StuRa/stura-infra
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
stura-infra/default.nix
goeranh 7b25130a12 these defaults should be global
2026-02-28 18:55:24 +01:00

93 lines
2.5 KiB
Nix
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
config,
lib,
pkgs,
...
}:
let
keys = [
#goeranh
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINABEf0jBjtDdezDDtvl1v27l0DbHP2XUgMARTZXC+MR goeranh@node5"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDmYHNdtPmQqvNINEWJgqEojrye+wQKr0S0VwlGv7xUa goeranh@node7"
# vater
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIODo6gQkqpQFDUlxCpejpAdmht5tNRLYNcF0Ojb6SrRw"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBcsI9+VIbNpno2t03iGO8o+yuK+/HmohWss6y7bAei6 disc@pve-l"
# mathis
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJlBh+rMAznfD0Hjas0v3D0kTiR5vWcKgd7iTPbU6MZ+ mathis@mathis-ThinkPad-L13-Yoga-Gen-2"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBw33Mh8C3MyR5sIBfw1wsYbVOBSQ9Mq2LcxbcBZcTo/ mathis@T480-Fedora"
# tan
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFSwdCtJZNZzrVa6m4I3OBZHGgWYhEBCBdnCR5rSJimz ocxe@nix"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPsTV0nN3IQbPU6nlR/YJ9OpylluevLeba1SzQTPemsD ocxe@nix"
];
in
{
networking.nameservers = [
"141.56.1.1"
"141.56.1.2"
];
boot.kernelPackages = pkgs.linuxPackages_latest;
nix = {
settings = {
experimental-features = [
"nix-command"
"flakes"
];
# trusted-users = [ "administration" ];
auto-optimise-store = true;
};
optimise.automatic = true;
gc = {
automatic = true;
options = "--delete-older-than 42d";
};
};
networking.domain = "htw.stura-dresden.de";
time.timeZone = "Europe/Berlin";
i18n.defaultLocale = "en_US.UTF-8";
console = {
font = "Lat2-Terminus16";
keyMap = lib.mkForce "de";
useXkbConfig = true; # use xkb.options in tty.
};
#### Wir verwenden die fuer NixOS ueblichen Empfehlung fuer Nginx.
services.nginx.recommendedOptimisation = true;
services.nginx.recommendedGzipSettings = true;
services.nginx.recommendedProxySettings = true;
#### Mit der Anwendung Nginx soll die (ausschließliche) Verwendung von https (http mit TLS), statt http ermoeglicht werden.
services.nginx.recommendedTlsSettings = true;
users.users = {
# erstmal nur mit root
# administration = {
# isNormalUser = true;
# extraGroups = [ "wheel" ]; # Enable sudo for the user.
# openssh.authorizedKeys.keys = keys;
# };
root = {
openssh.authorizedKeys.keys = keys;
};
};
environment.systemPackages = with pkgs; [
tmux
git
htop
neovim
];
services.openssh.enable = true;
security.acme.acceptTerms = true;
security.acme.defaults.email = "cert@stura.htw-dresden.de";
}
Reference in a new issue View git blame Copy permalink