diff options
Diffstat (limited to 'labsrv01/configuration.nix')
| -rw-r--r-- | labsrv01/configuration.nix | 135 |
1 files changed, 135 insertions, 0 deletions
diff --git a/labsrv01/configuration.nix b/labsrv01/configuration.nix new file mode 100644 index 0000000..cff0a7b --- /dev/null +++ b/labsrv01/configuration.nix @@ -0,0 +1,135 @@ +{ + modulesPath, + lib, + pkgs, + sops, + config, + ... +}@args: +{ + imports = [ + ./disk-config.nix + ]; + + nix = { + extraOptions = '' + experimental-features = ca-derivations nix-command flakes + ''; + settings = { + substituters = [ + "https://cache.nixos.org" + "https://cache.ngi0.nixos.org/" + ]; + trusted-public-keys = [ + "cache.ngi0.nixos.org-1:KqH5CBLNSyX184S9BKZJo1LxrxJ9ltnY2uAs5c/f1MA=" + ]; + }; + }; + + sops = { + defaultSopsFile = ./secrets.yaml; + age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; + age.generateKey = false; + + secrets = { + luks_passphrase = { }; + kj_hashed_password = { + neededForUsers = true; + }; + ssh_host_key_ed25519 = { }; + ssh_host_key_rsa = { }; + }; + }; + + boot.loader.systemd-boot.enable = true; + system.stateVersion = "25.11"; + swapDevices = [ + { + device = "/swap/swapfile"; + size = 32768; + } + ]; + + security.sudo.enable = true; + users.mutableUsers = false; + users.groups.kjtsanaktsidis = { }; + users.users = { + kjtsanaktsidis = { + createHome = true; + isNormalUser = true; + description = "KJ Tsanaktsidis"; + group = "kjtsanaktsidis"; + extraGroups = [ + "wheel" + "networkmanager" + ]; + shell = pkgs.zsh; + hashedPasswordFile = config.sops.secrets.kj_hashed_password.path; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAC/BtvW1c1RbBI8eeGo7oOH2y9byBaxWVDHsErgaE+s kjtsanaktsidis@KJMacbookGroq.local" + "ssh-ed25519 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHsyhMLrlNiffDrqz0s46hZF8IdR9/qX63TUyllK0LCA kj@KJ-PC" + ]; + }; + }; + + # Enable systemd-resolved for DNS + services.resolved = { + enable = true; + llmnr = "true"; + extraConfig = '' + MulticastDNS=yes + ''; + }; + networking.hostName = "labsrv01"; + networking.nameservers = [ "127.0.0.53" ]; + networking.networkmanager = { + enable = true; + dns = "systemd-resolved"; + # Enable mDNS on NetworkManager connections + connectionConfig = { + "connection.mdns" = "2"; # 2 = yes (resolve & register) + }; + }; + + services.openssh = { + enable = true; + hostKeys = [ + { + type = "ed25519"; + path = config.sops.secrets.ssh_host_key_ed25519.path; + } + { + type = "rsa"; + path = config.sops.secrets.ssh_host_key_rsa.path; + } + ]; + }; + + environment.systemPackages = with pkgs; []; + + # Enable zsh system-wide + programs.zsh.enable = true; + + # Disable Alt+Left/Right virtual terminal switching + console.keyMap = "us"; + + # Create systemd service to disable only Alt+Arrow VT switching + systemd.services.disable-alt-arrow-vt = { + description = "Disable Alt+Arrow VT switching"; + wantedBy = [ "multi-user.target" ]; + after = [ "systemd-vconsole-setup.service" ]; + script = '' + # Define string sequences for Alt+Arrow that generate proper terminal escape sequences + cat << 'EOF' | ${pkgs.kbd}/bin/loadkeys + string F200 = "\033[1;3D" + string F201 = "\033[1;3C" + alt keycode 105 = F200 + alt keycode 106 = F201 + EOF + ''; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + }; + }; +} |