summaryrefslogtreecommitdiff
path: root/chaski
diff options
context:
space:
mode:
authorstuebinm2023-03-05 22:47:21 +0100
committerstuebinm2023-03-05 22:47:21 +0100
commit3ec7bc623a720d4b958b12615fae34efcb3a260c (patch)
tree41920753884243934da06154b5481420e4edf37f /chaski
parent9f0a5397f02bee5aec24395bfd7e26b5ea577991 (diff)
fix things & make some others simpler, also ipv6 🎉
Diffstat (limited to '')
-rw-r--r--chaski/configuration.nix63
-rw-r--r--chaski/services/chat.nix43
2 files changed, 65 insertions, 41 deletions
diff --git a/chaski/configuration.nix b/chaski/configuration.nix
index 2ecfe4c..658f55a 100644
--- a/chaski/configuration.nix
+++ b/chaski/configuration.nix
@@ -10,58 +10,39 @@
./hardware-configuration.nix
./services/uplcg.nix
./services/tracktrain.nix
+ ./services/chat.nix
];
- networking.firewall.allowedTCPPorts = [ 80 443 ];
-
-
- users.users.chat = {
- isNormalUser = true;
- home = "/home/chat";
- shell = pkgs.fish;
- packages = with pkgs; [
- fish tmux weechat
- ];
- };
- services.openssh = {
- extraConfig = ''
- Match user chat
- ForceCommand tmux attach || tmux
- '';
- };
- programs.mosh.enable = true;
- users.users.chat.openssh.authorizedKeys.keys = [
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCTeuG1alKNNqoT2d5nUAlH0Otsk0NHM7nmkYC5Yfk8qcLsgY4v2dXlyrMzieajYgDjndEApgO3/S/V0EQGhvHc0UugC6LU84jHPwsgYVABRmFS74v/ww8NigaNIAevwWl+DxlnK4nnWdB1lo4xS69ooQdvoAjbubk16dP04LsAbH8Z+3cPB5WKAaayNx62DUwObzDSpztqCagCZzlqpwKG1UGJngrqEhk7B5Q0v9iCk91gqVkLSPllsB00+bqIimgkMVIZnoLLh7pcEgOvbG0yP2EG3ttDNN3jPpqE6mu+znfLq+ua/MwJy5hjmY5R54yPlcvFdsIU34jrdMCDvWqpV49VrLwVvkFN3lRZln/9eifkXXJciP4Ber3xEl8JltysV1PE5iJunWfbcOy0fwsYvBChDeyR5G3CLG2c25jKL9f1Iq95QBBMVYgIxq/dpGy0tjB+24w1JzsorvElsmz5etXLXCydLP07ic9PfSu1Wmwu7F0tweIk52x97sra6ePhtY+TTRffjjDz0DEho1bWDfrPV0xfPPAWXWTKYisVO4VVmMQsJbtXrfxUJbappM5vIXcJ+2JpT2Oh7Kiy3rjm+pd7rukgoCp7yN5z8v+2vuOfHqBuKUwlaRg/XNMyPrbnGGzVR1xzUuhwdOnjAyMmAr95Ne9hRBPwfVo2NR/ZZw=="
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEpWMKJrYaI9BRFCeVimQfHkg0THZJwLqh+z2fFxLU7q stuebinm@pixelimn"
- ];
services.nginx.enable = true;
- services.nginx.appendHttpConfig = ''
- access_log off;
- add_header Permissions-Policy "interest-cohort=()";
- '';
# Use the GRUB 2 boot loader.
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
+ boot.loader.grub.devices = [ "/dev/sda" ];
- networking.hostName = "chaski"; # Define your hostname.
+ networking = {
+ hostName = "chaski";
- # The global useDHCP flag is deprecated, therefore explicitly set to false here.
- # Per-interface useDHCP will be mandatory in the future, so this generated config
- # replicates the default behaviour.
- networking.useDHCP = false;
- networking.interfaces.ens10.useDHCP = true;
- networking.interfaces.ens3.useDHCP = true;
+ enableIPv6 = true;
+ defaultGateway6 = {
+ address = "fe80::1";
+ interface = "ens3";
+ };
- # This value determines the NixOS release from which the default
- # settings for stateful data, like file locations and database versions
- # on your system were taken. It‘s perfectly fine and recommended to leave
- # this value at the release version of the first install of this system.
- # Before changing this value read the documentation for this option
- # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
- system.stateVersion = "20.09"; # Did you read the comment?
+ interfaces.ens3.ipv6.addresses = [ {
+ address = "2a01:4f9:c010:69ed::1";
+ prefixLength = 64;
+ } ];
+
+ useDHCP = false;
+ interfaces.ens10.useDHCP = true;
+ interfaces.ens3.useDHCP = true;
+
+ firewall.logRefusedConnections = false;
+ firewall.allowedTCPPorts = [ 80 443 ];
+ };
- boot.loader.grub.devices = [ "/dev/sda" ];
+ system.stateVersion = "20.09"; # Did you read the comment?
}
diff --git a/chaski/services/chat.nix b/chaski/services/chat.nix
new file mode 100644
index 0000000..0771e19
--- /dev/null
+++ b/chaski/services/chat.nix
@@ -0,0 +1,43 @@
+{ config, lib, pkgs, inputs, ... }:
+
+# this defines an extra user, so i can run weechat in tmux
+# (and not deal with having an irc relay)
+{
+
+ imports = [ inputs.home-manager.nixosModule ];
+
+ programs.mosh.enable = true;
+ users.users.chat = {
+ isNormalUser = true;
+ home = "/home/chat";
+ shell = pkgs.fish;
+ packages = with pkgs; [
+ fish tmux weechat
+ ];
+ };
+ home-manager.users.chat = _: {
+ programs.tmux = {
+ enable = true;
+ terminal = "screen-256color";
+ };
+ home.stateVersion = "22.11";
+ };
+ services.openssh = {
+ extraConfig = ''
+ Match user chat
+ ForceCommand ${pkgs.writeScript "logon-weechat" ''
+ #!${pkgs.fish}/bin/fish
+ if test -n "$SSH_ORIGINAL_COMMAND"
+ # allow mosh to start its server
+ exec fish -c "$SSH_ORIGINAL_COMMAND"
+ else
+ tmux attach || tmux -c weechat
+ end
+ ''}
+ '';
+ };
+ users.users.chat.openssh.authorizedKeys.keys = [
+ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCTeuG1alKNNqoT2d5nUAlH0Otsk0NHM7nmkYC5Yfk8qcLsgY4v2dXlyrMzieajYgDjndEApgO3/S/V0EQGhvHc0UugC6LU84jHPwsgYVABRmFS74v/ww8NigaNIAevwWl+DxlnK4nnWdB1lo4xS69ooQdvoAjbubk16dP04LsAbH8Z+3cPB5WKAaayNx62DUwObzDSpztqCagCZzlqpwKG1UGJngrqEhk7B5Q0v9iCk91gqVkLSPllsB00+bqIimgkMVIZnoLLh7pcEgOvbG0yP2EG3ttDNN3jPpqE6mu+znfLq+ua/MwJy5hjmY5R54yPlcvFdsIU34jrdMCDvWqpV49VrLwVvkFN3lRZln/9eifkXXJciP4Ber3xEl8JltysV1PE5iJunWfbcOy0fwsYvBChDeyR5G3CLG2c25jKL9f1Iq95QBBMVYgIxq/dpGy0tjB+24w1JzsorvElsmz5etXLXCydLP07ic9PfSu1Wmwu7F0tweIk52x97sra6ePhtY+TTRffjjDz0DEho1bWDfrPV0xfPPAWXWTKYisVO4VVmMQsJbtXrfxUJbappM5vIXcJ+2JpT2Oh7Kiy3rjm+pd7rukgoCp7yN5z8v+2vuOfHqBuKUwlaRg/XNMyPrbnGGzVR1xzUuhwdOnjAyMmAr95Ne9hRBPwfVo2NR/ZZw=="
+ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEpWMKJrYaI9BRFCeVimQfHkg0THZJwLqh+z2fFxLU7q stuebinm@pixelimn"
+ ];
+}