init

2025-01-29 21:33:37 +01:00
commit a2247c5b26
30 changed files with 1036 additions and 0 deletions
--- a/system/core/default.nix
+++ b/system/core/default.nix
@@ -0,0 +1,25 @@
+{ lib, ... }:
+
+{
+  imports = [
+    ./users.nix
+    ./ssh-server.nix
+  ];
+
+  i18n = {
+    defaultLocale = "en_US.UTF-8";
+    supportedLocales = [
+      "en_US.UTF-8/UTF-8"
+      "fr_FR.UTF-8/UTF-8"
+    ];
+  };
+
+  security.sudo = {
+    enable = true;
+    wheelNeedsPassword = false;
+  };
+
+  system.stateVersion = lib.mkDefault "24.11";
+
+  time.timeZone = lib.mkDefault "Europe/Paris";
+}
--- a/system/core/ssh-server.nix
+++ b/system/core/ssh-server.nix
@@ -0,0 +1,15 @@
+{
+  services.openssh = {
+    enable = true;
+    settings = {
+      PermitRootLogin = "no";
+      PasswordAuthentication = false;
+      KbdInteractiveAuthentication = false;
+      AuthenticationMethods = "publickey";
+      PubkeyAuthentication = "yes";
+      ChallengeResponseAuthentication = "no";
+      UsePAM = false;
+      X11Forwarding = false;
+    };
+  };
+}
--- a/system/core/users.nix
+++ b/system/core/users.nix
@@ -0,0 +1,30 @@
+{
+  keys,
+  lib,
+  pkgs,
+  ...
+}:
+{
+  users.mutableUsers = lib.mkDefault false;
+
+  users.users.rpqt = {
+    isNormalUser = true;
+
+    createHome = true;
+    home = "/home/rpqt";
+
+    description = "Romain Paquet";
+
+    shell = pkgs.zsh;
+
+    openssh.authorizedKeys.keys = [ keys.rpqt.haze ];
+
+    initialHashedPassword = "$y$j9T$.y7GZIaYYgEHt1spMsOqi/$k4O3AAKBhJF0gI.G9/Ja8ssGsVTv3VPD5WC.7ErAUD1";
+
+    extraGroups = [
+      "wheel"
+    ];
+  };
+
+  programs.zsh.enable = true;
+}
--- a/system/default.nix
+++ b/system/default.nix
@@ -0,0 +1,7 @@
+{
+  imports = [
+    ./core
+    ./network
+    ./nix
+  ];
+}
--- a/system/network/default.nix
+++ b/system/network/default.nix
@@ -0,0 +1,5 @@
+{
+  imports = [
+    ./tailscale.nix
+  ];
+}
--- a/system/network/tailscale.nix
+++ b/system/network/tailscale.nix
@@ -0,0 +1,11 @@
+{ config, ... }:
+{
+  networking.firewall = {
+    trustedInterfaces = [ config.services.tailscale.interfaceName ];
+  };
+
+  services.tailscale = {
+    enable = true;
+    openFirewall = true;
+  };
+}
--- a/system/nix/default.nix
+++ b/system/nix/default.nix
@@ -0,0 +1,18 @@
+{ pkgs, ... }:
+{
+  imports = [
+    ./nixpkgs.nix
+    ./substituters.nix
+  ];
+
+  # for flakes
+  environment.systemPackages = [ pkgs.git ];
+
+  nix.settings = {
+    auto-optimise-store = true;
+    builders-use-substitutes = true;
+    experimental-features = ["nix-command" "flakes"];
+
+    trusted-users = ["root" "@wheel"];
+  };
+}
--- a/system/nix/nixpkgs.nix
+++ b/system/nix/nixpkgs.nix
@@ -0,0 +1,5 @@
+{
+  nixpkgs = {
+    config.allowUnfree = true;
+  };
+}
--- a/system/nix/substituters.nix
+++ b/system/nix/substituters.nix
@@ -0,0 +1,11 @@
+{
+  nix.settings = {
+    substituters = [
+      "https://cache.nixos.org?priority=10"
+    ];
+
+    trusted-public-keys = [
+      "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
+    ];
+  };
+}