nixops: common users, gnome, disable SSH password, light config
This commit is contained in:
parent
95ccdcc5be
commit
bd33e26a40
48
nixops/common-users.nix
Normal file
48
nixops/common-users.nix
Normal file
@ -0,0 +1,48 @@
|
|||||||
|
{
|
||||||
|
sb = {
|
||||||
|
isNormalUser = true;
|
||||||
|
extraGroups = ["wheel" "plugdev" "dialout"];
|
||||||
|
openssh.authorizedKeys.keys = [
|
||||||
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZGtCJoIRtRadaSBMx+MNX53nvEGUk9q/89ZpEH/jCRS+FRnBOH73C8YGvsJaiL5xUZiLjIW7SRUr40bKgvns1FJ3PNMPqvAh6fC98h5EnWAVtzKpYVXGPVvxGOqRJwvEHr6DGMJbP1lRl78zFt3PQaeEiJ5mCxlY4KenKbkBJpUWBAUa11VrNd+o7AMfF0pbNDxZCd213brbyb8saLnEx28HwdaUn//MMWnfSPDLGlod5dy4/hzj0Yk/o+4yaeIkfk1Z0FqtZif1N+VTqD5r0dfvIi38mmVYzbImy5X/hoPtLTMRb//6KZH5POwMP3ZazIq7Bl0cmGfDEu/p6/zJd sb@sb-ThinkPad-10"
|
||||||
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDdIXscubIsVCi9sfFdaorQ3VN1Ry3Se3NEDPUKDOxOas7MqoY+W0mvrlL8QfsCwUniIF/NUJbN8LDdleRn5nO6rQdUyVXuYjaizYMOyMunY6KgQZm24+FrNS3HoVX1nQxesLB18FPtJ7A3VwOTnfuFmY2A1TyFDlUIpnCUCJ0goIW2vW9xFGdd17MI8xshwZWa3ChObbkSqX6VN8YAPWMnIqPnbBWCnetjSSjFdtKPJzhYbr7usxKD1ksMKo5OYpZXK9kiqYQOtWTk/EL5eDIrr3+wJpoWqWX/UV29VImCWtRQE2bA5A1j3sySmixR9/OQMickWk0llgK/5Nj9Hz2v sb@nixbld"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
rj = {
|
||||||
|
isNormalUser = true;
|
||||||
|
extraGroups = ["wheel" "plugdev" "dialout"];
|
||||||
|
openssh.authorizedKeys.keys = [
|
||||||
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDZOitjBp9uB+Hldt5M040Jq/3rVFBbw40Xemkau3BLvMn8TzkJs5NLrlNa4vcwFecA/nh7aPzdGHc1b/E2EYCfM29oo/oVBJsp/L66YUbnYrneFNVp8Ccw3tZPPAiADjLZWta0JQLVVY6Dqtt0SH/oU5jC1F1qCa+krWqkKAVE8rfxYVspBGagxlpZuE83UC0j2yXrbHq6ZrAW917wXUEpcIR+mKalDM2Aa1FAZZH9upty2yysyOHh6/ljurz6tMRqjzjdJtVJ2YXf4GZpIuYcxCU1kvLKPLN0MZA+aXtraCGmEdjdx38sfRqHBnffXhCkJIo+W4aw4Xae2xplmGeInWqnUwsWxuVJENdPfbBOBdMRuFemuPZdmBcohczDygOC3h+oljBvQF6Ffyvk38pVLbd91p1+qgvtW7OcXTUjm17K1Oa54RGUcm1W2w3yJKCc8RQZXlwVtneTX0VoK39LC1yWfyMBg8sWeT66oE+v2CCEzsB0A1xZx/dK0r5bdfv8uNAH5d8RGL++zNEVrsA4iZF6FEeXgaoje3tKMqKTgOx4EDh93ie2rv7oE8xrPL5g0vb8wBQ1Kf4rukd7FPVu+E4+W5oSnQ42BJ9Z4sFCLQ9Dnhbg4VvREzAe9rVzfAG368iCVKkFcSq+AaLquqrBpwLbz10V3GLDARlF2IZZGQ== rj@lab.m-labs.hk"
|
||||||
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC27krR8G8Pb59YuYm7+X2mmNnVdk/t9myYgO8LH0zfb2MeeXX5+90nW9kMjKflJss/oLl8dkD85jbJ0fRbRkfJd20pGCqCUuYAbYKkowigFVEkbrbWSLkmf+clRjzJOuBuUA0uq0XKS17uMC3qhu+dDdBOAIKb3L83NfVE8p8Pjb4BPktQrdxefM43/x4jTMuc7tgxVmTOEge3+rmVPK2GnLkUBgBn8b6S+9ElPd63HXI5J5f61v21l5N9V0mhTu1pv6PiDRdFIlFDK9dLVZcZ2qlzpKmCnFrOoreBEgre44SpfFe5/MMItxvWiVsj/rij/rHZZiol1k7JiQCnEHeCCbjjvcBBka5HxZgcb3vBZVceTOawrmjbdbA2dq35sUptz/bEgdZ1UVCmVpWsdROAlEDBmSSbcVwxzcvhoKnkpbuP4Q0V3tVKSLW053ADFNB4frtwY5nAZfsVErFLLphjwb8nlyJoDRNapQrn5syEiW0ligX2AAskZTYIl2A5AYyWPrmX6HJOPqZGatMU3qQiRMxs+hFqhyyCmBgl0kcsgW09MBKtJWk1Fbii98MHqgRUN9R7AUiYy5p78Pnv9DC8DT8Ubl9zoP0g5d40P9NGK2LAhMxLXvtckJ4ERqbSEcNZJw+q4jBrOHnMTz+NLdAUiEtru+6T2OdhaHv+eiNlFQ== robert-jordens-rsa4096"
|
||||||
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCUdbne3NtIG+iy/jer76/OY+IksuS3BDLSXPnWrGejWnig9h+L6sUV0lEVI6dqp+W/b8jWqPB8nh5S0NZsCd3Ta3Go82k/SPPkh9lB2PpfquhCjLnmC/RNc3TgC4FuiS+NZHqXaTggYHubNwEK+8gynMqkMQXjOGU02U0CtUfsYdAm75AW60DySZCRNwOcU0Ndpn1UCpha7fL1k179Dd/OtArkYsIL24ohlfxFeOB3jGYQK6ATmzbvCRjwIKXcyECuajWwfnDg9FtDWrqHNzu5dJlvmxoWm8zCDgMj53uiA7TjujQN81MYrIJNeEwSr5jXQMqzA3mzlk4k3Z0qs3TP robert-jordens-64FEFBAF-4D0749B2-rsa2048"
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMUaB2G1jexxfkdlly3fdWslH54/s/bOuvk9AxqpjtAY robert-jordens-ed25519"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
harry = {
|
||||||
|
isNormalUser = true;
|
||||||
|
extraGroups = ["plugdev" "dialout"];
|
||||||
|
openssh.authorizedKeys.keys = [
|
||||||
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDfZGegJYOV2qCdTf2R54thWt0UjH/ycarugV5UWrdql7w9yqaGwqeadRIVoz9IH++AB8NFxPzxMiQzOH5TI4r5hVjconslSeucMvh9u/GPJqQk94uZayodgfqCeBL5v8RqW4kJE1CHrSbKhzLrtWsTsju2XFidLGqBg1v7HWmSB6UqzqmQWqPLxDCi7/JW2ECuKjYlOJY+uzGFz5cxOtJO/lUNSXT3ZSWF/VLscuMmLsdyocdVwZANgPS7A0/wArlbZZMNw72CHuWsh8WVxarKIRwhoaBgXv7Oj3ohi6fVRGo1DOC3ucDGCDNjaQG2gbXGHEiPtrpz43I7BcCeJqNH harry@juno"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
astro = {
|
||||||
|
isNormalUser = true;
|
||||||
|
extraGroups = ["plugdev" "dialout"];
|
||||||
|
openssh.authorizedKeys.keys = [
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGJJTSJdpDh82486uPiMhhyhnci4tScp5uUe7156MBC8 a"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
pca006132 = {
|
||||||
|
isNormalUser = true;
|
||||||
|
extraGroups = ["plugdev" "dialout"];
|
||||||
|
openssh.authorizedKeys.keys = [
|
||||||
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCqkGZIb57sjzcnYg6tJXrK1iPKnIP6iYkcc2h/cf4rknvOT9ZkeUra7hCTjQDCiC168Lxcdx2wQciuq2SypoUMFytQoLphGHKWpgLB6yoaQgwCUW+To55kJlbs/rOywfwaRAtiyNsCtf+1FTbl0X0mKNIibjDqVyawXaUhfDLNB0TPg1yhhHdi/fqDgq+9kI/2E++8k9TZ2SUZ6vLbERU0cRkGCrVhqR7QEV+Oqa0uFBvNzc+tp/L3BKUUOCiSThNOtUHR9mSx9/Yq31tQ/I+l+oDcJyDiQlrFvDTBRbaDiMDwTFZolsQ8pFR0aJXHOrWRP11LF/EibjqbiK6WHDG/2mTnkREgGOElbOhg4yypMg5KXPY3JhjNibXV8p4GHjRb9g59N7F0s+ez44uS85fXUVVf840+mOx7W+9hGxK5ALr1I5EjUz8q2/SsF4eYuD44xCPK5rrKP0BYjnEQcDQEe5aZ2KyX+aSBF8jeiZsXti6x3Jg7ces6zlBWOoBNOPqTug4eNtkNmmPaoAzVeiItTJZBUAehLUAzyRD+8aTyB4DWAvesHPan+uQb9HvPH0rgymSEGxTi5280VWwvEpKHTGbuB0eYNFffDYVW0Y6xx3K4mZi71r6yCRdC/tsQEyM7N/dtoknvf77+iXCpb5yVSj0j5IAIVhlyszVMiW2qmw=="
|
||||||
|
];
|
||||||
|
};
|
||||||
|
occheung = {
|
||||||
|
isNormalUser = true;
|
||||||
|
extraGroups = ["plugdev" "dialout"];
|
||||||
|
openssh.authorizedKeys.keys = [
|
||||||
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDXYSxgxfvdHswDRhh30Qr3vTl6LCO9oTD0sVh/nRMjO+BgQ8HDst6jvolh/Ny6bQ710QLIthGtZxX8umFcoVebFkuAqenlXFXIpM86CYOST3zej/fRXmcvqJ2WV8EQzQGk5hLL/91bfpiYT1QQ0hg3/8x9ZVY5OkB2ehNZhFlZDBVqIPPOPYywMuaY7EXf5lHOX206kUeTygzrJFbHwX2du8/xZhcyqrgqVtN4+xy0q2OUDc3hrcSnxwdoSivbgl4LmQM5VWgOW/9fK0ji9naah9cFHNWv/lyz4uJYYttyx1C8jiqRZ7A1bhvemTK1VOvDZwVOp/o4ArjENgYIifzl" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDFljU/TppiVf8G8yORVZYpzmDtHeTV6sjnWyAl5B5//MKz7xoeg6Ear0ft35GXgFQ5mg+kUGptE+qpAuD1l5NdXuE1Qve9mIl5Gffn02HOdt4qyy8W4HX/GY7VPz1QQNWZmasYnqBiWWsFwsORhXYI8xN6LYL0UzhxS8EXGs36yC/pUn8CNS+c1f4sHJ00h+wIfn9nbypSXbxYE50IYPZlUWKfAxFaZrE7/G3/PQTIIRqI1b6+6hBmcyKfj55/URGeN8Z0Zkp1neJ2laXz/kAzct7PDteLx++ACH+U10/uT1KSQt7zhJkPdvJ2FOUBRygVYUB4w8Wo79Jr5WntH5xb"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
}
|
@ -20,20 +20,21 @@ in
|
|||||||
# $ nix search wget
|
# $ nix search wget
|
||||||
nixpkgs.config.allowUnfree = true;
|
nixpkgs.config.allowUnfree = true;
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
wget vim git firefox thunderbird hexchat usbutils pciutils file lm_sensors cryptsetup audacious acpi
|
wget vim git firefox thunderbird hexchat usbutils pciutils file lm_sensors audacious acpi
|
||||||
gwenview okular gimp imagemagick
|
gimp imagemagick
|
||||||
(python3.withPackages(ps: with ps; [ numpy scipy matplotlib qtconsole regex ]))
|
(python3.withPackages(ps: with ps; [ numpy scipy matplotlib qtconsole regex ]))
|
||||||
mosh psmisc libreoffice-fresh
|
mosh psmisc libreoffice-fresh
|
||||||
gtkwave telnet unzip zip gnupg
|
gtkwave telnet unzip zip gnupg
|
||||||
wireshark pavucontrol
|
gnome3.gnome-tweaks
|
||||||
jq ark sublime3 rink qemu_kvm konsole
|
jq sublime3 rink qemu_kvm
|
||||||
tmux xc3sprog m-labs.openocd screen gdb minicom picocom
|
tmux xc3sprog m-labs.openocd screen gdb minicom picocom tigervnc
|
||||||
(import ./fish-nix-shell)
|
(import ./fish-nix-shell)
|
||||||
];
|
];
|
||||||
programs.wireshark.enable = true;
|
programs.wireshark.enable = true;
|
||||||
|
|
||||||
services.openssh.enable = true;
|
services.openssh.enable = true;
|
||||||
services.openssh.forwardX11 = true;
|
services.openssh.forwardX11 = true;
|
||||||
|
services.openssh.passwordAuthentication = false;
|
||||||
|
|
||||||
# Enable CUPS to print documents.
|
# Enable CUPS to print documents.
|
||||||
services.printing = {
|
services.printing = {
|
||||||
@ -76,9 +77,9 @@ in
|
|||||||
# Enable touchpad support.
|
# Enable touchpad support.
|
||||||
services.xserver.libinput.enable = true;
|
services.xserver.libinput.enable = true;
|
||||||
|
|
||||||
# Enable the KDE Desktop Environment.
|
services.xserver.displayManager.gdm.enable = true;
|
||||||
services.xserver.displayManager.sddm.enable = true;
|
services.xserver.displayManager.gdm.autoSuspend = false;
|
||||||
services.xserver.desktopManager.plasma5.enable = true;
|
services.xserver.desktopManager.gnome3.enable = true;
|
||||||
|
|
||||||
hardware.bluetooth.enable = true;
|
hardware.bluetooth.enable = true;
|
||||||
|
|
||||||
@ -88,33 +89,7 @@ in
|
|||||||
'';
|
'';
|
||||||
users.defaultUserShell = pkgs.fish;
|
users.defaultUserShell = pkgs.fish;
|
||||||
users.extraGroups.plugdev = { };
|
users.extraGroups.plugdev = { };
|
||||||
users.extraUsers.sb = {
|
users.extraUsers = (import ./common-users.nix);
|
||||||
isNormalUser = true;
|
|
||||||
extraGroups = ["wheel" "plugdev" "dialout"];
|
|
||||||
openssh.authorizedKeys.keys = [
|
|
||||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZGtCJoIRtRadaSBMx+MNX53nvEGUk9q/89ZpEH/jCRS+FRnBOH73C8YGvsJaiL5xUZiLjIW7SRUr40bKgvns1FJ3PNMPqvAh6fC98h5EnWAVtzKpYVXGPVvxGOqRJwvEHr6DGMJbP1lRl78zFt3PQaeEiJ5mCxlY4KenKbkBJpUWBAUa11VrNd+o7AMfF0pbNDxZCd213brbyb8saLnEx28HwdaUn//MMWnfSPDLGlod5dy4/hzj0Yk/o+4yaeIkfk1Z0FqtZif1N+VTqD5r0dfvIi38mmVYzbImy5X/hoPtLTMRb//6KZH5POwMP3ZazIq7Bl0cmGfDEu/p6/zJd sb@sb-ThinkPad-10"
|
|
||||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDdIXscubIsVCi9sfFdaorQ3VN1Ry3Se3NEDPUKDOxOas7MqoY+W0mvrlL8QfsCwUniIF/NUJbN8LDdleRn5nO6rQdUyVXuYjaizYMOyMunY6KgQZm24+FrNS3HoVX1nQxesLB18FPtJ7A3VwOTnfuFmY2A1TyFDlUIpnCUCJ0goIW2vW9xFGdd17MI8xshwZWa3ChObbkSqX6VN8YAPWMnIqPnbBWCnetjSSjFdtKPJzhYbr7usxKD1ksMKo5OYpZXK9kiqYQOtWTk/EL5eDIrr3+wJpoWqWX/UV29VImCWtRQE2bA5A1j3sySmixR9/OQMickWk0llgK/5Nj9Hz2v sb@nixbld"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
users.extraUsers.harry = {
|
|
||||||
isNormalUser = true;
|
|
||||||
extraGroups = ["plugdev" "dialout" "wireshark"];
|
|
||||||
};
|
|
||||||
users.extraUsers.astro = {
|
|
||||||
isNormalUser = true;
|
|
||||||
extraGroups = ["plugdev" "dialout" "wireshark"];
|
|
||||||
openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGJJTSJdpDh82486uPiMhhyhnci4tScp5uUe7156MBC8 a"];
|
|
||||||
};
|
|
||||||
users.extraUsers.pca006132 = {
|
|
||||||
isNormalUser = true;
|
|
||||||
extraGroups = ["plugdev" "dialout"];
|
|
||||||
openssh.authorizedKeys.keys = ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCqkGZIb57sjzcnYg6tJXrK1iPKnIP6iYkcc2h/cf4rknvOT9ZkeUra7hCTjQDCiC168Lxcdx2wQciuq2SypoUMFytQoLphGHKWpgLB6yoaQgwCUW+To55kJlbs/rOywfwaRAtiyNsCtf+1FTbl0X0mKNIibjDqVyawXaUhfDLNB0TPg1yhhHdi/fqDgq+9kI/2E++8k9TZ2SUZ6vLbERU0cRkGCrVhqR7QEV+Oqa0uFBvNzc+tp/L3BKUUOCiSThNOtUHR9mSx9/Yq31tQ/I+l+oDcJyDiQlrFvDTBRbaDiMDwTFZolsQ8pFR0aJXHOrWRP11LF/EibjqbiK6WHDG/2mTnkREgGOElbOhg4yypMg5KXPY3JhjNibXV8p4GHjRb9g59N7F0s+ez44uS85fXUVVf840+mOx7W+9hGxK5ALr1I5EjUz8q2/SsF4eYuD44xCPK5rrKP0BYjnEQcDQEe5aZ2KyX+aSBF8jeiZsXti6x3Jg7ces6zlBWOoBNOPqTug4eNtkNmmPaoAzVeiItTJZBUAehLUAzyRD+8aTyB4DWAvesHPan+uQb9HvPH0rgymSEGxTi5280VWwvEpKHTGbuB0eYNFffDYVW0Y6xx3K4mZi71r6yCRdC/tsQEyM7N/dtoknvf77+iXCpb5yVSj0j5IAIVhlyszVMiW2qmw=="];
|
|
||||||
};
|
|
||||||
users.extraUsers.occheung = {
|
|
||||||
isNormalUser = true;
|
|
||||||
extraGroups = ["plugdev" "dialout"];
|
|
||||||
openssh.authorizedKeys.keys = ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDXYSxgxfvdHswDRhh30Qr3vTl6LCO9oTD0sVh/nRMjO+BgQ8HDst6jvolh/Ny6bQ710QLIthGtZxX8umFcoVebFkuAqenlXFXIpM86CYOST3zej/fRXmcvqJ2WV8EQzQGk5hLL/91bfpiYT1QQ0hg3/8x9ZVY5OkB2ehNZhFlZDBVqIPPOPYywMuaY7EXf5lHOX206kUeTygzrJFbHwX2du8/xZhcyqrgqVtN4+xy0q2OUDc3hrcSnxwdoSivbgl4LmQM5VWgOW/9fK0ji9naah9cFHNWv/lyz4uJYYttyx1C8jiqRZ7A1bhvemTK1VOvDZwVOp/o4ArjENgYIifzl" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDFljU/TppiVf8G8yORVZYpzmDtHeTV6sjnWyAl5B5//MKz7xoeg6Ear0ft35GXgFQ5mg+kUGptE+qpAuD1l5NdXuE1Qve9mIl5Gffn02HOdt4qyy8W4HX/GY7VPz1QQNWZmasYnqBiWWsFwsORhXYI8xN6LYL0UzhxS8EXGs36yC/pUn8CNS+c1f4sHJ00h+wIfn9nbypSXbxYE50IYPZlUWKfAxFaZrE7/G3/PQTIIRqI1b6+6hBmcyKfj55/URGeN8Z0Zkp1neJ2laXz/kAzct7PDteLx++ACH+U10/uT1KSQt7zhJkPdvJ2FOUBRygVYUB4w8Wo79Jr5WntH5xb"];
|
|
||||||
};
|
|
||||||
security.sudo.wheelNeedsPassword = false;
|
security.sudo.wheelNeedsPassword = false;
|
||||||
services.udev.packages = [ m-labs.openocd ];
|
services.udev.packages = [ m-labs.openocd ];
|
||||||
services.udev.extraRules = ''
|
services.udev.extraRules = ''
|
||||||
|
99
nixops/light.nix
Normal file
99
nixops/light.nix
Normal file
@ -0,0 +1,99 @@
|
|||||||
|
{ host }:
|
||||||
|
|
||||||
|
{ config, pkgs, ... }:
|
||||||
|
{
|
||||||
|
deployment.targetHost = host;
|
||||||
|
|
||||||
|
imports =
|
||||||
|
[
|
||||||
|
(./. + "/${host}-hardware-configuration.nix")
|
||||||
|
];
|
||||||
|
|
||||||
|
networking.hostName = host;
|
||||||
|
|
||||||
|
time.timeZone = "Asia/Hong_Kong";
|
||||||
|
|
||||||
|
# List packages installed in system profile. To search, run:
|
||||||
|
# $ nix search wget
|
||||||
|
documentation.enable = false;
|
||||||
|
nixpkgs.config.allowUnfree = true;
|
||||||
|
environment.systemPackages = with pkgs; [
|
||||||
|
wget vim git firefox usbutils pciutils file lm_sensors acpi
|
||||||
|
gimp imagemagick
|
||||||
|
(python3.withPackages(ps: with ps; [ numpy scipy ]))
|
||||||
|
psmisc
|
||||||
|
telnet unzip zip gnupg
|
||||||
|
sublime3 rink
|
||||||
|
tmux screen tigervnc
|
||||||
|
(import ./fish-nix-shell)
|
||||||
|
];
|
||||||
|
programs.wireshark.enable = true;
|
||||||
|
|
||||||
|
services.openssh.enable = true;
|
||||||
|
services.openssh.forwardX11 = true;
|
||||||
|
services.openssh.passwordAuthentication = false;
|
||||||
|
|
||||||
|
# Enable CUPS to print documents.
|
||||||
|
services.printing = {
|
||||||
|
enable = true;
|
||||||
|
extraConf =
|
||||||
|
''
|
||||||
|
Browsing Off
|
||||||
|
BrowseLocalProtocols none
|
||||||
|
'';
|
||||||
|
browsedConf =
|
||||||
|
''
|
||||||
|
BrowseRemoteProtocols none
|
||||||
|
BrowseProtocols none
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
services.avahi = {
|
||||||
|
enable = true;
|
||||||
|
nssmdns = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
# Enable sound.
|
||||||
|
sound.enable = true;
|
||||||
|
hardware.pulseaudio = {
|
||||||
|
enable = true;
|
||||||
|
extraModules = [ pkgs.pulseaudio-modules-bt ];
|
||||||
|
package = pkgs.pulseaudioFull;
|
||||||
|
};
|
||||||
|
|
||||||
|
i18n.inputMethod = {
|
||||||
|
enabled = "fcitx";
|
||||||
|
fcitx.engines = with pkgs.fcitx-engines; [ table-extra m17n ];
|
||||||
|
};
|
||||||
|
fonts.fonts = [ pkgs.noto-fonts pkgs.noto-fonts-cjk pkgs.noto-fonts-emoji pkgs.noto-fonts-extra ];
|
||||||
|
|
||||||
|
# Enable the X11 windowing system.
|
||||||
|
services.xserver.enable = true;
|
||||||
|
services.xserver.layout = "us";
|
||||||
|
services.xserver.xkbOptions = "eurosign:e";
|
||||||
|
|
||||||
|
# Enable touchpad support.
|
||||||
|
services.xserver.libinput.enable = true;
|
||||||
|
|
||||||
|
services.xserver.displayManager.lightdm.enable = true;
|
||||||
|
services.xserver.desktopManager.xfce.enable = true;
|
||||||
|
|
||||||
|
programs.fish.enable = true;
|
||||||
|
programs.fish.promptInit = ''
|
||||||
|
fish-nix-shell --info-right | source
|
||||||
|
'';
|
||||||
|
users.defaultUserShell = pkgs.fish;
|
||||||
|
users.extraGroups.plugdev = { };
|
||||||
|
users.extraUsers = (import ./common-users.nix);
|
||||||
|
|
||||||
|
security.sudo.wheelNeedsPassword = false;
|
||||||
|
|
||||||
|
nix.binaryCachePublicKeys = ["nixbld.m-labs.hk-1:5aSRVA5b320xbNvu30tqxVPXpld73bhtOeH6uAjRyHc="];
|
||||||
|
nix.binaryCaches = ["https://nixbld.m-labs.hk" "https://cache.nixos.org"];
|
||||||
|
nix.sandboxPaths = ["/opt"];
|
||||||
|
|
||||||
|
# This value determines the NixOS release with which your system is to be
|
||||||
|
# compatible, in order to avoid breaking some software such as database
|
||||||
|
# servers. You should change this only after NixOS release notes say you
|
||||||
|
# should.
|
||||||
|
system.stateVersion = "19.03"; # Did you read the comment?
|
||||||
|
}
|
@ -4,5 +4,5 @@
|
|||||||
rpi-3 = import ./rpi.nix { host = "rpi-3"; rpi4 = true; };
|
rpi-3 = import ./rpi.nix { host = "rpi-3"; rpi4 = true; };
|
||||||
rpi-4 = import ./rpi.nix { host = "rpi-4"; rpi4 = true; };
|
rpi-4 = import ./rpi.nix { host = "rpi-4"; rpi4 = true; };
|
||||||
juno = import ./desktop.nix { host = "juno"; };
|
juno = import ./desktop.nix { host = "juno"; };
|
||||||
cnc = import ./desktop.nix { host = "cnc"; };
|
cnc = import ./light.nix { host = "cnc"; };
|
||||||
}
|
}
|
||||||
|
@ -34,64 +34,20 @@ in
|
|||||||
};
|
};
|
||||||
|
|
||||||
services.openssh.enable = true;
|
services.openssh.enable = true;
|
||||||
|
services.openssh.passwordAuthentication = false;
|
||||||
|
|
||||||
networking.hostName = host;
|
networking.hostName = host;
|
||||||
time.timeZone = "Asia/Hong_Kong";
|
time.timeZone = "Asia/Hong_Kong";
|
||||||
|
|
||||||
programs.wireshark.enable = true;
|
programs.wireshark.enable = true;
|
||||||
|
|
||||||
users.extraUsers.nix = {
|
|
||||||
isNormalUser = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
users.extraGroups.plugdev = { };
|
users.extraGroups.plugdev = { };
|
||||||
security.sudo.wheelNeedsPassword = false;
|
security.sudo.wheelNeedsPassword = false;
|
||||||
users.extraUsers.sb = {
|
users.extraUsers = (import ./common-users.nix) // {
|
||||||
|
nix = {
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
extraGroups = ["wheel" "plugdev" "dialout"];
|
|
||||||
openssh.authorizedKeys.keys = ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZGtCJoIRtRadaSBMx+MNX53nvEGUk9q/89ZpEH/jCRS+FRnBOH73C8YGvsJaiL5xUZiLjIW7SRUr40bKgvns1FJ3PNMPqvAh6fC98h5EnWAVtzKpYVXGPVvxGOqRJwvEHr6DGMJbP1lRl78zFt3PQaeEiJ5mCxlY4KenKbkBJpUWBAUa11VrNd+o7AMfF0pbNDxZCd213brbyb8saLnEx28HwdaUn//MMWnfSPDLGlod5dy4/hzj0Yk/o+4yaeIkfk1Z0FqtZif1N+VTqD5r0dfvIi38mmVYzbImy5X/hoPtLTMRb//6KZH5POwMP3ZazIq7Bl0cmGfDEu/p6/zJd sb@sb-ThinkPad-10"];
|
|
||||||
};
|
};
|
||||||
users.extraUsers.rj = {
|
|
||||||
isNormalUser = true;
|
|
||||||
extraGroups = ["wheel" "plugdev" "dialout"];
|
|
||||||
openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMUaB2G1jexxfkdlly3fdWslH54/s/bOuvk9AxqpjtAY robert-jordens-ed25519"];
|
|
||||||
};
|
};
|
||||||
users.extraUsers.astro = {
|
|
||||||
isNormalUser = true;
|
|
||||||
extraGroups = ["plugdev" "dialout" "wireshark" "wheel"];
|
|
||||||
openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGJJTSJdpDh82486uPiMhhyhnci4tScp5uUe7156MBC8 a"];
|
|
||||||
};
|
|
||||||
users.extraUsers.harry = {
|
|
||||||
isNormalUser = true;
|
|
||||||
extraGroups = ["plugdev" "dialout"];
|
|
||||||
openssh.authorizedKeys.keys = ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDfZGegJYOV2qCdTf2R54thWt0UjH/ycarugV5UWrdql7w9yqaGwqeadRIVoz9IH++AB8NFxPzxMiQzOH5TI4r5hVjconslSeucMvh9u/GPJqQk94uZayodgfqCeBL5v8RqW4kJE1CHrSbKhzLrtWsTsju2XFidLGqBg1v7HWmSB6UqzqmQWqPLxDCi7/JW2ECuKjYlOJY+uzGFz5cxOtJO/lUNSXT3ZSWF/VLscuMmLsdyocdVwZANgPS7A0/wArlbZZMNw72CHuWsh8WVxarKIRwhoaBgXv7Oj3ohi6fVRGo1DOC3ucDGCDNjaQG2gbXGHEiPtrpz43I7BcCeJqNH harry@juno"];
|
|
||||||
};
|
|
||||||
users.extraUsers.jerry = {
|
|
||||||
isNormalUser = true;
|
|
||||||
extraGroups = ["plugdev" "dialout"];
|
|
||||||
openssh.authorizedKeys.keys = ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1vcq23Z221/OoiXombiXJYzQNTlgtWTXSnBI1jRDgcOfEX993jGIcC6NAa4czeqKu6kqEo+dqGMO872lPTo57KcBNmev+2J+WfvrRRu5uCkMcYWPA6peQq9VJ3+/YT8uShYN8KeDnlfuER8KrDo5RKX+SWk0NSgMXwdW5HD6bmRac1K6kydB+IGrltyUpph37vJEzF+OxPySiLQhWrwSQERYya+3fI/NsilffYa5qoDFmEfKwaSLIJ9zLbhTR7UPc0loQjyICOlGempbHwKK1YZJfidGIf5pHsW3wT3EnJzbMliQspXkw0KZyZij529TnoQkjGEsAsHI1es92/VP5 jerry@jerry-VivoBook-Flip-14-TP410UF"];
|
|
||||||
};
|
|
||||||
users.extraUsers.vince = {
|
|
||||||
isNormalUser = true;
|
|
||||||
extraGroups = ["plugdev" "dialout"];
|
|
||||||
openssh.authorizedKeys.keys = ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyjDbp6PUxNpYvtShXLnvqQp/le5cNBpxN2WdxCd929ejNigIbg4Y01Exnwd5hjCQ7FJeEj+cCzoJEW4ZLkE91pH/cqwHLkoClr0N5TYv7bFb91gOP0aaPItQyJIPjhiR2OwMgVWi2pA+g/voQeFv1WzIPWaSTVf71wGUZ956jnZxQwUFdZoaje2vnUtGjMbmbPSZia6Naf/mwLqJIvoGelJbhVUtgwFDEWNjq3T8pIkCBR8pYlFDb2r61IR6quGoJWzhPjyL61KLceZPmtXXQg/wfX+IEYRK+jImc3XHx6c8c2aHj4ySWlCzxv+5jHrlqgyd+vF39VcDYLqx3/1JT vince@Vince-CHENG"];
|
|
||||||
};
|
|
||||||
users.extraUsers.pca006132 = {
|
|
||||||
isNormalUser = true;
|
|
||||||
extraGroups = ["plugdev" "dialout"];
|
|
||||||
openssh.authorizedKeys.keys = ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCqkGZIb57sjzcnYg6tJXrK1iPKnIP6iYkcc2h/cf4rknvOT9ZkeUra7hCTjQDCiC168Lxcdx2wQciuq2SypoUMFytQoLphGHKWpgLB6yoaQgwCUW+To55kJlbs/rOywfwaRAtiyNsCtf+1FTbl0X0mKNIibjDqVyawXaUhfDLNB0TPg1yhhHdi/fqDgq+9kI/2E++8k9TZ2SUZ6vLbERU0cRkGCrVhqR7QEV+Oqa0uFBvNzc+tp/L3BKUUOCiSThNOtUHR9mSx9/Yq31tQ/I+l+oDcJyDiQlrFvDTBRbaDiMDwTFZolsQ8pFR0aJXHOrWRP11LF/EibjqbiK6WHDG/2mTnkREgGOElbOhg4yypMg5KXPY3JhjNibXV8p4GHjRb9g59N7F0s+ez44uS85fXUVVf840+mOx7W+9hGxK5ALr1I5EjUz8q2/SsF4eYuD44xCPK5rrKP0BYjnEQcDQEe5aZ2KyX+aSBF8jeiZsXti6x3Jg7ces6zlBWOoBNOPqTug4eNtkNmmPaoAzVeiItTJZBUAehLUAzyRD+8aTyB4DWAvesHPan+uQb9HvPH0rgymSEGxTi5280VWwvEpKHTGbuB0eYNFffDYVW0Y6xx3K4mZi71r6yCRdC/tsQEyM7N/dtoknvf77+iXCpb5yVSj0j5IAIVhlyszVMiW2qmw=="];
|
|
||||||
};
|
|
||||||
users.extraUsers.ashafir = {
|
|
||||||
isNormalUser = true;
|
|
||||||
extraGroups = ["plugdev" "dialout"];
|
|
||||||
openssh.authorizedKeys.keys = ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC63csV1jA//Dix4hb2dYxuYdtYaTRKrN5d4BfRD/mTui1V4reWBkc9kvqhpb4SarTnJFbQUkmkPoIp/rOKpmHoOQHHdAC2lTr9RluL1iT/TLWjKMU6BA60L49i/PwR8UE26EodHKV1OI7Se3JzD0Ta/yoRIRcIV261kzjv3F0Ag3TcX+FWQ6oj6iKk6drFUodTFWufvR1/qIKkTz4d4K4J7JcykLFuTYjg4koCuMDufGobAvGLbQL3haad9kdywBaHvrxX1gEh6hgbprFtDoNufJy+rKKRUGSVgs7GBxLSjQ/9Ylqmso+YV+6zyYcpgQhpElrQr00JiDrFB1JO+9uipL3rQOHjwTWC6Rht5GEAq/WuTMKmWQUg4UIkKXadELRY7RI7NvWEe4V0h4vEIM+XQpbFofDZ4+1aQhsn/AIt0Sa54YAJtU1Vurvj76o2srNFNX1B0LVKmkU8QZ4KGlmfl/QMKA4bFXoedh9C+3B2of0XJc5tCsl4jxbbSjagLfVSMsnTyu8hZpjAmtsWrlkmnF12HLgtrU6OuLQ8OxMcUgwbYmvqJSni02DZ4EE4lS4+mlgzpdezUmsnRGGiNN5DTEpAQdSs54FdE3oEUpYEpJFUz7B9JwWsVyz6p/tpPmm4N+lbeYYEFF2L3Y53cLyKRTWfpsH1WsiH10H+P7ltFQ=="];
|
|
||||||
};
|
|
||||||
users.extraUsers.occheung = {
|
|
||||||
isNormalUser = true;
|
|
||||||
extraGroups = ["plugdev" "dialout"];
|
|
||||||
openssh.authorizedKeys.keys = ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDXYSxgxfvdHswDRhh30Qr3vTl6LCO9oTD0sVh/nRMjO+BgQ8HDst6jvolh/Ny6bQ710QLIthGtZxX8umFcoVebFkuAqenlXFXIpM86CYOST3zej/fRXmcvqJ2WV8EQzQGk5hLL/91bfpiYT1QQ0hg3/8x9ZVY5OkB2ehNZhFlZDBVqIPPOPYywMuaY7EXf5lHOX206kUeTygzrJFbHwX2du8/xZhcyqrgqVtN4+xy0q2OUDc3hrcSnxwdoSivbgl4LmQM5VWgOW/9fK0ji9naah9cFHNWv/lyz4uJYYttyx1C8jiqRZ7A1bhvemTK1VOvDZwVOp/o4ArjENgYIifzl" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDFljU/TppiVf8G8yORVZYpzmDtHeTV6sjnWyAl5B5//MKz7xoeg6Ear0ft35GXgFQ5mg+kUGptE+qpAuD1l5NdXuE1Qve9mIl5Gffn02HOdt4qyy8W4HX/GY7VPz1QQNWZmasYnqBiWWsFwsORhXYI8xN6LYL0UzhxS8EXGs36yC/pUn8CNS+c1f4sHJ00h+wIfn9nbypSXbxYE50IYPZlUWKfAxFaZrE7/G3/PQTIIRqI1b6+6hBmcyKfj55/URGeN8Z0Zkp1neJ2laXz/kAzct7PDteLx++ACH+U10/uT1KSQt7zhJkPdvJ2FOUBRygVYUB4w8Wo79Jr5WntH5xb"];
|
|
||||||
};
|
|
||||||
|
|
||||||
services.udev.packages = [ m-labs.openocd ];
|
services.udev.packages = [ m-labs.openocd ];
|
||||||
|
|
||||||
documentation.enable = false;
|
documentation.enable = false;
|
||||||
|
Loading…
Reference in New Issue
Block a user