From 3ec7bc623a720d4b958b12615fae34efcb3a260c Mon Sep 17 00:00:00 2001 From: stuebinm Date: Sun, 5 Mar 2023 22:47:21 +0100 Subject: fix things & make some others simpler, also ipv6 🎉 --- chaski/configuration.nix | 63 +++++++++++++++++------------------------------- chaski/services/chat.nix | 43 +++++++++++++++++++++++++++++++++ 2 files changed, 65 insertions(+), 41 deletions(-) create mode 100644 chaski/services/chat.nix (limited to 'chaski') diff --git a/chaski/configuration.nix b/chaski/configuration.nix index 2ecfe4c..658f55a 100644 --- a/chaski/configuration.nix +++ b/chaski/configuration.nix @@ -10,58 +10,39 @@ ./hardware-configuration.nix ./services/uplcg.nix ./services/tracktrain.nix + ./services/chat.nix ]; - networking.firewall.allowedTCPPorts = [ 80 443 ]; - - - users.users.chat = { - isNormalUser = true; - home = "/home/chat"; - shell = pkgs.fish; - packages = with pkgs; [ - fish tmux weechat - ]; - }; - services.openssh = { - extraConfig = '' - Match user chat - ForceCommand tmux attach || tmux - ''; - }; - programs.mosh.enable = true; - users.users.chat.openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCTeuG1alKNNqoT2d5nUAlH0Otsk0NHM7nmkYC5Yfk8qcLsgY4v2dXlyrMzieajYgDjndEApgO3/S/V0EQGhvHc0UugC6LU84jHPwsgYVABRmFS74v/ww8NigaNIAevwWl+DxlnK4nnWdB1lo4xS69ooQdvoAjbubk16dP04LsAbH8Z+3cPB5WKAaayNx62DUwObzDSpztqCagCZzlqpwKG1UGJngrqEhk7B5Q0v9iCk91gqVkLSPllsB00+bqIimgkMVIZnoLLh7pcEgOvbG0yP2EG3ttDNN3jPpqE6mu+znfLq+ua/MwJy5hjmY5R54yPlcvFdsIU34jrdMCDvWqpV49VrLwVvkFN3lRZln/9eifkXXJciP4Ber3xEl8JltysV1PE5iJunWfbcOy0fwsYvBChDeyR5G3CLG2c25jKL9f1Iq95QBBMVYgIxq/dpGy0tjB+24w1JzsorvElsmz5etXLXCydLP07ic9PfSu1Wmwu7F0tweIk52x97sra6ePhtY+TTRffjjDz0DEho1bWDfrPV0xfPPAWXWTKYisVO4VVmMQsJbtXrfxUJbappM5vIXcJ+2JpT2Oh7Kiy3rjm+pd7rukgoCp7yN5z8v+2vuOfHqBuKUwlaRg/XNMyPrbnGGzVR1xzUuhwdOnjAyMmAr95Ne9hRBPwfVo2NR/ZZw==" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEpWMKJrYaI9BRFCeVimQfHkg0THZJwLqh+z2fFxLU7q stuebinm@pixelimn" - ]; services.nginx.enable = true; - services.nginx.appendHttpConfig = '' - access_log off; - add_header Permissions-Policy "interest-cohort=()"; - ''; # Use the GRUB 2 boot loader. boot.loader.grub.enable = true; boot.loader.grub.version = 2; + boot.loader.grub.devices = [ "/dev/sda" ]; - networking.hostName = "chaski"; # Define your hostname. + networking = { + hostName = "chaski"; - # The global useDHCP flag is deprecated, therefore explicitly set to false here. - # Per-interface useDHCP will be mandatory in the future, so this generated config - # replicates the default behaviour. - networking.useDHCP = false; - networking.interfaces.ens10.useDHCP = true; - networking.interfaces.ens3.useDHCP = true; + enableIPv6 = true; + defaultGateway6 = { + address = "fe80::1"; + interface = "ens3"; + }; - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "20.09"; # Did you read the comment? + interfaces.ens3.ipv6.addresses = [ { + address = "2a01:4f9:c010:69ed::1"; + prefixLength = 64; + } ]; + + useDHCP = false; + interfaces.ens10.useDHCP = true; + interfaces.ens3.useDHCP = true; + + firewall.logRefusedConnections = false; + firewall.allowedTCPPorts = [ 80 443 ]; + }; - boot.loader.grub.devices = [ "/dev/sda" ]; + system.stateVersion = "20.09"; # Did you read the comment? } diff --git a/chaski/services/chat.nix b/chaski/services/chat.nix new file mode 100644 index 0000000..0771e19 --- /dev/null +++ b/chaski/services/chat.nix @@ -0,0 +1,43 @@ +{ config, lib, pkgs, inputs, ... }: + +# this defines an extra user, so i can run weechat in tmux +# (and not deal with having an irc relay) +{ + + imports = [ inputs.home-manager.nixosModule ]; + + programs.mosh.enable = true; + users.users.chat = { + isNormalUser = true; + home = "/home/chat"; + shell = pkgs.fish; + packages = with pkgs; [ + fish tmux weechat + ]; + }; + home-manager.users.chat = _: { + programs.tmux = { + enable = true; + terminal = "screen-256color"; + }; + home.stateVersion = "22.11"; + }; + services.openssh = { + extraConfig = '' + Match user chat + ForceCommand ${pkgs.writeScript "logon-weechat" '' + #!${pkgs.fish}/bin/fish + if test -n "$SSH_ORIGINAL_COMMAND" + # allow mosh to start its server + exec fish -c "$SSH_ORIGINAL_COMMAND" + else + tmux attach || tmux -c weechat + end + ''} + ''; + }; + users.users.chat.openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCTeuG1alKNNqoT2d5nUAlH0Otsk0NHM7nmkYC5Yfk8qcLsgY4v2dXlyrMzieajYgDjndEApgO3/S/V0EQGhvHc0UugC6LU84jHPwsgYVABRmFS74v/ww8NigaNIAevwWl+DxlnK4nnWdB1lo4xS69ooQdvoAjbubk16dP04LsAbH8Z+3cPB5WKAaayNx62DUwObzDSpztqCagCZzlqpwKG1UGJngrqEhk7B5Q0v9iCk91gqVkLSPllsB00+bqIimgkMVIZnoLLh7pcEgOvbG0yP2EG3ttDNN3jPpqE6mu+znfLq+ua/MwJy5hjmY5R54yPlcvFdsIU34jrdMCDvWqpV49VrLwVvkFN3lRZln/9eifkXXJciP4Ber3xEl8JltysV1PE5iJunWfbcOy0fwsYvBChDeyR5G3CLG2c25jKL9f1Iq95QBBMVYgIxq/dpGy0tjB+24w1JzsorvElsmz5etXLXCydLP07ic9PfSu1Wmwu7F0tweIk52x97sra6ePhtY+TTRffjjDz0DEho1bWDfrPV0xfPPAWXWTKYisVO4VVmMQsJbtXrfxUJbappM5vIXcJ+2JpT2Oh7Kiy3rjm+pd7rukgoCp7yN5z8v+2vuOfHqBuKUwlaRg/XNMyPrbnGGzVR1xzUuhwdOnjAyMmAr95Ne9hRBPwfVo2NR/ZZw==" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEpWMKJrYaI9BRFCeVimQfHkg0THZJwLqh+z2fFxLU7q stuebinm@pixelimn" + ]; +} -- cgit v1.2.3