tdpeuter/sisyphus
tdpeuter/sisyphus
1
Fork 0
Code Issues 4 Pull requests Projects Releases Packages Wiki Activity

[ssh] Move to actual module

Browse source
This commit is contained in:
Tibo De Peuter 2023-10-18 18:54:27 +02:00
parent 59995f94c3
commit d40d862c04
10 changed files with 100 additions and 78 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

37
nixos/hosts/Tibo-NixFat/default.nix
View file

@ -13,6 +13,7 @@
programs = {
home-manager.enable = true;
ssh.enable = true;
zellij.enable = true;
};
};
@ -46,22 +47,29 @@
zenith-nvidia
];
hardware.bluetooth.enable = true;
networking.hostName = "Tibo-NixFat";
services = {
# Handle the laptop lid switch as follows:
logind = {
lidSwitch = "hybrid-sleep";
lidSwitchExternalPower = "lock";
lidSwitchDocked = "ignore";
};
};
system.stateVersion = "23.05";
time.timeZone = "Europe/Brussels";
# --- Barrier ---
networking = {
hostName = "Tibo-NixFat";
networkmanager.enable = true;
};
# Set your time zone.
time.timeZone = "Europe/Brussels";
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Enable sound with pipewire.
sound.enable = true;
hardware.pulseaudio.enable = false;
@ -79,21 +87,10 @@
#media-session.enable = true;
};
# Enable Bluetooth.
hardware.bluetooth.enable = true;
services = {
logind = {
lidSwitch = "hybrid-sleep";
lidSwitchExternalPower = "lock";
lidSwitchDocked = "ignore";
};
# Enable touchpad support (enabled default in most desktopManager).
xserver = {
services.xserver = {
libinput.enable = true;
};
};
# Allow unfree packages
nixpkgs.config.allowUnfree = true;

0
nixos/modules-old/utils/ssh/README.md → nixos/modules-old/utils/sops/README.md
View file

54
nixos/modules-old/utils/ssh/default.nix
View file

@ -1,54 +0,0 @@
{ config, lib, pkgs, ... }:
{
services.openssh = {
enable = true;
settings.PasswordAuthentication = false;
};
home-manager.users.tdpeuter = {
programs.ssh = {
enable = true;
matchBlocks = {
"Hugo" = {
hostname = "192.168.0.11";
identitiesOnly = true;
identityFile = "/run/secrets/Hugo/ssh";
user = "admin";
};
"HPC" = {
hostname = "login.hpc.ugent.be";
identitiesOnly = true;
identityFile = "/run/secrets/UGent/HPC/ssh";
user = "vsc44995";
};
# Git authentication
"git.depeuter.dev" = {
hostname = "git.depeuter.dev";
identitiesOnly = true;
identityFile = "/run/secrets/Hugo/Gitea/ssh";
user = "git";
};
"github.com" = {
hostname = "github.com";
identitiesOnly = true;
identityFile = "/run/secrets/GitHub/ssh";
user = "git";
};
"github.ugent.be" = {
hostname = "github.ugent.be";
identitiesOnly = true;
identityFile = "/run/secrets/UGent/GitHub/ssh";
user = "git";
};
"subgit.ugent.be" = {
hostname = "subgit.ugent.be";
identitiesOnly = true;
identityFile = "/run/secrets/UGent/SubGit/ssh";
user = "git";
};
};
};
};
}

3
nixos/modules/default.nix
View file

@ -1,8 +1,7 @@
{ lib, ... }:
{
imports = [
./programs
./services
./users
./virtualisation
];

1
nixos/modules/programs/default.nix
View file

@ -1,6 +1,7 @@
{
imports = [
./home-manager
./ssh
./zellij
];
}

13
nixos/modules/programs/ssh/default.nix Normal file
View file

@ -0,0 +1,13 @@
{ config, lib, pkgs, ... }:
let
cfg = config.sisyphus.programs.ssh;
in {
options.sisyphus.programs.ssh.enable = lib.mkEnableOption "SSH";
config = lib.mkIf cfg.enable {
programs.ssh = {
enableAskPassword = false;
};
};
}

5
nixos/modules/services/default.nix Normal file
View file

@ -0,0 +1,5 @@
{
imports = [
./openssh
];
}

17
nixos/modules/services/openssh/default.nix Normal file
View file

@ -0,0 +1,17 @@
{ config, lib, pkgs, ... }:
let
cfg = config.sisyphus.services.openssh;
in {
options.sisyphus.services.openssh.enable = lib.mkEnableOption "OpenSSH";
config = lib.mkIf cfg.enable {
services.openssh = {
enable = true;
settings = {
PasswordAuthentication = false;
PermitRootLogin = "no";
};
};
};
}

7
nixos/modules/users/tdpeuter/default.nix
View file

@ -21,6 +21,8 @@ in {
fonts.fonts = with pkgs; [
font-awesome_5 # Dependency of Vifm config
noto-fonts # Dependency of Zellij config
noto-fonts-cjk # Dependency of Zellij config
];
home-manager.users.tdpeuter = lib.mkIf config.sisyphus.programs.home-manager.enable {
@ -48,6 +50,7 @@ in {
unzip
vifm # File manager
zathura # PDF viewer
zellij # Tmux + screen alternative
]) ++ (with pkgs-unstable; [
mpv
]);
@ -66,6 +69,10 @@ in {
source = ../../../../stow/mpv/.config/mpv;
};
".ssh/config" = { # Always put SSH configuration
source = ../../../../stow/ssh/.ssh/config;
};
# Put Vifm files separately so history fill still works.
".config/vifm/colors" = lib.mkIf (builtins.elem pkgs.vifm installedPkgs) {
source = ../../../../stow/vifm/.config/vifm/colors;

37
stow/ssh/.ssh/config Normal file
View file

@ -0,0 +1,37 @@
Host Hugo
User admin
HostName 192.168.0.11
IdentitiesOnly yes
IdentityFile /run/secrets/Hugo/ssh
Host HPC
User vsc44995
HostName login.hpc.ugent.be
IdentitiesOnly yes
IdentityFile /run/secrets/UGent/HPC/ssh
# Git authentication
Host git.depeuter.dev
User git
HostName git.depeuter.dev
IdentitiesOnly yes
IdentityFile /run/secrets/Hugo/Gitea/ssh
Host github.com
User git
HostName github.com
IdentitiesOnly yes
IdentityFile /run/secrets/GitHub/ssh
Host github.ugent.be
User git
HostName github.ugent.be
IdentitiesOnly yes
IdentityFile /run/secrets/UGent/GitHub/ssh
Host subgit.ugent.be
User git
HostName subgit.ugent.be
IdentitiesOnly yes
IdentityFile /run/secrets/UGent/SubGit/ssh