blob: d1694230f6a3595f0a61be738724df8647b327c5 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
|
{
pkgs,
config,
...
}: let
isNative = config.nixpkgs.hostPlatform == config.nixpkgs.buildPlatform;
isArm = config.nixpkgs.hostPlatform.isAarch;
in {
users = {
mutableUsers = false;
groups.cynerd.gid = 1000;
users = {
root = {
hashedPasswordFile = "/run/secrets/root.pass";
};
cynerd = {
group = "cynerd";
extraGroups = ["users" "wheel" "dialout" "kvm" "uucp" "wireshark" "leds"];
uid = 1000;
subUidRanges = [
{
count = 65534;
startUid = 10000;
}
];
subGidRanges = [
{
count = 65534;
startGid = 10000;
}
];
isNormalUser = true;
createHome = true;
shell =
if isNative
then pkgs.zsh.out
else pkgs.bash.out;
hashedPasswordFile = "/run/secrets/cynerd.pass";
openssh.authorizedKeys.keyFiles = [
(config.personal-secrets + "/unencrypted/git-private.pub")
];
};
};
};
security.sudo.extraRules = [
{
groups = ["wheel"];
commands = ["ALL"];
}
];
services.openssh = {
enable = true;
settings = {
PasswordAuthentication = false;
PermitRootLogin = "no";
};
};
programs = {
zsh = {
enable = isNative;
syntaxHighlighting.enable = isNative;
};
shellrc = true;
vim.defaultEditor = isArm;
neovim = {
enable = !isArm;
defaultEditor = true;
withNodeJs = true;
};
wireshark.enable = true;
};
programs.fuse.userAllowOther = true;
}
|
