1
0

Compare commits

...

2 Commits

Author SHA1 Message Date
Ember 'n0emis' Keske
01560fbcad
add nixdeploy and deployment-script 2022-07-07 20:07:53 +02:00
Ember 'n0emis' Keske
97ebfe5ad2
add n0emis, some packages and pre-yate-n0emis 2022-07-07 19:46:59 +02:00
25 changed files with 616 additions and 184 deletions

View File

@ -1 +1,18 @@
# VCP Bundeslager 2022 Nixfiles
## How to deploy
```
./deploy.sh apply switch --on vpn7
```
or to deploy all gateways:
```
./deploy.sh apply switch --on gateway
```
There is a special case for the nixdeploy-host:
```
./deploy.sh apply-local switch --sudo --node nixdeploy
```

View File

@ -1,64 +0,0 @@
{ config, pkgs, ... }:
{
imports =
[ #
];
# Set your time zone.
time.timeZone = "Europe/Berlin";
networking.useDHCP = false;
networking.firewall.allowedTCPPorts = [ 19999 ];
services.netdata.enable = true;
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
console = {
font = "Lat2-Terminus16";
keyMap = "de-latin1";
};
programs.zsh = {
enable = true;
histSize = 10000;
autosuggestions.enable = true;
enableBashCompletion = true;
syntaxHighlighting.enable = true;
promptInit = ''
source ~/.zkbd/$TERM-''${''${DISPLAY:t}:-''$VENDOR-''$OSTYPE}
[[ -n ''${key[Left]} ]] && bindkey "''${key[Left]}" backward-char
[[ -n ''${key[Right]} ]] && bindkey "''${key[Right]}" forward-char
bindkey "''${key[Up]}" up-line-or-search
bindkey "''${key[Home]}" beginning-of-line
bindkey "''${key[End]}" end-of-line
bindkey "''${key[Delete]}" delete-char
function command_not_found_handler() { command-not-found $1 }
alias cat='bat'
eval "$(direnv hook zsh)"
eval "$(starship init zsh)"
'';
};
programs.starship.enable = true;
programs.mtr.enable = true;
nix.settings = {
trusted-users = [ "@wheel" ];
auto-optimise-store = true;
};
nix.gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 14d";
};
nix.extraOptions = ''
min-free = ${toString (100 * 1024 * 1024)}
max-free = ${toString (1024 * 1024 * 1024)}
'';
services.openssh = {
enable = true;
passwordAuthentication = false;
kbdInteractiveAuthentication = false;
permitRootLogin = "yes";
};
}

76
common/default.nix Normal file
View File

@ -0,0 +1,76 @@
{ config, pkgs, ... }:
{
imports = [ ../users ];
# Set your time zone.
time.timeZone = "Europe/Berlin";
# networking.useDHCP = false; TODO: why was this globally disabled?
networking.firewall.allowedTCPPorts = [ 19999 ];
services.netdata.enable = true;
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
console = {
font = "Lat2-Terminus16";
keyMap = "de-latin1";
};
environment.systemPackages = with pkgs; [
wget
vim
tmux
screen
mtr
tcpdump
bat
direnv
starship
];
programs.zsh = {
enable = true;
histSize = 10000;
autosuggestions.enable = true;
enableBashCompletion = true;
syntaxHighlighting.enable = true;
promptInit = ''
source ~/.zkbd/$TERM-''${''${DISPLAY:t}:-$VENDOR-$OSTYPE}
[[ -n ''${key[Left]} ]] && bindkey "''${key[Left]}" backward-char
[[ -n ''${key[Right]} ]] && bindkey "''${key[Right]}" forward-char
bindkey "''${key[Up]}" up-line-or-search
bindkey "''${key[Home]}" beginning-of-line
bindkey "''${key[End]}" end-of-line
bindkey "''${key[Delete]}" delete-char
function command_not_found_handler() { command-not-found $1 }
alias cat='bat'
eval "$(direnv hook zsh)"
eval "$(starship init zsh)"
'';
};
programs.starship.enable = true;
programs.mtr.enable = true;
nix.settings = {
trusted-users = [ "@wheel" ];
auto-optimise-store = true;
};
nix.gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 14d";
};
nix.extraOptions = ''
min-free = ${toString (100 * 1024 * 1024)}
max-free = ${toString (1024 * 1024 * 1024)}
'';
services.openssh = {
enable = true;
passwordAuthentication = false;
kbdInteractiveAuthentication = false;
permitRootLogin = "yes";
};
security.sudo.wheelNeedsPassword = false;
}

6
deploy.sh Executable file
View File

@ -0,0 +1,6 @@
#!/usr/bin/env bash
DEPLOY_HOST="nixdeploy.bula22.de"
rsync -r . ${DEPLOY_HOST}:bula-nixfiles/
ssh -tA ${DEPLOY_HOST} "cd bula-nixfiles && colmena $@"

27
flake.lock Normal file
View File

@ -0,0 +1,27 @@
{
"nodes": {
"nixpkgs": {
"locked": {
"lastModified": 1657114324,
"narHash": "sha256-fWuaUNXrHcz/ciHRHlcSO92dvV3EVS0GJQUSBO5JIB4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "a5c867d9fe9e4380452628e8f171c26b69fa9d3d",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"nixpkgs": "nixpkgs"
}
}
},
"root": "root",
"version": 7
}

View File

@ -4,22 +4,38 @@
};
outputs = { nixpkgs, ... }: {
colmena = {
meta = {
nixpkgs = import nixpkgs {
system = "x86_64-linux";
overlays = [ (final: prev: import ./packages final prev) ];
};
};
defaults = { config, lib, name, ... }: {
imports = [
(./. + "/hosts/${name}/configuration.nix")
./modules
./common
];
pre-router = { config, pkgs, ... }:{
imports = [./hosts/pre-router/configuration.nix];
deployment.targetUser = null;
};
nixdeploy = {...}: {
deployment.targetHost = "nixdeploy.bula22.de";
deployment.allowLocalDeployment = true;
};
pre-router = { config, pkgs, ... }: {
deployment.targetHost = "lightbuffet.entr0py.cloud";
deployment.keys = {
};
};
pre-yate-n0emis = { config, pkgs, ... }: {
deployment.targetHost = "2001:470:7694::5e5";
};
};
};
}

View File

@ -0,0 +1,40 @@
{ config, pkgs, ... }:
{
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
];
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
networking.hostName = "nixdeploy";
networking.useNetworkd = true;
systemd.network = {
links."10-eth0" = {
matchConfig.MACAddress = "5e:1b:ed:a2:91:d1";
linkConfig.Name = "eth0";
};
networks."10-eth0" = {
matchConfig = {
Name = "eth0";
};
DHCP = "yes";
address = [ "2a01:4f8:1c0c:8221:1337:42:10:1/64" ];
};
};
environment.systemPackages = with pkgs; [ colmena ];
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "22.05"; # Did you read the comment?
}

View File

@ -0,0 +1,37 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/ab8ef984-07ee-47a4-a92d-59f57aee1018";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/73F5-5E82";
fsType = "vfat";
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.ens18.useDHCP = lib.mkDefault true;
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

View File

@ -17,94 +17,12 @@
networking.hostName = "pre-router"; # Define your hostname.
# Set your time zone.
time.timeZone = "Europe/Berlin";
# The global useDHCP flag is deprecated, therefore explicitly set to false here.
# Per-interface useDHCP will be mandatory in the future, so this generated config
# replicates the default behaviour.
networking.useDHCP = false;
#networking.interfaces.ens18.useDHCP = false;
#networking.interfaces.ens19.useDHCP = false;
networking.firewall.allowedTCPPorts = [ 19999 ];
services.netdata.enable = true;
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
console = {
font = "Lat2-Terminus16";
keyMap = "de-latin1";
};
users.users.garionion = {
isNormalUser = true;
shell = pkgs.zsh;
packages = with pkgs; [
wget vim screen mtr iperf
htop dstat dnsutils nettools tcpdump
git bat starship direnv
];
hashedPassword = "$6$NMzXsfARs2HVA4iq$55uxWCANME/HsjIg9HmZyxqGwlr7RpJfCcMad2OhbmUiHhdnOh/v9TDwT3Vt0mu9HE37Fh3b1g2yyEa3Dxxg80";
extraGroups = [ "wheel" ]; # Enable sudo for the user.
openssh.authorizedKeys.keys = ["ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAGw3Yuee8oSXSEqmoMzrqQrUizKV9sJbJMxAUC01wxvbxevAqFEpiGrznnu3K0HN3sfKItjqGkNDPDQ+mIlQwdwJAE0GyJIx9CMvo1RPugKSJ5rFh/vEgJTNMPaeYUb/L2rn3WEZHrZI5wwf+z4ljSHCVetAnaMKjk/+QQWgBHdvNImmA== gari@darwin"];
};
programs.zsh = {
enable = true;
histSize = 10000;
autosuggestions.enable = true;
enableBashCompletion = true;
syntaxHighlighting.enable = true;
promptInit = ''
source ~/.zkbd/$TERM-''${''${DISPLAY:t}:-''$VENDOR-''$OSTYPE}
[[ -n ''${key[Left]} ]] && bindkey "''${key[Left]}" backward-char
[[ -n ''${key[Right]} ]] && bindkey "''${key[Right]}" forward-char
bindkey "''${key[Up]}" up-line-or-search
bindkey "''${key[Home]}" beginning-of-line
bindkey "''${key[End]}" end-of-line
bindkey "''${key[Delete]}" delete-char
function command_not_found_handler() { command-not-found $1 }
alias cat='bat'
eval "$(direnv hook zsh)"
eval "$(starship init zsh)"
'';
};
programs.starship = {
enable = true;
settings = {
# add_newline = false;
# character = {
# success_symbol = "[➜](bold green)";
# error_symbol = "[➜](bold red)";
# };
# package.disabled = true;
};
};
programs.mtr.enable = true;
nix.settings = {
trusted-users = [ "@wheel" ];
auto-optimise-store = true;
};
nix.gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 14d";
};
nix.extraOptions = ''
min-free = ${toString (100 * 1024 * 1024)}
max-free = ${toString (1024 * 1024 * 1024)}
'';
# List services that you want to enable:
services.openssh = {
enable = true;
passwordAuthentication = false;
kbdInteractiveAuthentication = false;
permitRootLogin = "yes";
};
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions

View File

@ -0,0 +1,38 @@
{ config, pkgs, ... }:
{
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
];
# Use the GRUB 2 boot loader.
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.device = "/dev/sda";
networking.hostName = "pre-yate-n0emis";
networking.useNetworkd = true;
systemd.network = {
links."10-eth0" = {
matchConfig.MACAddress = "4a:a6:0d:b9:3b:82";
linkConfig.Name = "eth0";
};
networks."10-eth0" = {
matchConfig = {
Name = "eth0";
};
DHCP = "yes";
};
};
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "22.05"; # Did you read the comment?
}

View File

@ -0,0 +1,31 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/d3e87ae2-fb17-44f0-b113-14b185a2c845";
fsType = "ext4";
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.ens18.useDHCP = lib.mkDefault true;
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

7
modules/default.nix Normal file
View File

@ -0,0 +1,7 @@
{ ... }:
{
imports = [
./yate
];
}

61
modules/yate/default.nix Normal file
View File

@ -0,0 +1,61 @@
{ config, lib, pkgs, ... }:
with lib;
let cfg = config.services.yate;
in {
options = {
services.yate = {
enable = mkEnableOption "yate";
config = mkOption {
type = with types; attrsOf anything;
default = { };
};
};
};
config = let
mkCfgFile = name: config:
let
content =
if (isString config) then config else generators.toINI { } config;
in { "yate/${name}.conf".text = content; };
environmentFiles = mkMerge
(map (key: mkCfgFile key (getAttr key cfg.config))
(attrNames cfg.config));
in mkIf cfg.enable {
environment.etc = environmentFiles;
systemd.services.yate = {
description = "YATE Telephony Server";
wantedBy = [ "multi-user.target" ];
after = [ "network-online.target" "postgresql.service" ];
environment = { PWLIB_ASSERT_ACTION = "C"; };
serviceConfig = {
Type = "forking";
ExecStart =
"${pkgs.yate}/bin/yate -d -p /run/yate/yate.pid -c /etc/yate -F -s -q -DF -r -l /var/lib/yate/yate.log";
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
User = "yate";
Group = "yate";
AmbientCapabilities = "CAP_NET_BIND_SERVICE";
RuntimeDirectory = "yate";
RuntimeDirectoryMode = "0755";
StateDirectory = "yate";
StateDirectoryMode = "0700";
PIDFile = "/run/yate/yate.pid";
TimeoutSec = 30;
};
reloadTriggers =
map (name: config.environment.etc."yate/${name}.conf".source)
(attrNames cfg.config);
};
users.users.yate = {
isSystemUser = true;
group = "yate";
};
users.groups.yate = { };
};
}

18
packages/default.nix Normal file
View File

@ -0,0 +1,18 @@
self: super: {
freeradius = super.freeradius.override {
withJson = true;
withRest = true;
};
python3 = let packageOverrides = final: prev: import ./python final prev;
in super.python3.override { inherit packageOverrides; };
yate = super.yate.overrideAttrs (old: {
configureFlags =
[ "--with-libpq=${self.postgresql.withPackages (ps: [ ])}" ];
});
t38modem = self.callPackage ./t38modem.nix { };
ptlib = self.callPackage ./ptlib.nix { };
opal = self.callPackage ./opal.nix { };
}

19
packages/opal.nix Normal file
View File

@ -0,0 +1,19 @@
{ stdenv, fetchurl, pkg-config, ptlib, openssl, libopus, spandsp }:
let
pname = "opal";
version = "3.18.6";
hash = "sha256-L/0784mYza2p866Fal5pvvQ4IJjC9b5VSFwQ89jSYUw=";
in stdenv.mkDerivation {
inherit pname version;
src = fetchurl {
url =
"mirror://sourceforge/project/opalvoip/v3.18%20Cygni/Stable%206/opal-${version}.tar.bz2";
inherit hash;
};
buildInputs = [ pkg-config ];
nativeBuildInputs = [ ptlib openssl libopus spandsp ];
}

View File

@ -0,0 +1,43 @@
diff --git a/src/ptlib/unix/channel.cxx b/src/ptlib/unix/channel.cxx
index 2935644..80c8d09 100644
--- a/src/ptlib/unix/channel.cxx
+++ b/src/ptlib/unix/channel.cxx
@@ -34,6 +34,7 @@
#pragma implementation "channel.h"
#pragma implementation "indchan.h"
+#include <sys/uio.h>
#include <ptlib.h>
#include <sys/ioctl.h>
diff --git a/src/ptlib/unix/svcproc.cxx b/src/ptlib/unix/svcproc.cxx
index 4f21025..2c957ef 100644
--- a/src/ptlib/unix/svcproc.cxx
+++ b/src/ptlib/unix/svcproc.cxx
@@ -217,7 +217,7 @@ int PServiceProcess::InitialiseService()
pid_t pid;
{
- ifstream pidfile(pidfilename);
+ ifstream pidfile((const char *)pidfilename);
if (!pidfile.is_open()) {
cout << "Could not open pid file: \"" << pidfilename << "\""
" - " << strerror(errno) << endl;
@@ -384,7 +384,7 @@ int PServiceProcess::InitialiseService()
// Run as a daemon, ie fork
if (!pidfilename) {
- ifstream pidfile(pidfilename);
+ ifstream pidfile((const char *)pidfilename);
if (pidfile.is_open()) {
pid_t pid;
pidfile >> pid;
@@ -412,7 +412,7 @@ int PServiceProcess::InitialiseService()
cout << "Daemon started with pid " << pid << endl;
if (!pidfilename) {
// Write out the child pid to magic file in /var/run (at least for linux)
- ofstream pidfile(pidfilename);
+ ofstream pidfile((const char *)pidfilename);
if (pidfile.is_open())
pidfile << pid;
else

26
packages/ptlib.nix Normal file
View File

@ -0,0 +1,26 @@
{ stdenv, fetchurl, pkg-config, flex, bison }:
let
pname = "ptlib";
version = "2.18.6";
hash = "sha256-31HndbsCS73uU0yvJW7/YA7s56+9V2itafuLPqllE2Y=";
in stdenv.mkDerivation {
inherit pname version;
src = fetchurl {
url =
"mirror://sourceforge/project/opalvoip/v3.18%20Cygni/Stable%206/ptlib-${version}.tar.bz2";
inherit hash;
};
#patches = [
# ./ptlib-pidfile.patch
#];
buildInputs = [ pkg-config ];
nativeBuildInputs = [ flex bison ];
#NIX_CFLAGS_COMPILE = [ "-fpermissive" ];
#CXXFLAGS = "-std=gnu++98";
}

View File

@ -0,0 +1,4 @@
self: super: {
python-yate = self.callPackage ./python-yate { };
ywsd = self.callPackage ./ywsd { };
}

View File

@ -0,0 +1,15 @@
{ lib, buildPythonPackage, fetchPypi, async-timeout }:
buildPythonPackage rec {
pname = "python-yate";
version = "0.3.1";
src = fetchPypi {
inherit pname version;
sha256 = "5e806802dc47a35c855b60cd459a2c98fb0109c7fc099f3e9f83a1a38abf9f90";
};
propagatedBuildInputs = [ async-timeout ];
pythonImportsCheck = [ "yate" ];
}

View File

@ -0,0 +1,14 @@
diff --git a/ywsd/objects.py b/ywsd/objects.py
index 4ce29fb..a535e76 100644
--- a/ywsd/objects.py
+++ b/ywsd/objects.py
@@ -178,7 +178,8 @@ class ActiveCall:
async def is_active_call(cls, username, x_eventphone_id, db_connection):
return (
await db_connection.scalar(
- cls.table.count()
+ sa.select(sa.func.count('*'))
+ .select_from(cls.table)
.where(cls.table.c.username == username)
.where(cls.table.c.x_eventphone_id == x_eventphone_id)
)

View File

@ -0,0 +1,20 @@
{ lib, buildPythonApplication, fetchFromGitHub, aiopg, aiohttp, python-yate
, pyyaml, sqlalchemy }:
buildPythonApplication rec {
pname = "ywsd";
version = "0.11.0";
src = fetchFromGitHub {
owner = "eventphone";
repo = pname;
rev = "v${version}";
sha256 = "sha256-9DloJSKR3Ck4Bsc0ICcAAD6LHIMeOHTe2rCx6nPINT4=";
};
patches = [ ./count.patch ];
propagatedBuildInputs = [ aiopg aiohttp python-yate pyyaml sqlalchemy ];
doCheck = false;
}

33
packages/t38modem.nix Normal file
View File

@ -0,0 +1,33 @@
{ stdenv, fetchFromGitHub, pkg-config, opal, ptlib }:
let
pname = "t38modem";
version = "4.6.0";
hash = "sha256-631xF1Q9Nd0sMBEHtqgqn1SEUEZweneqLJMNVEO2DJo=";
in stdenv.mkDerivation {
inherit pname version;
src = fetchFromGitHub {
owner = "T38modem";
repo = pname;
rev = "v${version}";
inherit hash;
};
buildInputs = [ pkg-config ];
nativeBuildInputs = [ ptlib opal ];
buildFlags = [
"PTLIBDIR=${ptlib}/share/ptlib"
"USE_OPAL=1"
"OPALDIR=${opal}/share/opal"
];
installPhase = ''
mkdir -p $out/bin
cp t38modem $out/bin
'';
NIX_CFLAGS_COMPILE = [ "-Wno-narrowing" ];
}

8
users/default.nix Normal file
View File

@ -0,0 +1,8 @@
{ ... }:
{
imports = [
./garionion
./n0emis
];
}

View File

@ -1,15 +1,21 @@
{ config, pkgs, ... }:
{
{ config, pkgs, ... }: {
users.users.garionion = {
isNormalUser = true;
shell = pkgs.zsh;
packages = with pkgs; [
wget vim screen mtr iperf
htop dstat dnsutils nettools tcpdump
git bat starship direnv
iperf
htop
dstat
dnsutils
nettools
tcpdump
git
];
hashedPassword = "$6$NMzXsfARs2HVA4iq$55uxWCANME/HsjIg9HmZyxqGwlr7RpJfCcMad2OhbmUiHhdnOh/v9TDwT3Vt0mu9HE37Fh3b1g2yyEa3Dxxg80";
hashedPassword =
"$6$NMzXsfARs2HVA4iq$55uxWCANME/HsjIg9HmZyxqGwlr7RpJfCcMad2OhbmUiHhdnOh/v9TDwT3Vt0mu9HE37Fh3b1g2yyEa3Dxxg80";
extraGroups = [ "wheel" ]; # Enable sudo for the user.
openssh.authorizedKeys.keys = ["ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAGw3Yuee8oSXSEqmoMzrqQrUizKV9sJbJMxAUC01wxvbxevAqFEpiGrznnu3K0HN3sfKItjqGkNDPDQ+mIlQwdwJAE0GyJIx9CMvo1RPugKSJ5rFh/vEgJTNMPaeYUb/L2rn3WEZHrZI5wwf+z4ljSHCVetAnaMKjk/+QQWgBHdvNImmA== gari@darwin"];
openssh.authorizedKeys.keys = [
"ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAGw3Yuee8oSXSEqmoMzrqQrUizKV9sJbJMxAUC01wxvbxevAqFEpiGrznnu3K0HN3sfKItjqGkNDPDQ+mIlQwdwJAE0GyJIx9CMvo1RPugKSJ5rFh/vEgJTNMPaeYUb/L2rn3WEZHrZI5wwf+z4ljSHCVetAnaMKjk/+QQWgBHdvNImmA== gari@darwin"
];
};
}

16
users/n0emis/default.nix Normal file
View File

@ -0,0 +1,16 @@
{ config, pkgs, ... }:
{
users.users.n0emis = {
isNormalUser = true;
shell = pkgs.zsh;
packages = with pkgs; [ htop dnsutils nettools tcpdump git jq tree ];
hashedPassword =
"$6$ZvdWexF9y28IrjyW$lxz27/eFjDZWUPY7Lox0aDXO0.TgMBzygZqNSp1HU7itaMI0KbtAOX2H3uZ9hlEo21z.K.JEE.V/b.HpmN.4y1";
extraGroups = [ "wheel" ];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEcOPtW5FWNIdlMQFoqeyA1vHw+cA8ft8oXSbXPzQNL9 n0emis@n0emis.eu"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8xqVakxJ+AwcIrS/wyL03N++pE09epwMFlIMXWvlpwwEp1J/0H7nygwxk/9LIZdabs/ETWn0s8oHAkc7YR1c6ajSTCDiZEYATAWt7t8t4Gw/80c8u8T50lIqmiDEEVbOVv3Vta/pAN4hAUp9U5DpYCkQbvF+NKKcK3Yp8d9usNC6ohqgTK+IGAEdMhvpbbNppDMXoWHuynBzUX7TS6ST6yEr0tD+CBbCpbfcMuwTI3lNtfywEVpuFaeHqDZx2QDrEX4bg0dRKgQstbXYdqmBfnOiBpUr8Wyl8U1J24rN+E07pBw/8KDGWbVg19/Ex8o4ht/p5voUfKVjD/DwWXTLntBirjfAgQAm4GH/qP4x3zNiTtlYlQFbXSk6VEVrTrxCB5rTWvGnhg31tk5P3YwvagDmGABazY5s/8tlttSc1yWBctWQJCjxSqcCLekxG4D1rVuGKCKOZgflQ9QFdQlKycInPBek3zi0i3GYkE1YnNFye5ggOnxT8qGuKjfdtZI9qvMJQO8lbEDzbYQvNns1V/k4ZobiihYwrG5TJUzZFEpMYetDK6tI8BRU11d+ja0jWzguj5/7wc0nrr/BiZ8FkAr2fZ60j2aI5kG0s3qjbrQbB/RXaGP9hRU0+480+IokNJJIcjv5iwH5ophdrjC8GH4So2kPPt0NXob1yNysdjw== n0emis@noemis.me (OLD)"
];
};
}