nix-config/modules/TLMS/base.nix

{ pkgs, config, lib, registry, ... }:
let
  regMotd = ''
     _._     _,-'""`-._
    (,-.`._,'(       |\`-/|  Be vewy vewy quiet!
        `-.-' \ )-`( , o o)  We're hunting tewegwams!
              `-    \`_`"'-
  '';
  prodMotd = ''
             .-o=o-.  <===== THIS IS FUCKING PROD YOU PLAYIN' WITH
         ,  /=o=o=o=\ .--.
        _|\|=o=O=o=O=|    \
    __.'  a`\=o=o=o=(`\   /
    '.   a 4/`|.-""'`\ \ ;'`)   .---.
      \   .'  /   .--'  |_.'   / .-._)
       `)  _.'   /     /`-.__.' /
    jgs `'-.____;     /'-.___.-'
                 `"""`
  '';
in
{
  nix = {
    package = pkgs.nixFlakes;
    extraOptions = ''
    '';
    settings = {
      auto-optimise-store = true;
      experimental-features = "nix-command flakes";
    };
  };

  networking.useNetworkd = true;

  networking.hostName = registry.hostName;

  console = {
    font = "Lat2-Terminus16";
    keyMap = "uk";
  };

  i18n.defaultLocale = "en_US.UTF-8";
  i18n.supportedLocales = [
    "en_US.UTF-8/UTF-8"
    "en_US/ISO-8859-1"
    "C.UTF-8/UTF-8"
  ];

  environment.systemPackages = with pkgs; [
    git
    htop
    tmux
    screen
    neovim
    wget
    git-crypt
    iftop
    tcpdump
    dig
    usbutils
    rtl-sdr
    hackrf
    ssh-to-age
  ];

  networking.firewall.enable = lib.mkDefault true;

  networking.firewall.allowedTCPPorts = [ 22 ];
  users.users.root = {
    openssh.authorizedKeys.keyFiles = [
      ../../keys/ssh/revol-xut
      ../../keys/ssh/oxa
      ../../keys/ssh/oxa1
      ../../keys/ssh/marenz1
      ../../keys/ssh/marenz2
      ../../keys/ssh/marcel
    ];
  };
  services.openssh = {
    enable = true;
    settings = {
      PermitRootLogin = "prohibit-password";
      PasswordAuthentication = false;
    };
  };
  programs.mosh.enable = true;

  users.motd = if config.networking.hostName == "data-hoarder" then prodMotd else regMotd;

  programs.screen.screenrc = ''
    defscrollback 10000

    startup_message off

    hardstatus on
    hardstatus alwayslastline
    hardstatus string "%w"
  '';
}
more more things into registry 2023-11-26 02:38:52 +01:00			`{ pkgs, config, lib, registry, ... }:`
change motd 2022-08-30 22:04:48 +02:00			`let`
			`regMotd = ''`
			_._ _,-'""`-._
			(,-.`._,'( \|\`-/\| Be vewy vewy quiet!
			`-.-' \ )-`( , o o) We're hunting tewegwams!
			`- \`_`"'-
			`'';`
			`prodMotd = ''`
formatting 2022-09-27 01:01:20 +02:00			`.-o=o-. <===== THIS IS FUCKING PROD YOU PLAYIN' WITH`
			`, /=o=o=o=\ .--.`
			`_\|\\|=o=O=o=O=\| \`
			__.' a`\=o=o=o=(`\ /
			'. a 4/`\|.-""'`\ \ ;'`) .---.
			`\ .' / .--' \|_.' / .-._)`
			`) _.' / /`-.__.' /
			jgs `'-.____; /'-.___.-'
			`"""`
			`'';`
change motd 2022-08-30 22:04:48 +02:00			`in`
basic config 2022-04-23 03:01:58 +02:00			`{`
			`nix = {`
running configuration 2022-04-23 04:17:33 +02:00			`package = pkgs.nixFlakes;`
basic config 2022-04-23 03:01:58 +02:00			`extraOptions = ''`
add ssh keys 2022-04-23 13:41:36 +02:00			`'';`
update legacy options 2022-12-31 16:28:38 +01:00			`settings = {`
			`auto-optimise-store = true;`
			`experimental-features = "nix-command flakes";`
nixpkgs-fmt 2023-04-18 21:48:32 +02:00			`};`
basic config 2022-04-23 03:01:58 +02:00			`};`

rename ddvbDeployment -> deployment-dvb 2022-09-28 22:19:40 +02:00			`networking.useNetworkd = true;`
use ${self} absolute paths instead of relative paths 2022-09-26 16:44:09 +02:00
more more things into registry 2023-11-26 02:38:52 +01:00			`networking.hostName = registry.hostName;`

basic config 2022-04-23 03:01:58 +02:00			`console = {`
			`font = "Lat2-Terminus16";`
			`keyMap = "uk";`
			`};`

shrink size of vim and locales 2022-06-06 19:46:15 +02:00			`i18n.defaultLocale = "en_US.UTF-8";`
			`i18n.supportedLocales = [`
			`"en_US.UTF-8/UTF-8"`
			`"en_US/ISO-8859-1"`
			`"C.UTF-8/UTF-8"`
			`];`

basic config 2022-04-23 03:01:58 +02:00			`environment.systemPackages = with pkgs; [`
			`git`
			`htop`
			`tmux`
add screen 2022-10-02 16:32:25 +02:00			`screen`
remove dead code, also not constrained by stoarge anymore 2023-05-25 21:45:33 +02:00			`neovim`
basic config 2022-04-23 03:01:58 +02:00			`wget`
			`git-crypt`
fix systemd units 2022-04-24 16:09:18 +02:00			`iftop`
add networking tools 2022-08-22 23:34:36 +02:00			`tcpdump`
			`dig`
install debugging tools by default 2022-08-30 19:39:44 +02:00			`usbutils`
			`rtl-sdr`
			`hackrf`
add package ssh-to-age to base 2024-04-28 02:08:26 +02:00			`ssh-to-age`
basic config 2022-04-23 03:01:58 +02:00			`];`

refactored and more restrictive firewall 2022-09-26 17:50:17 +02:00			`networking.firewall.enable = lib.mkDefault true;`
rename ddvbDeployment -> deployment-dvb 2022-09-28 22:19:40 +02:00
refactored and more restrictive firewall 2022-09-26 17:50:17 +02:00			`networking.firewall.allowedTCPPorts = [ 22 ];`
move ssh options to base, json file to dump-dvb.nix 2022-07-08 17:58:22 +02:00			`users.users.root = {`
			`openssh.authorizedKeys.keyFiles = [`
TLMS.nix: yeet (#12) 2023-03-05 14:07:31 +01:00			`../../keys/ssh/revol-xut`
			`../../keys/ssh/oxa`
			`../../keys/ssh/oxa1`
			`../../keys/ssh/marenz1`
			`../../keys/ssh/marenz2`
adding marcel ssh key 2023-04-28 22:37:27 +02:00			`../../keys/ssh/marcel`
move ssh options to base, json file to dump-dvb.nix 2022-07-08 17:58:22 +02:00			`];`
			`};`
turned password auth off 2022-04-23 13:49:25 +02:00			`services.openssh = {`
			`enable = true;`
test update to 23.05 2023-05-26 16:18:59 +02:00			`settings = {`
switch naming scheme in services.openssh 2023-05-28 19:18:18 +02:00			`PermitRootLogin = "prohibit-password";`
			`PasswordAuthentication = false;`
test update to 23.05 2023-05-26 16:18:59 +02:00			`};`
turned password auth off 2022-04-23 13:49:25 +02:00			`};`
basic config 2022-04-23 03:01:58 +02:00			`programs.mosh.enable = true;`
refactored and more restrictive firewall 2022-09-26 17:50:17 +02:00
change motd 2022-08-30 22:04:48 +02:00			`users.motd = if config.networking.hostName == "data-hoarder" then prodMotd else regMotd;`
update motd 2022-07-13 22:56:38 +02:00
add screen 2022-10-02 16:32:25 +02:00			`programs.screen.screenrc = ''`
			`defscrollback 10000`

			`startup_message off`

			`hardstatus on`
			`hardstatus alwayslastline`
			`hardstatus string "%w"`
			`'';`
basic config 2022-04-23 03:01:58 +02:00			`}`