diff --git a/common/common/default.nix b/common/common/default.nix deleted file mode 100644 index 5ee50ba..0000000 --- a/common/common/default.nix +++ /dev/null @@ -1,64 +0,0 @@ -{ config, pkgs, ... }: - -{ - imports = - [ # - ]; - - # Set your time zone. - time.timeZone = "Europe/Berlin"; - networking.useDHCP = false; - networking.firewall.allowedTCPPorts = [ 19999 ]; - services.netdata.enable = true; - - # Select internationalisation properties. - i18n.defaultLocale = "en_US.UTF-8"; - console = { - font = "Lat2-Terminus16"; - keyMap = "de-latin1"; - }; - - programs.zsh = { - enable = true; - histSize = 10000; - autosuggestions.enable = true; - enableBashCompletion = true; - syntaxHighlighting.enable = true; - promptInit = '' - source ~/.zkbd/$TERM-''${''${DISPLAY:t}:-''$VENDOR-''$OSTYPE} - [[ -n ''${key[Left]} ]] && bindkey "''${key[Left]}" backward-char - [[ -n ''${key[Right]} ]] && bindkey "''${key[Right]}" forward-char - bindkey "''${key[Up]}" up-line-or-search - bindkey "''${key[Home]}" beginning-of-line - bindkey "''${key[End]}" end-of-line - bindkey "''${key[Delete]}" delete-char - function command_not_found_handler() { command-not-found $1 } - alias cat='bat' - eval "$(direnv hook zsh)" - eval "$(starship init zsh)" - ''; - }; - programs.starship.enable = true; - - programs.mtr.enable = true; - nix.settings = { - trusted-users = [ "@wheel" ]; - auto-optimise-store = true; - }; - nix.gc = { - automatic = true; - dates = "weekly"; - options = "--delete-older-than 14d"; - }; - nix.extraOptions = '' - min-free = ${toString (100 * 1024 * 1024)} - max-free = ${toString (1024 * 1024 * 1024)} - ''; - - services.openssh = { - enable = true; - passwordAuthentication = false; - kbdInteractiveAuthentication = false; - permitRootLogin = "yes"; - }; -} \ No newline at end of file diff --git a/common/default.nix b/common/default.nix new file mode 100644 index 0000000..367d3cf --- /dev/null +++ b/common/default.nix @@ -0,0 +1,76 @@ +{ config, pkgs, ... }: + +{ + imports = [ ../users ]; + + # Set your time zone. + time.timeZone = "Europe/Berlin"; + # networking.useDHCP = false; TODO: why was this globally disabled? + networking.firewall.allowedTCPPorts = [ 19999 ]; + services.netdata.enable = true; + + # Select internationalisation properties. + i18n.defaultLocale = "en_US.UTF-8"; + console = { + font = "Lat2-Terminus16"; + keyMap = "de-latin1"; + }; + + environment.systemPackages = with pkgs; [ + wget + vim + tmux + screen + mtr + tcpdump + bat + direnv + starship + ]; + + programs.zsh = { + enable = true; + histSize = 10000; + autosuggestions.enable = true; + enableBashCompletion = true; + syntaxHighlighting.enable = true; + promptInit = '' + source ~/.zkbd/$TERM-''${''${DISPLAY:t}:-$VENDOR-$OSTYPE} + [[ -n ''${key[Left]} ]] && bindkey "''${key[Left]}" backward-char + [[ -n ''${key[Right]} ]] && bindkey "''${key[Right]}" forward-char + bindkey "''${key[Up]}" up-line-or-search + bindkey "''${key[Home]}" beginning-of-line + bindkey "''${key[End]}" end-of-line + bindkey "''${key[Delete]}" delete-char + function command_not_found_handler() { command-not-found $1 } + alias cat='bat' + eval "$(direnv hook zsh)" + eval "$(starship init zsh)" + ''; + }; + programs.starship.enable = true; + + programs.mtr.enable = true; + nix.settings = { + trusted-users = [ "@wheel" ]; + auto-optimise-store = true; + }; + nix.gc = { + automatic = true; + dates = "weekly"; + options = "--delete-older-than 14d"; + }; + nix.extraOptions = '' + min-free = ${toString (100 * 1024 * 1024)} + max-free = ${toString (1024 * 1024 * 1024)} + ''; + + services.openssh = { + enable = true; + passwordAuthentication = false; + kbdInteractiveAuthentication = false; + permitRootLogin = "yes"; + }; + + security.sudo.wheelNeedsPassword = false; +} diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..daf7715 --- /dev/null +++ b/flake.lock @@ -0,0 +1,27 @@ +{ + "nodes": { + "nixpkgs": { + "locked": { + "lastModified": 1657114324, + "narHash": "sha256-fWuaUNXrHcz/ciHRHlcSO92dvV3EVS0GJQUSBO5JIB4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "a5c867d9fe9e4380452628e8f171c26b69fa9d3d", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "nixpkgs": "nixpkgs" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix index 9c85ec5..3bc393b 100644 --- a/flake.nix +++ b/flake.nix @@ -1,25 +1,36 @@ { - inputs = { - nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; - }; - outputs = { nixpkgs, ... }: { - colmena = { - - meta = { - nixpkgs = import nixpkgs { - system = "x86_64-linux"; - }; - }; - - - pre-router = { config, pkgs, ... }:{ - imports = [./hosts/pre-router/configuration.nix]; - deployment.targetHost = "lightbuffet.entr0py.cloud"; - deployment.keys = { - - }; - }; - + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; + }; + outputs = { nixpkgs, ... }: { + colmena = { + meta = { + nixpkgs = import nixpkgs { + system = "x86_64-linux"; + overlays = [ (final: prev: import ./packages final prev) ]; }; + }; + + defaults = { config, lib, name, ... }: { + imports = [ + (./. + "/hosts/${name}/configuration.nix") + ./modules + ./common + ]; + + deployment.targetUser = null; + }; + + pre-router = { config, pkgs, ... }: { + deployment.targetHost = "lightbuffet.entr0py.cloud"; + deployment.keys = { + + }; + }; + + pre-yate-n0emis = { config, pkgs, ... }: { + deployment.targetHost = "10.152.4.91"; + }; }; -} \ No newline at end of file + }; +} diff --git a/hosts/pre-router/configuration.nix b/hosts/pre-router/configuration.nix index 7918530..8fa5077 100644 --- a/hosts/pre-router/configuration.nix +++ b/hosts/pre-router/configuration.nix @@ -9,7 +9,7 @@ ./dns.nix ./ipv6.nix ./nginx.nix - ]; + ]; # Use the systemd-boot EFI boot loader. boot.loader.systemd-boot.enable = true; @@ -17,94 +17,12 @@ networking.hostName = "pre-router"; # Define your hostname. - # Set your time zone. - time.timeZone = "Europe/Berlin"; - # The global useDHCP flag is deprecated, therefore explicitly set to false here. # Per-interface useDHCP will be mandatory in the future, so this generated config # replicates the default behaviour. networking.useDHCP = false; #networking.interfaces.ens18.useDHCP = false; #networking.interfaces.ens19.useDHCP = false; - networking.firewall.allowedTCPPorts = [ 19999 ]; - services.netdata.enable = true; - - # Select internationalisation properties. - i18n.defaultLocale = "en_US.UTF-8"; - console = { - font = "Lat2-Terminus16"; - keyMap = "de-latin1"; - }; - - - users.users.garionion = { - isNormalUser = true; - shell = pkgs.zsh; - packages = with pkgs; [ - wget vim screen mtr iperf - htop dstat dnsutils nettools tcpdump - git bat starship direnv - ]; - hashedPassword = "$6$NMzXsfARs2HVA4iq$55uxWCANME/HsjIg9HmZyxqGwlr7RpJfCcMad2OhbmUiHhdnOh/v9TDwT3Vt0mu9HE37Fh3b1g2yyEa3Dxxg80"; - extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. - openssh.authorizedKeys.keys = ["ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAGw3Yuee8oSXSEqmoMzrqQrUizKV9sJbJMxAUC01wxvbxevAqFEpiGrznnu3K0HN3sfKItjqGkNDPDQ+mIlQwdwJAE0GyJIx9CMvo1RPugKSJ5rFh/vEgJTNMPaeYUb/L2rn3WEZHrZI5wwf+z4ljSHCVetAnaMKjk/+QQWgBHdvNImmA== gari@darwin"]; - }; - programs.zsh = { - enable = true; - histSize = 10000; - autosuggestions.enable = true; - enableBashCompletion = true; - syntaxHighlighting.enable = true; - promptInit = '' - source ~/.zkbd/$TERM-''${''${DISPLAY:t}:-''$VENDOR-''$OSTYPE} - [[ -n ''${key[Left]} ]] && bindkey "''${key[Left]}" backward-char - [[ -n ''${key[Right]} ]] && bindkey "''${key[Right]}" forward-char - bindkey "''${key[Up]}" up-line-or-search - bindkey "''${key[Home]}" beginning-of-line - bindkey "''${key[End]}" end-of-line - bindkey "''${key[Delete]}" delete-char - function command_not_found_handler() { command-not-found $1 } - alias cat='bat' - eval "$(direnv hook zsh)" - eval "$(starship init zsh)" - ''; - }; - programs.starship = { - enable = true; - settings = { - # add_newline = false; - # character = { - # success_symbol = "[➜](bold green)"; - # error_symbol = "[➜](bold red)"; - # }; - # package.disabled = true; - }; - }; - - programs.mtr.enable = true; - nix.settings = { - trusted-users = [ "@wheel" ]; - auto-optimise-store = true; - }; - nix.gc = { - automatic = true; - dates = "weekly"; - options = "--delete-older-than 14d"; - }; - nix.extraOptions = '' - min-free = ${toString (100 * 1024 * 1024)} - max-free = ${toString (1024 * 1024 * 1024)} - ''; - - # List services that you want to enable: - - services.openssh = { - enable = true; - passwordAuthentication = false; - kbdInteractiveAuthentication = false; - permitRootLogin = "yes"; - }; - # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions @@ -114,4 +32,4 @@ # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "21.11"; # Did you read the comment? -} \ No newline at end of file +} diff --git a/hosts/pre-yate-n0emis/configuration.nix b/hosts/pre-yate-n0emis/configuration.nix new file mode 100644 index 0000000..8b54818 --- /dev/null +++ b/hosts/pre-yate-n0emis/configuration.nix @@ -0,0 +1,38 @@ +{ config, pkgs, ... }: + +{ + imports = + [ # Include the results of the hardware scan. + ./hardware-configuration.nix + ]; + + # Use the GRUB 2 boot loader. + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + boot.loader.grub.device = "/dev/sda"; + + networking.hostName = "pre-yate-n0emis"; + + networking.useNetworkd = true; + systemd.network = { + links."10-eth0" = { + matchConfig.MACAddress = "4a:a6:0d:b9:3b:82"; + linkConfig.Name = "eth0"; + }; + networks."10-eth0" = { + matchConfig = { + Name = "eth0"; + }; + DHCP = "yes"; + }; + }; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "22.05"; # Did you read the comment? + +} diff --git a/hosts/pre-yate-n0emis/hardware-configuration.nix b/hosts/pre-yate-n0emis/hardware-configuration.nix new file mode 100644 index 0000000..879694c --- /dev/null +++ b/hosts/pre-yate-n0emis/hardware-configuration.nix @@ -0,0 +1,31 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/d3e87ae2-fb17-44f0-b113-14b185a2c845"; + fsType = "ext4"; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.ens18.useDHCP = lib.mkDefault true; + + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/modules/default.nix b/modules/default.nix new file mode 100644 index 0000000..a1e96dd --- /dev/null +++ b/modules/default.nix @@ -0,0 +1,7 @@ +{ ... }: + +{ + imports = [ + ./yate + ]; +} diff --git a/modules/yate/default.nix b/modules/yate/default.nix new file mode 100644 index 0000000..b766f54 --- /dev/null +++ b/modules/yate/default.nix @@ -0,0 +1,61 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let cfg = config.services.yate; +in { + options = { + services.yate = { + enable = mkEnableOption "yate"; + config = mkOption { + type = with types; attrsOf anything; + default = { }; + }; + }; + }; + config = let + mkCfgFile = name: config: + let + content = + if (isString config) then config else generators.toINI { } config; + in { "yate/${name}.conf".text = content; }; + environmentFiles = mkMerge + (map (key: mkCfgFile key (getAttr key cfg.config)) + (attrNames cfg.config)); + in mkIf cfg.enable { + environment.etc = environmentFiles; + systemd.services.yate = { + description = "YATE Telephony Server"; + wantedBy = [ "multi-user.target" ]; + after = [ "network-online.target" "postgresql.service" ]; + + environment = { PWLIB_ASSERT_ACTION = "C"; }; + + serviceConfig = { + Type = "forking"; + ExecStart = + "${pkgs.yate}/bin/yate -d -p /run/yate/yate.pid -c /etc/yate -F -s -q -DF -r -l /var/lib/yate/yate.log"; + ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; + User = "yate"; + Group = "yate"; + AmbientCapabilities = "CAP_NET_BIND_SERVICE"; + RuntimeDirectory = "yate"; + RuntimeDirectoryMode = "0755"; + StateDirectory = "yate"; + StateDirectoryMode = "0700"; + PIDFile = "/run/yate/yate.pid"; + TimeoutSec = 30; + }; + + reloadTriggers = + map (name: config.environment.etc."yate/${name}.conf".source) + (attrNames cfg.config); + }; + + users.users.yate = { + isSystemUser = true; + group = "yate"; + }; + users.groups.yate = { }; + }; +} diff --git a/packages/default.nix b/packages/default.nix new file mode 100644 index 0000000..99e3c81 --- /dev/null +++ b/packages/default.nix @@ -0,0 +1,18 @@ +self: super: { + freeradius = super.freeradius.override { + withJson = true; + withRest = true; + }; + + python3 = let packageOverrides = final: prev: import ./python final prev; + in super.python3.override { inherit packageOverrides; }; + + yate = super.yate.overrideAttrs (old: { + configureFlags = + [ "--with-libpq=${self.postgresql.withPackages (ps: [ ])}" ]; + }); + + t38modem = self.callPackage ./t38modem.nix { }; + ptlib = self.callPackage ./ptlib.nix { }; + opal = self.callPackage ./opal.nix { }; +} diff --git a/packages/opal.nix b/packages/opal.nix new file mode 100644 index 0000000..477c857 --- /dev/null +++ b/packages/opal.nix @@ -0,0 +1,19 @@ +{ stdenv, fetchurl, pkg-config, ptlib, openssl, libopus, spandsp }: + +let + pname = "opal"; + version = "3.18.6"; + hash = "sha256-L/0784mYza2p866Fal5pvvQ4IJjC9b5VSFwQ89jSYUw="; + +in stdenv.mkDerivation { + inherit pname version; + + src = fetchurl { + url = + "mirror://sourceforge/project/opalvoip/v3.18%20Cygni/Stable%206/opal-${version}.tar.bz2"; + inherit hash; + }; + + buildInputs = [ pkg-config ]; + nativeBuildInputs = [ ptlib openssl libopus spandsp ]; +} diff --git a/packages/ptlib-pidfile.patch b/packages/ptlib-pidfile.patch new file mode 100644 index 0000000..216592f --- /dev/null +++ b/packages/ptlib-pidfile.patch @@ -0,0 +1,43 @@ +diff --git a/src/ptlib/unix/channel.cxx b/src/ptlib/unix/channel.cxx +index 2935644..80c8d09 100644 +--- a/src/ptlib/unix/channel.cxx ++++ b/src/ptlib/unix/channel.cxx +@@ -34,6 +34,7 @@ + #pragma implementation "channel.h" + #pragma implementation "indchan.h" + ++#include + #include + #include + +diff --git a/src/ptlib/unix/svcproc.cxx b/src/ptlib/unix/svcproc.cxx +index 4f21025..2c957ef 100644 +--- a/src/ptlib/unix/svcproc.cxx ++++ b/src/ptlib/unix/svcproc.cxx +@@ -217,7 +217,7 @@ int PServiceProcess::InitialiseService() + pid_t pid; + + { +- ifstream pidfile(pidfilename); ++ ifstream pidfile((const char *)pidfilename); + if (!pidfile.is_open()) { + cout << "Could not open pid file: \"" << pidfilename << "\"" + " - " << strerror(errno) << endl; +@@ -384,7 +384,7 @@ int PServiceProcess::InitialiseService() + // Run as a daemon, ie fork + + if (!pidfilename) { +- ifstream pidfile(pidfilename); ++ ifstream pidfile((const char *)pidfilename); + if (pidfile.is_open()) { + pid_t pid; + pidfile >> pid; +@@ -412,7 +412,7 @@ int PServiceProcess::InitialiseService() + cout << "Daemon started with pid " << pid << endl; + if (!pidfilename) { + // Write out the child pid to magic file in /var/run (at least for linux) +- ofstream pidfile(pidfilename); ++ ofstream pidfile((const char *)pidfilename); + if (pidfile.is_open()) + pidfile << pid; + else diff --git a/packages/ptlib.nix b/packages/ptlib.nix new file mode 100644 index 0000000..2589c96 --- /dev/null +++ b/packages/ptlib.nix @@ -0,0 +1,26 @@ +{ stdenv, fetchurl, pkg-config, flex, bison }: + +let + pname = "ptlib"; + version = "2.18.6"; + hash = "sha256-31HndbsCS73uU0yvJW7/YA7s56+9V2itafuLPqllE2Y="; + +in stdenv.mkDerivation { + inherit pname version; + + src = fetchurl { + url = + "mirror://sourceforge/project/opalvoip/v3.18%20Cygni/Stable%206/ptlib-${version}.tar.bz2"; + inherit hash; + }; + + #patches = [ + # ./ptlib-pidfile.patch + #]; + + buildInputs = [ pkg-config ]; + nativeBuildInputs = [ flex bison ]; + + #NIX_CFLAGS_COMPILE = [ "-fpermissive" ]; + #CXXFLAGS = "-std=gnu++98"; +} diff --git a/packages/python/default.nix b/packages/python/default.nix new file mode 100644 index 0000000..74cfb2d --- /dev/null +++ b/packages/python/default.nix @@ -0,0 +1,4 @@ +self: super: { + python-yate = self.callPackage ./python-yate { }; + ywsd = self.callPackage ./ywsd { }; +} diff --git a/packages/python/python-yate/default.nix b/packages/python/python-yate/default.nix new file mode 100644 index 0000000..3b85fe3 --- /dev/null +++ b/packages/python/python-yate/default.nix @@ -0,0 +1,15 @@ +{ lib, buildPythonPackage, fetchPypi, async-timeout }: + +buildPythonPackage rec { + pname = "python-yate"; + version = "0.3.1"; + + src = fetchPypi { + inherit pname version; + sha256 = "5e806802dc47a35c855b60cd459a2c98fb0109c7fc099f3e9f83a1a38abf9f90"; + }; + + propagatedBuildInputs = [ async-timeout ]; + + pythonImportsCheck = [ "yate" ]; +} diff --git a/packages/python/ywsd/count.patch b/packages/python/ywsd/count.patch new file mode 100644 index 0000000..0455b78 --- /dev/null +++ b/packages/python/ywsd/count.patch @@ -0,0 +1,14 @@ +diff --git a/ywsd/objects.py b/ywsd/objects.py +index 4ce29fb..a535e76 100644 +--- a/ywsd/objects.py ++++ b/ywsd/objects.py +@@ -178,7 +178,8 @@ class ActiveCall: + async def is_active_call(cls, username, x_eventphone_id, db_connection): + return ( + await db_connection.scalar( +- cls.table.count() ++ sa.select(sa.func.count('*')) ++ .select_from(cls.table) + .where(cls.table.c.username == username) + .where(cls.table.c.x_eventphone_id == x_eventphone_id) + ) diff --git a/packages/python/ywsd/default.nix b/packages/python/ywsd/default.nix new file mode 100644 index 0000000..535ca83 --- /dev/null +++ b/packages/python/ywsd/default.nix @@ -0,0 +1,20 @@ +{ lib, buildPythonApplication, fetchFromGitHub, aiopg, aiohttp, python-yate +, pyyaml, sqlalchemy }: + +buildPythonApplication rec { + pname = "ywsd"; + version = "0.11.0"; + + src = fetchFromGitHub { + owner = "eventphone"; + repo = pname; + rev = "v${version}"; + sha256 = "sha256-9DloJSKR3Ck4Bsc0ICcAAD6LHIMeOHTe2rCx6nPINT4="; + }; + + patches = [ ./count.patch ]; + + propagatedBuildInputs = [ aiopg aiohttp python-yate pyyaml sqlalchemy ]; + + doCheck = false; +} diff --git a/packages/t38modem.nix b/packages/t38modem.nix new file mode 100644 index 0000000..3d97807 --- /dev/null +++ b/packages/t38modem.nix @@ -0,0 +1,33 @@ +{ stdenv, fetchFromGitHub, pkg-config, opal, ptlib }: + +let + pname = "t38modem"; + version = "4.6.0"; + hash = "sha256-631xF1Q9Nd0sMBEHtqgqn1SEUEZweneqLJMNVEO2DJo="; + +in stdenv.mkDerivation { + inherit pname version; + src = fetchFromGitHub { + owner = "T38modem"; + repo = pname; + rev = "v${version}"; + inherit hash; + }; + + buildInputs = [ pkg-config ]; + + nativeBuildInputs = [ ptlib opal ]; + + buildFlags = [ + "PTLIBDIR=${ptlib}/share/ptlib" + "USE_OPAL=1" + "OPALDIR=${opal}/share/opal" + ]; + + installPhase = '' + mkdir -p $out/bin + cp t38modem $out/bin + ''; + + NIX_CFLAGS_COMPILE = [ "-Wno-narrowing" ]; +} diff --git a/users/default.nix b/users/default.nix new file mode 100644 index 0000000..5302512 --- /dev/null +++ b/users/default.nix @@ -0,0 +1,8 @@ +{ ... }: + +{ + imports = [ + ./garionion + ./n0emis + ]; +} diff --git a/users/garionion/default.nix b/users/garionion/default.nix index e5d6b5c..478be8f 100644 --- a/users/garionion/default.nix +++ b/users/garionion/default.nix @@ -1,15 +1,21 @@ -{ config, pkgs, ... }: -{ +{ config, pkgs, ... }: { users.users.garionion = { - isNormalUser = true; - shell = pkgs.zsh; - packages = with pkgs; [ - wget vim screen mtr iperf - htop dstat dnsutils nettools tcpdump - git bat starship direnv - ]; - hashedPassword = "$6$NMzXsfARs2HVA4iq$55uxWCANME/HsjIg9HmZyxqGwlr7RpJfCcMad2OhbmUiHhdnOh/v9TDwT3Vt0mu9HE37Fh3b1g2yyEa3Dxxg80"; - extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. - openssh.authorizedKeys.keys = ["ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAGw3Yuee8oSXSEqmoMzrqQrUizKV9sJbJMxAUC01wxvbxevAqFEpiGrznnu3K0HN3sfKItjqGkNDPDQ+mIlQwdwJAE0GyJIx9CMvo1RPugKSJ5rFh/vEgJTNMPaeYUb/L2rn3WEZHrZI5wwf+z4ljSHCVetAnaMKjk/+QQWgBHdvNImmA== gari@darwin"]; - }; -} \ No newline at end of file + isNormalUser = true; + shell = pkgs.zsh; + packages = with pkgs; [ + iperf + htop + dstat + dnsutils + nettools + tcpdump + git + ]; + hashedPassword = + "$6$NMzXsfARs2HVA4iq$55uxWCANME/HsjIg9HmZyxqGwlr7RpJfCcMad2OhbmUiHhdnOh/v9TDwT3Vt0mu9HE37Fh3b1g2yyEa3Dxxg80"; + extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. + openssh.authorizedKeys.keys = [ + "ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAGw3Yuee8oSXSEqmoMzrqQrUizKV9sJbJMxAUC01wxvbxevAqFEpiGrznnu3K0HN3sfKItjqGkNDPDQ+mIlQwdwJAE0GyJIx9CMvo1RPugKSJ5rFh/vEgJTNMPaeYUb/L2rn3WEZHrZI5wwf+z4ljSHCVetAnaMKjk/+QQWgBHdvNImmA== gari@darwin" + ]; + }; +} diff --git a/users/n0emis/default.nix b/users/n0emis/default.nix new file mode 100644 index 0000000..6a44b0d --- /dev/null +++ b/users/n0emis/default.nix @@ -0,0 +1,16 @@ +{ config, pkgs, ... }: + +{ + users.users.n0emis = { + isNormalUser = true; + shell = pkgs.zsh; + packages = with pkgs; [ htop dnsutils nettools tcpdump git jq tree ]; + hashedPassword = + "$6$ZvdWexF9y28IrjyW$lxz27/eFjDZWUPY7Lox0aDXO0.TgMBzygZqNSp1HU7itaMI0KbtAOX2H3uZ9hlEo21z.K.JEE.V/b.HpmN.4y1"; + extraGroups = [ "wheel" ]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEcOPtW5FWNIdlMQFoqeyA1vHw+cA8ft8oXSbXPzQNL9 n0emis@n0emis.eu" + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8xqVakxJ+AwcIrS/wyL03N++pE09epwMFlIMXWvlpwwEp1J/0H7nygwxk/9LIZdabs/ETWn0s8oHAkc7YR1c6ajSTCDiZEYATAWt7t8t4Gw/80c8u8T50lIqmiDEEVbOVv3Vta/pAN4hAUp9U5DpYCkQbvF+NKKcK3Yp8d9usNC6ohqgTK+IGAEdMhvpbbNppDMXoWHuynBzUX7TS6ST6yEr0tD+CBbCpbfcMuwTI3lNtfywEVpuFaeHqDZx2QDrEX4bg0dRKgQstbXYdqmBfnOiBpUr8Wyl8U1J24rN+E07pBw/8KDGWbVg19/Ex8o4ht/p5voUfKVjD/DwWXTLntBirjfAgQAm4GH/qP4x3zNiTtlYlQFbXSk6VEVrTrxCB5rTWvGnhg31tk5P3YwvagDmGABazY5s/8tlttSc1yWBctWQJCjxSqcCLekxG4D1rVuGKCKOZgflQ9QFdQlKycInPBek3zi0i3GYkE1YnNFye5ggOnxT8qGuKjfdtZI9qvMJQO8lbEDzbYQvNns1V/k4ZobiihYwrG5TJUzZFEpMYetDK6tI8BRU11d+ja0jWzguj5/7wc0nrr/BiZ8FkAr2fZ60j2aI5kG0s3qjbrQbB/RXaGP9hRU0+480+IokNJJIcjv5iwH5ophdrjC8GH4So2kPPt0NXob1yNysdjw== n0emis@noemis.me (OLD)" + ]; + }; +}