mira/nixos
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

cleanup

Browse source
This commit is contained in:
Mira 2024-07-03 12:58:48 -04:00
parent 66caa4375a
commit 519608f3d5
4 changed files with 307 additions and 307 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

306
auxin/configuration.nix Normal file
View file

@ -0,0 +1,306 @@
{
config,
lib,
pkgs,
...
}: {
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
];
nix = {
package = pkgs.nixFlakes;
optimise.automatic = true;
gc.automatic = true;
extraOptions = ''
experimental-features = nix-command flakes
'';
};
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
networking = {
hostName = "auxin"; # Define your hostname.
networkmanager.enable = true; # Easiest to use and most distros use this by default.
firewall = {
enable = true;
allowedUDPPorts = [22 80 443 2222 25565 8080 8842 8191 3001 8096 7359 8420 9000 8089];
allowedTCPPorts = [22 80 443 2222 25565 8080 8842 8191 3001 8096 7359 8420 9000 8089];
};
};
# Set your time zone.
time.timeZone = "America/New_York";
# Enable the X11 windowing system.
services = {
xserver = {
enable = true;
displayManager.sddm = {
enable = true;
settings = {
Autologin = {
Session = "kodi.desktop";
User = "mira";
};
};
};
desktopManager.xfce.enable = true;
# Kodi
desktopManager.kodi.enable = true;
};
# smartd
smartd.enable = true;
# BTRFS scrub
btrfs.autoScrub.enable = true;
avahi.enable = true;
tuptime.enable = true;
tuptime.timer.enable = true;
};
# Configure keymap in X11
# services.xserver.xkb.layout = "us";
# services.xserver.xkb.options = "eurosign:e,caps:escape";
# Enable CUPS to print documents.
# services.printing.enable = true;
# Enable sound.
sound.enable = true;
hardware.pulseaudio.enable = true;
# Enable touchpad support (enabled default in most desktopManager).
# services.xserver.libinput.enable = true;
# Define a user account. Don't forget to set a password with passwd.
users = {
users = {
dockremap = {
isSystemUser = true;
uid = 100000;
group = "dockremap";
subUidRanges = [
{
startUid = 100000;
count = 65536;
}
];
subGidRanges = [
{
startGid = 100000;
count = 65536;
}
];
};
root.openssh.authorizedKeys.keys = [
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIMggnmTj7KL409V2mtbPgKERbmyJAeCGBcyzxWW+arRZAAAABHNzaDo= yubikey-black"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAltYcKHavkQBJFlogNuT3JhX6ob30V3EYje4pOQBLgq gpg\\mira.kristipati@gmail.com"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEKT/rbUu87QyRD7L/QSr+lQMJz2m/mdqlqyCQEMwUJj gpgssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEw3/9inZC/MRPkuOF6T5LiFoOlgo5HZVIM36IC+hlzJ gpg\\mira-yubikey-black"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFdRtpQWCPyQQuzcwlbFukGZSlRTcfNzG840kMvbuPwr gpg\\kristipati.ajay@gmail.com"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIA0ikP2zdDBaJZ+aoE6jFz3UpCyHjz1r1QtuZTAvTpx zagreus25519"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJx1GWB1xkE+ECavUypp99FqmB4emiw+j2PpsxN8OXpa gpg\\mira@xn--2dkua.xn--tckwe"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINa3w6lweeP4XBokNCEJb86th9S81WQQ+LVVwCRpADap kristipati.ajay@gmail.com"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOY3LSWsg9XK1rI7r2E+1tmX3Vi7W5opwkvqO6AsduZR gpg\\ArgentumCation"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDA+Hrb45HQrcBe+gXQz4goWw0PBWdmAWMQ0RWrHXwvkWXM4KsXXrUP7qijEPPtDvJG3JL4Ifsbj+VIN7RprjE5wfvkIxlmnluUK6m2u8r8BlNDhFW5wjoA6PBuHhqYEKGbdqm5s+3WaZt8l2EERyIV87YJPbxNpwc175J3mWYWesvxSp/uNxcXEbOClr+jHXVxztno3XVoVXfpiFfjSsUgprQonbPYiKdfiLwFeXHI03vZlWfmEjERzBE+Ro5ireJ8JVNjKOgiw7aU6tQAyDKe2NkcyTV/tO/OdUSGlnO3Nc3qHHE9B0OTdoKPpiv5A1GdmJWub7UNJKzKB1y7eSGHU3X/FVMSCf9eZUmLIMxWcu1y6GrH1CHIpdqPk+rw6lfjkFg1dDL2f3CXoAwLIEFVaUzI+Gg7BC9Z2jUWTkaj7KoI4sN65PzqrNiJ5QfUjlGh1T0hgMB/QwGarPUilBljGUo7IQfcleDQF3Y5F05Amjr6isZ9ONpeOlCegUB6BIU= mira@epinephrine"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDDD48bhv1AEPhbrGIKxf+XTSWMyxu2qBeaN4nZNZ0YMyinltHd6/VaDEZIzCvadBi3Rc9oTdJIEiXzcMTKj26DacuAuh+YPMvoA0I+lfT36q2SZmWIaVSREtfYYdluJtAyiLvFTkv6G0p5c/x1v9ovEXY3OYo1lnio7j0SmBpj4R9UQJYJhohJLtJCTdfutSuQVclhx/kiytdmFqsCDlCI0EaNxTFS861iTmm2ZjKm7o8ohevxPmnXAHizIBOAZDzbhJ61sPLKIOLWWgJNiK04YUDsBToZBOpeLEnNGkkKY++V4u+5tGI5L1RlVwoGSSB40aY5WLouFmeVE/f42nVuTIF2r/UDjsxeiUdivai+L5xNiqHa5JRWg4+at1lYWGdpineXOPYF6MmzkV+HQMvxC8YhG7ig7W+V7KCfKzMy8EEej+gIMxGFqr6CJQCDXZxqt5o0+Ksh7IMw8AEcrBszuMdJEE/7E/XUnYQHfGUNgFvFwKVzPjOSzbwHMfWPI1k= root@epinephrine"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDm1kPy3bxyLX2nUwvETrsBbjmPDHEvKxmzn9dCoaa/C1tWttrvaXUhYZ6svftR7ofqjCailq1WHU4qkIlfz6Hxwq/mxZdOGRg3A2lzDgbJ5C9RSA8LIfYht2UhbqW40wHCEa1B6+bcwLHFWbDyoeT+NQO007lK4Tu1OY3nTNz3QFJgxAPtFuqQSTFpkxL8JZetQtc/KwJ5ofZBZ+nFc4PUstPE47uf4OEOaKY+fbDZ2bf8tmybGhVq6Oc+BQKij5usnQLTeN8XyVxPxGvXahXHx7ESnp//wCs6DrzoMHBbAVFVXS+w6ZzX2el9gCAcUeyZt8iu0zl9GxnVkpyQzHuuBgYON3orYaCdM5vRCnECFoK8XNwP45jNPzFxrIpSYeJ4tR4uhLxCfD3OHB/BQtOQsEdMJvnLnynzyWePeweTe2S1+ohg9zskyxt9c2rSxw8OlWdHds32JuWka6mTJCdfZgHaNY+Ppz1NEo5XYIfz9Jt0vevmaCVbBHo73Tyh6+k= norepinephrine"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDmOATOG9brF/pBmMufk0LQkPQuLwgZAOZMeHCSdOpr+4Tap/mmqCHGtDL/JW6KsDfFpOFmdnSoeihVPGT3r/Mixt3cGOJlzoWXDt2bHyaEOsLz5B3MuYqBIXG3d2wvxharbmlVg3xyArSaCtuBZcopC5rXajnrPW4HxW+pxPC1NsL3RRGSF0edWdJVdX8oJJBsMMUzfeWh1bxEz2iLKMSYb6KPbQITwFTr+RuiEIppOW3n0zJko1wNG8oWTOgHdkmY4C4rUOk6KgW4qs19t7Mjlc7CnZa3XV7/0DcxERGsphpKvS7dpnEtOt7RaHUr/t0V3yLgl58MPbJKG6WSNIRaXZ0EPSlzz8k+4JjuEFdCDg7WjEDSZsBS9U4AyYQjlEwrkinT7g+LUVKYEDqb0hE539SwARvHZsOXrRgtA+Jh2CJIb/rRWfQRkgxpT9hKiBfYbSj8qbphUrbJ/g72UOQyhIbEW8fF9vmWY75NV/X2+EFZyF56ZhvLFk08sjGIF+s= u0_a441@localhost"
];
mira = {
isNormalUser = true;
group = "mira";
extraGroups = ["wheel" "docker" "dockremap"];
packages = with pkgs; [
firefox
tree
];
shell = pkgs.zsh;
openssh.authorizedKeys.keys = [
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIMggnmTj7KL409V2mtbPgKERbmyJAeCGBcyzxWW+arRZAAAABHNzaDo= yubikey-black"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAltYcKHavkQBJFlogNuT3JhX6ob30V3EYje4pOQBLgq gpg\\mira.kristipati@gmail.com"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEKT/rbUu87QyRD7L/QSr+lQMJz2m/mdqlqyCQEMwUJj gpgssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEw3/9inZC/MRPkuOF6T5LiFoOlgo5HZVIM36IC+hlzJ gpg\\mira-yubikey-black"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFdRtpQWCPyQQuzcwlbFukGZSlRTcfNzG840kMvbuPwr gpg\\kristipati.ajay@gmail.com"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIA0ikP2zdDBaJZ+aoE6jFz3UpCyHjz1r1QtuZTAvTpx zagreus25519"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJx1GWB1xkE+ECavUypp99FqmB4emiw+j2PpsxN8OXpa gpg\\mira@xn--2dkua.xn--tckwe"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINa3w6lweeP4XBokNCEJb86th9S81WQQ+LVVwCRpADap kristipati.ajay@gmail.com"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOY3LSWsg9XK1rI7r2E+1tmX3Vi7W5opwkvqO6AsduZR gpg\\ArgentumCation"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDA+Hrb45HQrcBe+gXQz4goWw0PBWdmAWMQ0RWrHXwvkWXM4KsXXrUP7qijEPPtDvJG3JL4Ifsbj+VIN7RprjE5wfvkIxlmnluUK6m2u8r8BlNDhFW5wjoA6PBuHhqYEKGbdqm5s+3WaZt8l2EERyIV87YJPbxNpwc175J3mWYWesvxSp/uNxcXEbOClr+jHXVxztno3XVoVXfpiFfjSsUgprQonbPYiKdfiLwFeXHI03vZlWfmEjERzBE+Ro5ireJ8JVNjKOgiw7aU6tQAyDKe2NkcyTV/tO/OdUSGlnO3Nc3qHHE9B0OTdoKPpiv5A1GdmJWub7UNJKzKB1y7eSGHU3X/FVMSCf9eZUmLIMxWcu1y6GrH1CHIpdqPk+rw6lfjkFg1dDL2f3CXoAwLIEFVaUzI+Gg7BC9Z2jUWTkaj7KoI4sN65PzqrNiJ5QfUjlGh1T0hgMB/QwGarPUilBljGUo7IQfcleDQF3Y5F05Amjr6isZ9ONpeOlCegUB6BIU= mira@epinephrine"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDDD48bhv1AEPhbrGIKxf+XTSWMyxu2qBeaN4nZNZ0YMyinltHd6/VaDEZIzCvadBi3Rc9oTdJIEiXzcMTKj26DacuAuh+YPMvoA0I+lfT36q2SZmWIaVSREtfYYdluJtAyiLvFTkv6G0p5c/x1v9ovEXY3OYo1lnio7j0SmBpj4R9UQJYJhohJLtJCTdfutSuQVclhx/kiytdmFqsCDlCI0EaNxTFS861iTmm2ZjKm7o8ohevxPmnXAHizIBOAZDzbhJ61sPLKIOLWWgJNiK04YUDsBToZBOpeLEnNGkkKY++V4u+5tGI5L1RlVwoGSSB40aY5WLouFmeVE/f42nVuTIF2r/UDjsxeiUdivai+L5xNiqHa5JRWg4+at1lYWGdpineXOPYF6MmzkV+HQMvxC8YhG7ig7W+V7KCfKzMy8EEej+gIMxGFqr6CJQCDXZxqt5o0+Ksh7IMw8AEcrBszuMdJEE/7E/XUnYQHfGUNgFvFwKVzPjOSzbwHMfWPI1k= root@epinephrine"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDm1kPy3bxyLX2nUwvETrsBbjmPDHEvKxmzn9dCoaa/C1tWttrvaXUhYZ6svftR7ofqjCailq1WHU4qkIlfz6Hxwq/mxZdOGRg3A2lzDgbJ5C9RSA8LIfYht2UhbqW40wHCEa1B6+bcwLHFWbDyoeT+NQO007lK4Tu1OY3nTNz3QFJgxAPtFuqQSTFpkxL8JZetQtc/KwJ5ofZBZ+nFc4PUstPE47uf4OEOaKY+fbDZ2bf8tmybGhVq6Oc+BQKij5usnQLTeN8XyVxPxGvXahXHx7ESnp//wCs6DrzoMHBbAVFVXS+w6ZzX2el9gCAcUeyZt8iu0zl9GxnVkpyQzHuuBgYON3orYaCdM5vRCnECFoK8XNwP45jNPzFxrIpSYeJ4tR4uhLxCfD3OHB/BQtOQsEdMJvnLnynzyWePeweTe2S1+ohg9zskyxt9c2rSxw8OlWdHds32JuWka6mTJCdfZgHaNY+Ppz1NEo5XYIfz9Jt0vevmaCVbBHo73Tyh6+k= norepinephrine"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDmOATOG9brF/pBmMufk0LQkPQuLwgZAOZMeHCSdOpr+4Tap/mmqCHGtDL/JW6KsDfFpOFmdnSoeihVPGT3r/Mixt3cGOJlzoWXDt2bHyaEOsLz5B3MuYqBIXG3d2wvxharbmlVg3xyArSaCtuBZcopC5rXajnrPW4HxW+pxPC1NsL3RRGSF0edWdJVdX8oJJBsMMUzfeWh1bxEz2iLKMSYb6KPbQITwFTr+RuiEIppOW3n0zJko1wNG8oWTOgHdkmY4C4rUOk6KgW4qs19t7Mjlc7CnZa3XV7/0DcxERGsphpKvS7dpnEtOt7RaHUr/t0V3yLgl58MPbJKG6WSNIRaXZ0EPSlzz8k+4JjuEFdCDg7WjEDSZsBS9U4AyYQjlEwrkinT7g+LUVKYEDqb0hE539SwARvHZsOXrRgtA+Jh2CJIb/rRWfQRkgxpT9hKiBfYbSj8qbphUrbJ/g72UOQyhIbEW8fF9vmWY75NV/X2+EFZyF56ZhvLFk08sjGIF+s= u0_a441@localhost"
];
};
anish = {
isNormalUser = true;
extraGroups = ["wheel" "docker" "dockremap"];
shell = pkgs.zsh;
openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF6+YE7GteMK6Lmo0oW266LmaD6jwQMnCxwv0/V9zqKR akristipati6@gatech.edu"];
};
};
groups.dockremap = {};
groups."mira".gid = 1000;
};
environment.systemPackages = with pkgs; [
alacritty
alejandra
bat
btdu
btop
btrbk
cargo
chezmoi
czkawka
delta
fastfetch
file
fzf
gcc
git
go
hyfetch
hyperfine
jellyfin-media-player
killall
kodiPackages.jellyfin
kodiPackages.steam-controller
lazydocker
lazygit
lsd
mcfly
neovim
nil
nodePackages.nodejs
nodePackages.pnpm
ripgrep
sheldon
starship
statix
tealdeer
tmux
viddy
wget
yazi
zoxide
zsh
];
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
programs = {
gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
zsh.enable = true;
neovim = {
enable = true;
configure = {
customRC = ''
set number relativenumber
'';
};
defaultEditor = true;
};
};
# List services that you want to enable:
# Enable the OpenSSH daemon.
services = {
openssh = {
enable = true;
settings = {
PermitRootLogin = "prohibit-password";
PasswordAuthentication = false;
};
allowSFTP = true;
};
fail2ban = {
enable = true;
ignoreIP = [
"10.0.0.0/8"
"172.16.0.0/12"
"192.168.0.0/16"
];
bantime-increment.enable = true;
};
samba = {
enable = true;
shares = {
public = {
path = "/";
browseable = "yes";
"guest ok" = "yes";
};
};
};
};
virtualisation.docker = {
storageDriver = "overlay2";
enableOnBoot = true;
enable = true;
autoPrune.enable = true;
extraOptions = "--userns-remap=default";
};
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# TODO:
systemd = {
timers."qbittorrent-healthcheck" = {
wantedBy = ["timers.target"];
timerConfig = {
OnCalendar = "*/5 * * * *";
Unit = "qbittorrent-healthcheck";
};
};
services = {
"qbittorrent-healthcheck" = {
script = ''
${pkgs.docker} exec qbittorrent ping -c 1 -w 5 -I protonwire0 8.8.8.8 || ${pkgs.docker} restart qbittorrent
'';
serviceConfig = {
Type = "oneshot";
User = "root";
};
};
docker = {
unitConfig = {
RequiresMountsFor = "/data";
};
wantedBy = ["graphical.target"];
};
sshdAlert = {
enable = true;
unitConfig = {
Requires = "sshd.service";
};
serviceConfig = {
ExecStart = ''
${pkgs.curl}/bin/curl --request POST --url https://discord.com/api/webhooks/1235751608046846012/CU7tz271Z3Rbq9mPV0_rB5RBCRDhLKhGH14ebBm-TePpWFqKKJaCRYVMHYTJsIaSq2H- --header 'Content-Type: application/json' --data '{"username": "Auxin SSH status","avatar_url": "https://pbs.twimg.com/media/GMPtuovaQAAQ7Qr?format=png&name=large","content": "SSHD is Running!"}'
'';
};
wantedBy = ["multi-user.target"];
};
};
};
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
system.stateVersion = "23.11"; # Don't fuck with this
}

0
hardware-configuration.nix → auxin/hardware-configuration.nix
View file

306
configuration.nix
View file

@ -1,306 +0,0 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{
config,
lib,
pkgs,
...
}: {
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
];
nix = {
package = pkgs.nixFlakes;
optimise.automatic = true;
gc.automatic = true;
extraOptions = ''
experimental-features = nix-command flakes
'';
};
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
networking.hostName = "auxin"; # Define your hostname.
# Pick only one of the below networking options.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
# Set your time zone.
time.timeZone = "America/New_York";
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Select internationalisation properties.
# i18n.defaultLocale = "en_US.UTF-8";
# console = {
# font = "Lat2-Terminus16";
# keyMap = "us";
# useXkbConfig = true; # use xkb.options in tty.
# };
# Enable the X11 windowing system.
services.xserver.enable = true;
services.xserver.displayManager.sddm = {
enable = true;
settings = {
Autologin = {
Session = "kodi.desktop";
User = "mira";
};
};
};
services.xserver.desktopManager.xfce.enable = true;
# Kodi
services.xserver.desktopManager.kodi.enable = true;
# smartd
services.smartd.enable = true;
# BTRFS scrub
services.btrfs.autoScrub.enable = true;
services.avahi.enable = true;
services.tuptime.enable = true;
services.tuptime.timer.enable = true;
# Configure keymap in X11
# services.xserver.xkb.layout = "us";
# services.xserver.xkb.options = "eurosign:e,caps:escape";
# Enable CUPS to print documents.
# services.printing.enable = true;
# Enable sound.
sound.enable = true;
hardware.pulseaudio.enable = true;
# Enable touchpad support (enabled default in most desktopManager).
# services.xserver.libinput.enable = true;
# Define a user account. Don't forget to set a password with passwd.
users.groups."mira".gid = 1000;
users.users.mira = {
isNormalUser = true;
group = "mira";
extraGroups = ["wheel" "docker"];
packages = with pkgs; [
firefox
tree
];
shell = pkgs.zsh;
openssh.authorizedKeys.keys = [
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIMggnmTj7KL409V2mtbPgKERbmyJAeCGBcyzxWW+arRZAAAABHNzaDo= yubikey-black"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAltYcKHavkQBJFlogNuT3JhX6ob30V3EYje4pOQBLgq gpg\\mira.kristipati@gmail.com"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEKT/rbUu87QyRD7L/QSr+lQMJz2m/mdqlqyCQEMwUJj gpgssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEw3/9inZC/MRPkuOF6T5LiFoOlgo5HZVIM36IC+hlzJ gpg\\mira-yubikey-black"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFdRtpQWCPyQQuzcwlbFukGZSlRTcfNzG840kMvbuPwr gpg\\kristipati.ajay@gmail.com"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIA0ikP2zdDBaJZ+aoE6jFz3UpCyHjz1r1QtuZTAvTpx zagreus25519"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJx1GWB1xkE+ECavUypp99FqmB4emiw+j2PpsxN8OXpa gpg\\mira@xn--2dkua.xn--tckwe"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINa3w6lweeP4XBokNCEJb86th9S81WQQ+LVVwCRpADap kristipati.ajay@gmail.com"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOY3LSWsg9XK1rI7r2E+1tmX3Vi7W5opwkvqO6AsduZR gpg\\ArgentumCation"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDA+Hrb45HQrcBe+gXQz4goWw0PBWdmAWMQ0RWrHXwvkWXM4KsXXrUP7qijEPPtDvJG3JL4Ifsbj+VIN7RprjE5wfvkIxlmnluUK6m2u8r8BlNDhFW5wjoA6PBuHhqYEKGbdqm5s+3WaZt8l2EERyIV87YJPbxNpwc175J3mWYWesvxSp/uNxcXEbOClr+jHXVxztno3XVoVXfpiFfjSsUgprQonbPYiKdfiLwFeXHI03vZlWfmEjERzBE+Ro5ireJ8JVNjKOgiw7aU6tQAyDKe2NkcyTV/tO/OdUSGlnO3Nc3qHHE9B0OTdoKPpiv5A1GdmJWub7UNJKzKB1y7eSGHU3X/FVMSCf9eZUmLIMxWcu1y6GrH1CHIpdqPk+rw6lfjkFg1dDL2f3CXoAwLIEFVaUzI+Gg7BC9Z2jUWTkaj7KoI4sN65PzqrNiJ5QfUjlGh1T0hgMB/QwGarPUilBljGUo7IQfcleDQF3Y5F05Amjr6isZ9ONpeOlCegUB6BIU= mira@epinephrine"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDDD48bhv1AEPhbrGIKxf+XTSWMyxu2qBeaN4nZNZ0YMyinltHd6/VaDEZIzCvadBi3Rc9oTdJIEiXzcMTKj26DacuAuh+YPMvoA0I+lfT36q2SZmWIaVSREtfYYdluJtAyiLvFTkv6G0p5c/x1v9ovEXY3OYo1lnio7j0SmBpj4R9UQJYJhohJLtJCTdfutSuQVclhx/kiytdmFqsCDlCI0EaNxTFS861iTmm2ZjKm7o8ohevxPmnXAHizIBOAZDzbhJ61sPLKIOLWWgJNiK04YUDsBToZBOpeLEnNGkkKY++V4u+5tGI5L1RlVwoGSSB40aY5WLouFmeVE/f42nVuTIF2r/UDjsxeiUdivai+L5xNiqHa5JRWg4+at1lYWGdpineXOPYF6MmzkV+HQMvxC8YhG7ig7W+V7KCfKzMy8EEej+gIMxGFqr6CJQCDXZxqt5o0+Ksh7IMw8AEcrBszuMdJEE/7E/XUnYQHfGUNgFvFwKVzPjOSzbwHMfWPI1k= root@epinephrine"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDm1kPy3bxyLX2nUwvETrsBbjmPDHEvKxmzn9dCoaa/C1tWttrvaXUhYZ6svftR7ofqjCailq1WHU4qkIlfz6Hxwq/mxZdOGRg3A2lzDgbJ5C9RSA8LIfYht2UhbqW40wHCEa1B6+bcwLHFWbDyoeT+NQO007lK4Tu1OY3nTNz3QFJgxAPtFuqQSTFpkxL8JZetQtc/KwJ5ofZBZ+nFc4PUstPE47uf4OEOaKY+fbDZ2bf8tmybGhVq6Oc+BQKij5usnQLTeN8XyVxPxGvXahXHx7ESnp//wCs6DrzoMHBbAVFVXS+w6ZzX2el9gCAcUeyZt8iu0zl9GxnVkpyQzHuuBgYON3orYaCdM5vRCnECFoK8XNwP45jNPzFxrIpSYeJ4tR4uhLxCfD3OHB/BQtOQsEdMJvnLnynzyWePeweTe2S1+ohg9zskyxt9c2rSxw8OlWdHds32JuWka6mTJCdfZgHaNY+Ppz1NEo5XYIfz9Jt0vevmaCVbBHo73Tyh6+k= norepinephrine"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDmOATOG9brF/pBmMufk0LQkPQuLwgZAOZMeHCSdOpr+4Tap/mmqCHGtDL/JW6KsDfFpOFmdnSoeihVPGT3r/Mixt3cGOJlzoWXDt2bHyaEOsLz5B3MuYqBIXG3d2wvxharbmlVg3xyArSaCtuBZcopC5rXajnrPW4HxW+pxPC1NsL3RRGSF0edWdJVdX8oJJBsMMUzfeWh1bxEz2iLKMSYb6KPbQITwFTr+RuiEIppOW3n0zJko1wNG8oWTOgHdkmY4C4rUOk6KgW4qs19t7Mjlc7CnZa3XV7/0DcxERGsphpKvS7dpnEtOt7RaHUr/t0V3yLgl58MPbJKG6WSNIRaXZ0EPSlzz8k+4JjuEFdCDg7WjEDSZsBS9U4AyYQjlEwrkinT7g+LUVKYEDqb0hE539SwARvHZsOXrRgtA+Jh2CJIb/rRWfQRkgxpT9hKiBfYbSj8qbphUrbJ/g72UOQyhIbEW8fF9vmWY75NV/X2+EFZyF56ZhvLFk08sjGIF+s= u0_a441@localhost"
];
};
# users.users.git = {
# isSystemUser = true;
# home = "/home/git";
# group = "nogroup";
# shell = pkgs.zsh;
# # shell = "${pkgs.git}/bin/git-shell";
# };
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
alacritty
alejandra
bat
btdu
btop
btrbk
cargo
chezmoi
czkawka
delta
fastfetch
file
fzf
gcc
git
go
hyfetch
hyperfine
jellyfin-media-player
kodiPackages.jellyfin
kodiPackages.steam-controller
lazydocker
lazygit
lsd
mcfly
neovim
nil
nodePackages.nodejs
nodePackages.pnpm
ripgrep
yazi
sheldon
starship
tmux
tealdeer
viddy
wget
zoxide
zsh
];
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
programs.zsh.enable = true;
programs.neovim = {
enable = true;
configure = {
customRC = ''
set number relativenumber
'';
};
defaultEditor = true;
};
# programs.zoxide = {
# enable = true;
# enableBashIntegration = true;
# enableFishIntegration = true;
# enableZshIntegration = true;
# };
# programs.fzf = {
# enable = true;
# enableBashIntegration = true;
# enableFishIntegration = true;
# enableZshIntegration = true;
# };
# programs.mcfly = {
# enable = true;
# enableBashIntegration = true;
# enableZshIntegration = true;
# enableFishIntegration = true;
# };
# List services that you want to enable:
# Enable the OpenSSH daemon.
services.openssh = {
enable = true;
settings = {
PermitRootLogin = "prohibit-password";
PasswordAuthentication = false;
};
allowSFTP = true;
# extraConfig = ''
# Match User git
# ForceCommand ssh git@localhost -p 2221 -o StrictHostKeyChecking=no
# '';
};
services.fail2ban = {
enable = true;
ignoreIP = [
"10.0.0.0/8"
"172.16.0.0/12"
"192.168.0.0/16"
];
bantime-increment.enable = true;
};
virtualisation.docker = {
storageDriver = "overlay2";
enableOnBoot = true;
enable = true;
autoPrune.enable = true;
};
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# TODO:
networking.firewall = {
enable = false;
allowedUDPPorts = [22 80 443 2222 25565];
allowedTCPPorts = [22 80 443 2222 25565];
};
systemd.timers."qbittorrent-healthcheck" = {
wantedBy = ["timers.target"];
timerConfig = {
OnCalendar = "*/5 * * * *";
Unit = "qbittorrent-healthcheck";
};
};
systemd.services."qbittorrent-healthcheck" = {
script = ''
${pkgs.docker} exec qbittorrent ping -c 1 -w 5 -I protonwire0 8.8.8.8 || ${pkgs.docker} restart qbittorrent
'';
serviceConfig = {
Type = "oneshot";
User = "root";
};
};
systemd.services.docker = {
unitConfig = {
RequiresMountsFor = "/data";
};
wantedBy = ["graphical.target"];
};
systemd.services.sshdAlert = {
enable = true;
unitConfig = {
Requires = "sshd.service";
};
serviceConfig = {
ExecStart = ''
${pkgs.curl}/bin/curl --request POST --url https://discord.com/api/webhooks/1235751608046846012/CU7tz271Z3Rbq9mPV0_rB5RBCRDhLKhGH14ebBm-TePpWFqKKJaCRYVMHYTJsIaSq2H- --header 'Content-Type: application/json' --data '{"username": "Auxin SSH status","avatar_url": "https://pbs.twimg.com/media/GMPtuovaQAAQ7Qr?format=png&name=large","content": "SSHD is Running!"}'
'';
};
wantedBy = ["multi-user.target"];
};
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
# This option defines the first version of NixOS you have installed on this particular machine,
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
#
# Most users should NEVER change this value after the initial install, for any reason,
# even if you've upgraded your system to a new NixOS release.
#
# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
# so changing it will NOT upgrade your system.
#
# This value being lower than the current NixOS release does NOT mean your system is
# out of date, out of support, or vulnerable.
#
# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
# and migrated your data accordingly.
#
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system.stateVersion = "23.11"; # Did you read the comment?
}

2
flake.nix
View file

@ -16,7 +16,7 @@
auxin = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
./configuration.nix
./auxin/configuration.nix
];
};
};