From bd33e26a40e39c4ca898a3351c7afee624e0f983 Mon Sep 17 00:00:00 2001 From: Sebastien Bourdeauducq Date: Sat, 9 May 2020 21:52:00 +0800 Subject: [PATCH] nixops: common users, gnome, disable SSH password, light config --- nixops/common-users.nix | 48 ++++++++++++++++++++ nixops/desktop.nix | 45 +++++-------------- nixops/light.nix | 99 +++++++++++++++++++++++++++++++++++++++++ nixops/nixops.nix | 2 +- nixops/rpi.nix | 54 +++------------------- 5 files changed, 163 insertions(+), 85 deletions(-) create mode 100644 nixops/common-users.nix create mode 100644 nixops/light.nix diff --git a/nixops/common-users.nix b/nixops/common-users.nix new file mode 100644 index 0000000..5161bc9 --- /dev/null +++ b/nixops/common-users.nix @@ -0,0 +1,48 @@ +{ + sb = { + isNormalUser = true; + extraGroups = ["wheel" "plugdev" "dialout"]; + openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZGtCJoIRtRadaSBMx+MNX53nvEGUk9q/89ZpEH/jCRS+FRnBOH73C8YGvsJaiL5xUZiLjIW7SRUr40bKgvns1FJ3PNMPqvAh6fC98h5EnWAVtzKpYVXGPVvxGOqRJwvEHr6DGMJbP1lRl78zFt3PQaeEiJ5mCxlY4KenKbkBJpUWBAUa11VrNd+o7AMfF0pbNDxZCd213brbyb8saLnEx28HwdaUn//MMWnfSPDLGlod5dy4/hzj0Yk/o+4yaeIkfk1Z0FqtZif1N+VTqD5r0dfvIi38mmVYzbImy5X/hoPtLTMRb//6KZH5POwMP3ZazIq7Bl0cmGfDEu/p6/zJd sb@sb-ThinkPad-10" + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDdIXscubIsVCi9sfFdaorQ3VN1Ry3Se3NEDPUKDOxOas7MqoY+W0mvrlL8QfsCwUniIF/NUJbN8LDdleRn5nO6rQdUyVXuYjaizYMOyMunY6KgQZm24+FrNS3HoVX1nQxesLB18FPtJ7A3VwOTnfuFmY2A1TyFDlUIpnCUCJ0goIW2vW9xFGdd17MI8xshwZWa3ChObbkSqX6VN8YAPWMnIqPnbBWCnetjSSjFdtKPJzhYbr7usxKD1ksMKo5OYpZXK9kiqYQOtWTk/EL5eDIrr3+wJpoWqWX/UV29VImCWtRQE2bA5A1j3sySmixR9/OQMickWk0llgK/5Nj9Hz2v sb@nixbld" + ]; + }; + rj = { + isNormalUser = true; + extraGroups = ["wheel" "plugdev" "dialout"]; + openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDZOitjBp9uB+Hldt5M040Jq/3rVFBbw40Xemkau3BLvMn8TzkJs5NLrlNa4vcwFecA/nh7aPzdGHc1b/E2EYCfM29oo/oVBJsp/L66YUbnYrneFNVp8Ccw3tZPPAiADjLZWta0JQLVVY6Dqtt0SH/oU5jC1F1qCa+krWqkKAVE8rfxYVspBGagxlpZuE83UC0j2yXrbHq6ZrAW917wXUEpcIR+mKalDM2Aa1FAZZH9upty2yysyOHh6/ljurz6tMRqjzjdJtVJ2YXf4GZpIuYcxCU1kvLKPLN0MZA+aXtraCGmEdjdx38sfRqHBnffXhCkJIo+W4aw4Xae2xplmGeInWqnUwsWxuVJENdPfbBOBdMRuFemuPZdmBcohczDygOC3h+oljBvQF6Ffyvk38pVLbd91p1+qgvtW7OcXTUjm17K1Oa54RGUcm1W2w3yJKCc8RQZXlwVtneTX0VoK39LC1yWfyMBg8sWeT66oE+v2CCEzsB0A1xZx/dK0r5bdfv8uNAH5d8RGL++zNEVrsA4iZF6FEeXgaoje3tKMqKTgOx4EDh93ie2rv7oE8xrPL5g0vb8wBQ1Kf4rukd7FPVu+E4+W5oSnQ42BJ9Z4sFCLQ9Dnhbg4VvREzAe9rVzfAG368iCVKkFcSq+AaLquqrBpwLbz10V3GLDARlF2IZZGQ== rj@lab.m-labs.hk" + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC27krR8G8Pb59YuYm7+X2mmNnVdk/t9myYgO8LH0zfb2MeeXX5+90nW9kMjKflJss/oLl8dkD85jbJ0fRbRkfJd20pGCqCUuYAbYKkowigFVEkbrbWSLkmf+clRjzJOuBuUA0uq0XKS17uMC3qhu+dDdBOAIKb3L83NfVE8p8Pjb4BPktQrdxefM43/x4jTMuc7tgxVmTOEge3+rmVPK2GnLkUBgBn8b6S+9ElPd63HXI5J5f61v21l5N9V0mhTu1pv6PiDRdFIlFDK9dLVZcZ2qlzpKmCnFrOoreBEgre44SpfFe5/MMItxvWiVsj/rij/rHZZiol1k7JiQCnEHeCCbjjvcBBka5HxZgcb3vBZVceTOawrmjbdbA2dq35sUptz/bEgdZ1UVCmVpWsdROAlEDBmSSbcVwxzcvhoKnkpbuP4Q0V3tVKSLW053ADFNB4frtwY5nAZfsVErFLLphjwb8nlyJoDRNapQrn5syEiW0ligX2AAskZTYIl2A5AYyWPrmX6HJOPqZGatMU3qQiRMxs+hFqhyyCmBgl0kcsgW09MBKtJWk1Fbii98MHqgRUN9R7AUiYy5p78Pnv9DC8DT8Ubl9zoP0g5d40P9NGK2LAhMxLXvtckJ4ERqbSEcNZJw+q4jBrOHnMTz+NLdAUiEtru+6T2OdhaHv+eiNlFQ== robert-jordens-rsa4096" + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCUdbne3NtIG+iy/jer76/OY+IksuS3BDLSXPnWrGejWnig9h+L6sUV0lEVI6dqp+W/b8jWqPB8nh5S0NZsCd3Ta3Go82k/SPPkh9lB2PpfquhCjLnmC/RNc3TgC4FuiS+NZHqXaTggYHubNwEK+8gynMqkMQXjOGU02U0CtUfsYdAm75AW60DySZCRNwOcU0Ndpn1UCpha7fL1k179Dd/OtArkYsIL24ohlfxFeOB3jGYQK6ATmzbvCRjwIKXcyECuajWwfnDg9FtDWrqHNzu5dJlvmxoWm8zCDgMj53uiA7TjujQN81MYrIJNeEwSr5jXQMqzA3mzlk4k3Z0qs3TP robert-jordens-64FEFBAF-4D0749B2-rsa2048" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMUaB2G1jexxfkdlly3fdWslH54/s/bOuvk9AxqpjtAY robert-jordens-ed25519" + ]; + }; + harry = { + isNormalUser = true; + extraGroups = ["plugdev" "dialout"]; + openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDfZGegJYOV2qCdTf2R54thWt0UjH/ycarugV5UWrdql7w9yqaGwqeadRIVoz9IH++AB8NFxPzxMiQzOH5TI4r5hVjconslSeucMvh9u/GPJqQk94uZayodgfqCeBL5v8RqW4kJE1CHrSbKhzLrtWsTsju2XFidLGqBg1v7HWmSB6UqzqmQWqPLxDCi7/JW2ECuKjYlOJY+uzGFz5cxOtJO/lUNSXT3ZSWF/VLscuMmLsdyocdVwZANgPS7A0/wArlbZZMNw72CHuWsh8WVxarKIRwhoaBgXv7Oj3ohi6fVRGo1DOC3ucDGCDNjaQG2gbXGHEiPtrpz43I7BcCeJqNH harry@juno" + ]; + }; + astro = { + isNormalUser = true; + extraGroups = ["plugdev" "dialout"]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGJJTSJdpDh82486uPiMhhyhnci4tScp5uUe7156MBC8 a" + ]; + }; + pca006132 = { + isNormalUser = true; + extraGroups = ["plugdev" "dialout"]; + openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCqkGZIb57sjzcnYg6tJXrK1iPKnIP6iYkcc2h/cf4rknvOT9ZkeUra7hCTjQDCiC168Lxcdx2wQciuq2SypoUMFytQoLphGHKWpgLB6yoaQgwCUW+To55kJlbs/rOywfwaRAtiyNsCtf+1FTbl0X0mKNIibjDqVyawXaUhfDLNB0TPg1yhhHdi/fqDgq+9kI/2E++8k9TZ2SUZ6vLbERU0cRkGCrVhqR7QEV+Oqa0uFBvNzc+tp/L3BKUUOCiSThNOtUHR9mSx9/Yq31tQ/I+l+oDcJyDiQlrFvDTBRbaDiMDwTFZolsQ8pFR0aJXHOrWRP11LF/EibjqbiK6WHDG/2mTnkREgGOElbOhg4yypMg5KXPY3JhjNibXV8p4GHjRb9g59N7F0s+ez44uS85fXUVVf840+mOx7W+9hGxK5ALr1I5EjUz8q2/SsF4eYuD44xCPK5rrKP0BYjnEQcDQEe5aZ2KyX+aSBF8jeiZsXti6x3Jg7ces6zlBWOoBNOPqTug4eNtkNmmPaoAzVeiItTJZBUAehLUAzyRD+8aTyB4DWAvesHPan+uQb9HvPH0rgymSEGxTi5280VWwvEpKHTGbuB0eYNFffDYVW0Y6xx3K4mZi71r6yCRdC/tsQEyM7N/dtoknvf77+iXCpb5yVSj0j5IAIVhlyszVMiW2qmw==" + ]; + }; + occheung = { + isNormalUser = true; + extraGroups = ["plugdev" "dialout"]; + openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDXYSxgxfvdHswDRhh30Qr3vTl6LCO9oTD0sVh/nRMjO+BgQ8HDst6jvolh/Ny6bQ710QLIthGtZxX8umFcoVebFkuAqenlXFXIpM86CYOST3zej/fRXmcvqJ2WV8EQzQGk5hLL/91bfpiYT1QQ0hg3/8x9ZVY5OkB2ehNZhFlZDBVqIPPOPYywMuaY7EXf5lHOX206kUeTygzrJFbHwX2du8/xZhcyqrgqVtN4+xy0q2OUDc3hrcSnxwdoSivbgl4LmQM5VWgOW/9fK0ji9naah9cFHNWv/lyz4uJYYttyx1C8jiqRZ7A1bhvemTK1VOvDZwVOp/o4ArjENgYIifzl" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDFljU/TppiVf8G8yORVZYpzmDtHeTV6sjnWyAl5B5//MKz7xoeg6Ear0ft35GXgFQ5mg+kUGptE+qpAuD1l5NdXuE1Qve9mIl5Gffn02HOdt4qyy8W4HX/GY7VPz1QQNWZmasYnqBiWWsFwsORhXYI8xN6LYL0UzhxS8EXGs36yC/pUn8CNS+c1f4sHJ00h+wIfn9nbypSXbxYE50IYPZlUWKfAxFaZrE7/G3/PQTIIRqI1b6+6hBmcyKfj55/URGeN8Z0Zkp1neJ2laXz/kAzct7PDteLx++ACH+U10/uT1KSQt7zhJkPdvJ2FOUBRygVYUB4w8Wo79Jr5WntH5xb" + ]; + }; +} diff --git a/nixops/desktop.nix b/nixops/desktop.nix index da29693..e595068 100644 --- a/nixops/desktop.nix +++ b/nixops/desktop.nix @@ -20,20 +20,21 @@ in # $ nix search wget nixpkgs.config.allowUnfree = true; environment.systemPackages = with pkgs; [ - wget vim git firefox thunderbird hexchat usbutils pciutils file lm_sensors cryptsetup audacious acpi - gwenview okular gimp imagemagick + wget vim git firefox thunderbird hexchat usbutils pciutils file lm_sensors audacious acpi + gimp imagemagick (python3.withPackages(ps: with ps; [ numpy scipy matplotlib qtconsole regex ])) mosh psmisc libreoffice-fresh gtkwave telnet unzip zip gnupg - wireshark pavucontrol - jq ark sublime3 rink qemu_kvm konsole - tmux xc3sprog m-labs.openocd screen gdb minicom picocom + gnome3.gnome-tweaks + jq sublime3 rink qemu_kvm + tmux xc3sprog m-labs.openocd screen gdb minicom picocom tigervnc (import ./fish-nix-shell) ]; programs.wireshark.enable = true; services.openssh.enable = true; services.openssh.forwardX11 = true; + services.openssh.passwordAuthentication = false; # Enable CUPS to print documents. services.printing = { @@ -76,9 +77,9 @@ in # Enable touchpad support. services.xserver.libinput.enable = true; - # Enable the KDE Desktop Environment. - services.xserver.displayManager.sddm.enable = true; - services.xserver.desktopManager.plasma5.enable = true; + services.xserver.displayManager.gdm.enable = true; + services.xserver.displayManager.gdm.autoSuspend = false; + services.xserver.desktopManager.gnome3.enable = true; hardware.bluetooth.enable = true; @@ -88,33 +89,7 @@ in ''; users.defaultUserShell = pkgs.fish; users.extraGroups.plugdev = { }; - users.extraUsers.sb = { - isNormalUser = true; - extraGroups = ["wheel" "plugdev" "dialout"]; - openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZGtCJoIRtRadaSBMx+MNX53nvEGUk9q/89ZpEH/jCRS+FRnBOH73C8YGvsJaiL5xUZiLjIW7SRUr40bKgvns1FJ3PNMPqvAh6fC98h5EnWAVtzKpYVXGPVvxGOqRJwvEHr6DGMJbP1lRl78zFt3PQaeEiJ5mCxlY4KenKbkBJpUWBAUa11VrNd+o7AMfF0pbNDxZCd213brbyb8saLnEx28HwdaUn//MMWnfSPDLGlod5dy4/hzj0Yk/o+4yaeIkfk1Z0FqtZif1N+VTqD5r0dfvIi38mmVYzbImy5X/hoPtLTMRb//6KZH5POwMP3ZazIq7Bl0cmGfDEu/p6/zJd sb@sb-ThinkPad-10" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDdIXscubIsVCi9sfFdaorQ3VN1Ry3Se3NEDPUKDOxOas7MqoY+W0mvrlL8QfsCwUniIF/NUJbN8LDdleRn5nO6rQdUyVXuYjaizYMOyMunY6KgQZm24+FrNS3HoVX1nQxesLB18FPtJ7A3VwOTnfuFmY2A1TyFDlUIpnCUCJ0goIW2vW9xFGdd17MI8xshwZWa3ChObbkSqX6VN8YAPWMnIqPnbBWCnetjSSjFdtKPJzhYbr7usxKD1ksMKo5OYpZXK9kiqYQOtWTk/EL5eDIrr3+wJpoWqWX/UV29VImCWtRQE2bA5A1j3sySmixR9/OQMickWk0llgK/5Nj9Hz2v sb@nixbld" - ]; - }; - users.extraUsers.harry = { - isNormalUser = true; - extraGroups = ["plugdev" "dialout" "wireshark"]; - }; - users.extraUsers.astro = { - isNormalUser = true; - extraGroups = ["plugdev" "dialout" "wireshark"]; - openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGJJTSJdpDh82486uPiMhhyhnci4tScp5uUe7156MBC8 a"]; - }; - users.extraUsers.pca006132 = { - isNormalUser = true; - extraGroups = ["plugdev" "dialout"]; - openssh.authorizedKeys.keys = ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCqkGZIb57sjzcnYg6tJXrK1iPKnIP6iYkcc2h/cf4rknvOT9ZkeUra7hCTjQDCiC168Lxcdx2wQciuq2SypoUMFytQoLphGHKWpgLB6yoaQgwCUW+To55kJlbs/rOywfwaRAtiyNsCtf+1FTbl0X0mKNIibjDqVyawXaUhfDLNB0TPg1yhhHdi/fqDgq+9kI/2E++8k9TZ2SUZ6vLbERU0cRkGCrVhqR7QEV+Oqa0uFBvNzc+tp/L3BKUUOCiSThNOtUHR9mSx9/Yq31tQ/I+l+oDcJyDiQlrFvDTBRbaDiMDwTFZolsQ8pFR0aJXHOrWRP11LF/EibjqbiK6WHDG/2mTnkREgGOElbOhg4yypMg5KXPY3JhjNibXV8p4GHjRb9g59N7F0s+ez44uS85fXUVVf840+mOx7W+9hGxK5ALr1I5EjUz8q2/SsF4eYuD44xCPK5rrKP0BYjnEQcDQEe5aZ2KyX+aSBF8jeiZsXti6x3Jg7ces6zlBWOoBNOPqTug4eNtkNmmPaoAzVeiItTJZBUAehLUAzyRD+8aTyB4DWAvesHPan+uQb9HvPH0rgymSEGxTi5280VWwvEpKHTGbuB0eYNFffDYVW0Y6xx3K4mZi71r6yCRdC/tsQEyM7N/dtoknvf77+iXCpb5yVSj0j5IAIVhlyszVMiW2qmw=="]; - }; - users.extraUsers.occheung = { - isNormalUser = true; - extraGroups = ["plugdev" "dialout"]; - openssh.authorizedKeys.keys = ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDXYSxgxfvdHswDRhh30Qr3vTl6LCO9oTD0sVh/nRMjO+BgQ8HDst6jvolh/Ny6bQ710QLIthGtZxX8umFcoVebFkuAqenlXFXIpM86CYOST3zej/fRXmcvqJ2WV8EQzQGk5hLL/91bfpiYT1QQ0hg3/8x9ZVY5OkB2ehNZhFlZDBVqIPPOPYywMuaY7EXf5lHOX206kUeTygzrJFbHwX2du8/xZhcyqrgqVtN4+xy0q2OUDc3hrcSnxwdoSivbgl4LmQM5VWgOW/9fK0ji9naah9cFHNWv/lyz4uJYYttyx1C8jiqRZ7A1bhvemTK1VOvDZwVOp/o4ArjENgYIifzl" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDFljU/TppiVf8G8yORVZYpzmDtHeTV6sjnWyAl5B5//MKz7xoeg6Ear0ft35GXgFQ5mg+kUGptE+qpAuD1l5NdXuE1Qve9mIl5Gffn02HOdt4qyy8W4HX/GY7VPz1QQNWZmasYnqBiWWsFwsORhXYI8xN6LYL0UzhxS8EXGs36yC/pUn8CNS+c1f4sHJ00h+wIfn9nbypSXbxYE50IYPZlUWKfAxFaZrE7/G3/PQTIIRqI1b6+6hBmcyKfj55/URGeN8Z0Zkp1neJ2laXz/kAzct7PDteLx++ACH+U10/uT1KSQt7zhJkPdvJ2FOUBRygVYUB4w8Wo79Jr5WntH5xb"]; - }; + users.extraUsers = (import ./common-users.nix); security.sudo.wheelNeedsPassword = false; services.udev.packages = [ m-labs.openocd ]; services.udev.extraRules = '' diff --git a/nixops/light.nix b/nixops/light.nix new file mode 100644 index 0000000..6134744 --- /dev/null +++ b/nixops/light.nix @@ -0,0 +1,99 @@ +{ host }: + +{ config, pkgs, ... }: +{ + deployment.targetHost = host; + + imports = + [ + (./. + "/${host}-hardware-configuration.nix") + ]; + + networking.hostName = host; + + time.timeZone = "Asia/Hong_Kong"; + + # List packages installed in system profile. To search, run: + # $ nix search wget + documentation.enable = false; + nixpkgs.config.allowUnfree = true; + environment.systemPackages = with pkgs; [ + wget vim git firefox usbutils pciutils file lm_sensors acpi + gimp imagemagick + (python3.withPackages(ps: with ps; [ numpy scipy ])) + psmisc + telnet unzip zip gnupg + sublime3 rink + tmux screen tigervnc + (import ./fish-nix-shell) + ]; + programs.wireshark.enable = true; + + services.openssh.enable = true; + services.openssh.forwardX11 = true; + services.openssh.passwordAuthentication = false; + + # Enable CUPS to print documents. + services.printing = { + enable = true; + extraConf = + '' + Browsing Off + BrowseLocalProtocols none + ''; + browsedConf = + '' + BrowseRemoteProtocols none + BrowseProtocols none + ''; + }; + services.avahi = { + enable = true; + nssmdns = true; + }; + + # Enable sound. + sound.enable = true; + hardware.pulseaudio = { + enable = true; + extraModules = [ pkgs.pulseaudio-modules-bt ]; + package = pkgs.pulseaudioFull; + }; + + i18n.inputMethod = { + enabled = "fcitx"; + fcitx.engines = with pkgs.fcitx-engines; [ table-extra m17n ]; + }; + fonts.fonts = [ pkgs.noto-fonts pkgs.noto-fonts-cjk pkgs.noto-fonts-emoji pkgs.noto-fonts-extra ]; + + # Enable the X11 windowing system. + services.xserver.enable = true; + services.xserver.layout = "us"; + services.xserver.xkbOptions = "eurosign:e"; + + # Enable touchpad support. + services.xserver.libinput.enable = true; + + services.xserver.displayManager.lightdm.enable = true; + services.xserver.desktopManager.xfce.enable = true; + + programs.fish.enable = true; + programs.fish.promptInit = '' + fish-nix-shell --info-right | source + ''; + users.defaultUserShell = pkgs.fish; + users.extraGroups.plugdev = { }; + users.extraUsers = (import ./common-users.nix); + + security.sudo.wheelNeedsPassword = false; + + nix.binaryCachePublicKeys = ["nixbld.m-labs.hk-1:5aSRVA5b320xbNvu30tqxVPXpld73bhtOeH6uAjRyHc="]; + nix.binaryCaches = ["https://nixbld.m-labs.hk" "https://cache.nixos.org"]; + nix.sandboxPaths = ["/opt"]; + + # This value determines the NixOS release with which your system is to be + # compatible, in order to avoid breaking some software such as database + # servers. You should change this only after NixOS release notes say you + # should. + system.stateVersion = "19.03"; # Did you read the comment? +} diff --git a/nixops/nixops.nix b/nixops/nixops.nix index 2123ea9..306a40a 100644 --- a/nixops/nixops.nix +++ b/nixops/nixops.nix @@ -4,5 +4,5 @@ rpi-3 = import ./rpi.nix { host = "rpi-3"; rpi4 = true; }; rpi-4 = import ./rpi.nix { host = "rpi-4"; rpi4 = true; }; juno = import ./desktop.nix { host = "juno"; }; - cnc = import ./desktop.nix { host = "cnc"; }; + cnc = import ./light.nix { host = "cnc"; }; } diff --git a/nixops/rpi.nix b/nixops/rpi.nix index 52ad371..2b40f2b 100644 --- a/nixops/rpi.nix +++ b/nixops/rpi.nix @@ -34,64 +34,20 @@ in }; services.openssh.enable = true; + services.openssh.passwordAuthentication = false; networking.hostName = host; time.timeZone = "Asia/Hong_Kong"; programs.wireshark.enable = true; - users.extraUsers.nix = { - isNormalUser = true; - }; - users.extraGroups.plugdev = { }; security.sudo.wheelNeedsPassword = false; - users.extraUsers.sb = { - isNormalUser = true; - extraGroups = ["wheel" "plugdev" "dialout"]; - openssh.authorizedKeys.keys = ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZGtCJoIRtRadaSBMx+MNX53nvEGUk9q/89ZpEH/jCRS+FRnBOH73C8YGvsJaiL5xUZiLjIW7SRUr40bKgvns1FJ3PNMPqvAh6fC98h5EnWAVtzKpYVXGPVvxGOqRJwvEHr6DGMJbP1lRl78zFt3PQaeEiJ5mCxlY4KenKbkBJpUWBAUa11VrNd+o7AMfF0pbNDxZCd213brbyb8saLnEx28HwdaUn//MMWnfSPDLGlod5dy4/hzj0Yk/o+4yaeIkfk1Z0FqtZif1N+VTqD5r0dfvIi38mmVYzbImy5X/hoPtLTMRb//6KZH5POwMP3ZazIq7Bl0cmGfDEu/p6/zJd sb@sb-ThinkPad-10"]; + users.extraUsers = (import ./common-users.nix) // { + nix = { + isNormalUser = true; + }; }; - users.extraUsers.rj = { - isNormalUser = true; - extraGroups = ["wheel" "plugdev" "dialout"]; - openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMUaB2G1jexxfkdlly3fdWslH54/s/bOuvk9AxqpjtAY robert-jordens-ed25519"]; - }; - users.extraUsers.astro = { - isNormalUser = true; - extraGroups = ["plugdev" "dialout" "wireshark" "wheel"]; - openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGJJTSJdpDh82486uPiMhhyhnci4tScp5uUe7156MBC8 a"]; - }; - users.extraUsers.harry = { - isNormalUser = true; - extraGroups = ["plugdev" "dialout"]; - openssh.authorizedKeys.keys = ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDfZGegJYOV2qCdTf2R54thWt0UjH/ycarugV5UWrdql7w9yqaGwqeadRIVoz9IH++AB8NFxPzxMiQzOH5TI4r5hVjconslSeucMvh9u/GPJqQk94uZayodgfqCeBL5v8RqW4kJE1CHrSbKhzLrtWsTsju2XFidLGqBg1v7HWmSB6UqzqmQWqPLxDCi7/JW2ECuKjYlOJY+uzGFz5cxOtJO/lUNSXT3ZSWF/VLscuMmLsdyocdVwZANgPS7A0/wArlbZZMNw72CHuWsh8WVxarKIRwhoaBgXv7Oj3ohi6fVRGo1DOC3ucDGCDNjaQG2gbXGHEiPtrpz43I7BcCeJqNH harry@juno"]; - }; - users.extraUsers.jerry = { - isNormalUser = true; - extraGroups = ["plugdev" "dialout"]; - openssh.authorizedKeys.keys = ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1vcq23Z221/OoiXombiXJYzQNTlgtWTXSnBI1jRDgcOfEX993jGIcC6NAa4czeqKu6kqEo+dqGMO872lPTo57KcBNmev+2J+WfvrRRu5uCkMcYWPA6peQq9VJ3+/YT8uShYN8KeDnlfuER8KrDo5RKX+SWk0NSgMXwdW5HD6bmRac1K6kydB+IGrltyUpph37vJEzF+OxPySiLQhWrwSQERYya+3fI/NsilffYa5qoDFmEfKwaSLIJ9zLbhTR7UPc0loQjyICOlGempbHwKK1YZJfidGIf5pHsW3wT3EnJzbMliQspXkw0KZyZij529TnoQkjGEsAsHI1es92/VP5 jerry@jerry-VivoBook-Flip-14-TP410UF"]; - }; - users.extraUsers.vince = { - isNormalUser = true; - extraGroups = ["plugdev" "dialout"]; - openssh.authorizedKeys.keys = ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyjDbp6PUxNpYvtShXLnvqQp/le5cNBpxN2WdxCd929ejNigIbg4Y01Exnwd5hjCQ7FJeEj+cCzoJEW4ZLkE91pH/cqwHLkoClr0N5TYv7bFb91gOP0aaPItQyJIPjhiR2OwMgVWi2pA+g/voQeFv1WzIPWaSTVf71wGUZ956jnZxQwUFdZoaje2vnUtGjMbmbPSZia6Naf/mwLqJIvoGelJbhVUtgwFDEWNjq3T8pIkCBR8pYlFDb2r61IR6quGoJWzhPjyL61KLceZPmtXXQg/wfX+IEYRK+jImc3XHx6c8c2aHj4ySWlCzxv+5jHrlqgyd+vF39VcDYLqx3/1JT vince@Vince-CHENG"]; - }; - users.extraUsers.pca006132 = { - isNormalUser = true; - extraGroups = ["plugdev" "dialout"]; - openssh.authorizedKeys.keys = ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCqkGZIb57sjzcnYg6tJXrK1iPKnIP6iYkcc2h/cf4rknvOT9ZkeUra7hCTjQDCiC168Lxcdx2wQciuq2SypoUMFytQoLphGHKWpgLB6yoaQgwCUW+To55kJlbs/rOywfwaRAtiyNsCtf+1FTbl0X0mKNIibjDqVyawXaUhfDLNB0TPg1yhhHdi/fqDgq+9kI/2E++8k9TZ2SUZ6vLbERU0cRkGCrVhqR7QEV+Oqa0uFBvNzc+tp/L3BKUUOCiSThNOtUHR9mSx9/Yq31tQ/I+l+oDcJyDiQlrFvDTBRbaDiMDwTFZolsQ8pFR0aJXHOrWRP11LF/EibjqbiK6WHDG/2mTnkREgGOElbOhg4yypMg5KXPY3JhjNibXV8p4GHjRb9g59N7F0s+ez44uS85fXUVVf840+mOx7W+9hGxK5ALr1I5EjUz8q2/SsF4eYuD44xCPK5rrKP0BYjnEQcDQEe5aZ2KyX+aSBF8jeiZsXti6x3Jg7ces6zlBWOoBNOPqTug4eNtkNmmPaoAzVeiItTJZBUAehLUAzyRD+8aTyB4DWAvesHPan+uQb9HvPH0rgymSEGxTi5280VWwvEpKHTGbuB0eYNFffDYVW0Y6xx3K4mZi71r6yCRdC/tsQEyM7N/dtoknvf77+iXCpb5yVSj0j5IAIVhlyszVMiW2qmw=="]; - }; - users.extraUsers.ashafir = { - isNormalUser = true; - extraGroups = ["plugdev" "dialout"]; - openssh.authorizedKeys.keys = ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC63csV1jA//Dix4hb2dYxuYdtYaTRKrN5d4BfRD/mTui1V4reWBkc9kvqhpb4SarTnJFbQUkmkPoIp/rOKpmHoOQHHdAC2lTr9RluL1iT/TLWjKMU6BA60L49i/PwR8UE26EodHKV1OI7Se3JzD0Ta/yoRIRcIV261kzjv3F0Ag3TcX+FWQ6oj6iKk6drFUodTFWufvR1/qIKkTz4d4K4J7JcykLFuTYjg4koCuMDufGobAvGLbQL3haad9kdywBaHvrxX1gEh6hgbprFtDoNufJy+rKKRUGSVgs7GBxLSjQ/9Ylqmso+YV+6zyYcpgQhpElrQr00JiDrFB1JO+9uipL3rQOHjwTWC6Rht5GEAq/WuTMKmWQUg4UIkKXadELRY7RI7NvWEe4V0h4vEIM+XQpbFofDZ4+1aQhsn/AIt0Sa54YAJtU1Vurvj76o2srNFNX1B0LVKmkU8QZ4KGlmfl/QMKA4bFXoedh9C+3B2of0XJc5tCsl4jxbbSjagLfVSMsnTyu8hZpjAmtsWrlkmnF12HLgtrU6OuLQ8OxMcUgwbYmvqJSni02DZ4EE4lS4+mlgzpdezUmsnRGGiNN5DTEpAQdSs54FdE3oEUpYEpJFUz7B9JwWsVyz6p/tpPmm4N+lbeYYEFF2L3Y53cLyKRTWfpsH1WsiH10H+P7ltFQ=="]; - }; - users.extraUsers.occheung = { - isNormalUser = true; - extraGroups = ["plugdev" "dialout"]; - openssh.authorizedKeys.keys = ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDXYSxgxfvdHswDRhh30Qr3vTl6LCO9oTD0sVh/nRMjO+BgQ8HDst6jvolh/Ny6bQ710QLIthGtZxX8umFcoVebFkuAqenlXFXIpM86CYOST3zej/fRXmcvqJ2WV8EQzQGk5hLL/91bfpiYT1QQ0hg3/8x9ZVY5OkB2ehNZhFlZDBVqIPPOPYywMuaY7EXf5lHOX206kUeTygzrJFbHwX2du8/xZhcyqrgqVtN4+xy0q2OUDc3hrcSnxwdoSivbgl4LmQM5VWgOW/9fK0ji9naah9cFHNWv/lyz4uJYYttyx1C8jiqRZ7A1bhvemTK1VOvDZwVOp/o4ArjENgYIifzl" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDFljU/TppiVf8G8yORVZYpzmDtHeTV6sjnWyAl5B5//MKz7xoeg6Ear0ft35GXgFQ5mg+kUGptE+qpAuD1l5NdXuE1Qve9mIl5Gffn02HOdt4qyy8W4HX/GY7VPz1QQNWZmasYnqBiWWsFwsORhXYI8xN6LYL0UzhxS8EXGs36yC/pUn8CNS+c1f4sHJ00h+wIfn9nbypSXbxYE50IYPZlUWKfAxFaZrE7/G3/PQTIIRqI1b6+6hBmcyKfj55/URGeN8Z0Zkp1neJ2laXz/kAzct7PDteLx++ACH+U10/uT1KSQt7zhJkPdvJ2FOUBRygVYUB4w8Wo79Jr5WntH5xb"]; - }; - services.udev.packages = [ m-labs.openocd ]; documentation.enable = false;