quite work yet. Changed Ophanim's kernel to hardened.

Browse source
This commit is contained in:
Kevin Baensch 2019-03-17 11:43:14 +01:00
parent 2efae4f888
commit a0f361425a
10 changed files with 162 additions and 63 deletions
Download patch file Download diff file Expand all files Collapse all files

6
config/default.nix
View file

@ -1,8 +1,6 @@
{ config, lib, pkgs, ... }:
let
cfg = import ("/etc/nixos/machines/" + (builtins.replaceStrings ["\n"] [""] (builtins.readFile /etc/hostname)) + "/configuration.nix");
in {
{
imports = [
./etc.nix
./locale.nix
@ -10,5 +8,5 @@ in {
./nix.nix
./users.nix
./zsh.nix
] ++ (if cfg.conf.networking.hostName != "Ophanim" then [./fonts.nix] else [./security.nix]);
] ++ (if (config.machine.hostName != "Ophanim") then [./fonts.nix] else [./security.nix]);
}

16
config/networking.nix
View file

@ -1,18 +1,18 @@
{ config, lib, pkgs, ... }:
let
cfg = import ("/etc/nixos/machines/" + (builtins.replaceStrings ["\n"] [""] (builtins.readFile /etc/hostname)) + "/configuration.nix");
firewallcfg = config.machine.networking.firewall;
in {
networking = {
hostName = cfg.conf.networking.hostName;
# should probably add some etc file for this....
hostName = config.machine.hostName;
firewall = {
enable = true;
allowPing = cfg.conf.networking.firewall.allowPing;
allowedUDPPorts = cfg.conf.networking.firewall.allowedUDPPorts;
allowedTCPPorts = cfg.conf.networking.firewall.allowedTCPPorts;
allowedUDPPortRanges = cfg.conf.networking.firewall.allowedUDPPortRanges;
allowedTCPPortRanges = cfg.conf.networking.firewall.allowedTCPPortRanges;
allowPing = firewallcfg.allowPing;
allowedUDPPorts = firewallcfg.allowedUDPPorts;
allowedTCPPorts = firewallcfg.allowedTCPPorts;
allowedUDPPortRanges = firewallcfg.allowedUDPPortRanges;
allowedTCPPortRanges = firewallcfg.allowedTCPPortRanges;
};
};
}

8
config/users.nix
View file

@ -1,8 +1,6 @@
{ config, lib, pkgs, ... }:
let
cfg = with lib; import ("/etc/nixos/machines/" + (replaceStrings ["\n"] [""] (readFile /etc/hostname)) + "/configuration.nix");
in {
{
users = {
mutableUsers = false;
users.derped = {
@ -11,11 +9,11 @@ in {
createHome = true;
description = "";
group = "derped";
extraGroups = [ "audio" "wheel" "network" ] ++ (if cfg.conf.networking.hostName != "Ophanim" then ["input" "cups" "lp"] else []);
extraGroups = [ "audio" "wheel" "network" ] ++ (if config.machine.hostName != "Ophanim" then ["input" "cups" "lp" "docker"] else []);
uid = 1337;
shell = "/run/current-system/sw/bin/zsh";
passwordFile = "/secret/derped";
openssh.authorizedKeys.keyFiles = (if cfg.conf.networking.hostName != "Ophanim" then [] else [ "/secret/derped.pub" ]);
openssh.authorizedKeys.keyFiles = (if config.machine.hostName != "Ophanim" then [] else [ "/secret/derped.pub" ]);
};
groups.derped = {