58 lines
1.5 KiB
Nix
Executable file
58 lines
1.5 KiB
Nix
Executable file
{ config, lib, pkgs, ... }:
|
|
|
|
{
|
|
environment = {
|
|
# As of the 1st of May 2023, the default packages are nano, perl, rsync and strace
|
|
# I don't need any of them, so I just empty the list
|
|
defaultPackages = [];
|
|
variables = {
|
|
# Environment variables go here
|
|
EDITOR = "micro";
|
|
};
|
|
};
|
|
|
|
# Set up /tmp
|
|
boot.tmp = {
|
|
useTmpfs = lib.mkDefault true;
|
|
# Cleaning out /tmp at boot if it's a tmpfs is quite stupid
|
|
cleanOnBoot = !config.boot.tmp.useTmpfs;
|
|
};
|
|
|
|
# Set up secrets
|
|
age = {
|
|
identityPaths = [
|
|
"/etc/ssh/ssh_host_rsa_key"
|
|
"/etc/ssh/ssh_host_ed25519_key"
|
|
# This key has a passcode, so if you need to use it you'll have to
|
|
# enter the password A LOT of times. Only on the first setup tho
|
|
"/tmp/id_ed25519_bootstrap"
|
|
];
|
|
# Copy (NOT SYMLINK) host ssh keys into place
|
|
secrets = {
|
|
"ed25519" = {
|
|
symlink = false;
|
|
file = ../../secrets/${config.networking.hostName}/host-key-ed25519;
|
|
path = "/etc/ssh/ssh_host_ed25519_key";
|
|
};
|
|
"rsa" = {
|
|
symlink = false;
|
|
file = ../../secrets/${config.networking.hostName}/host-key-rsa;
|
|
path= "/etc/ssh/ssh_host_rsa_key";
|
|
};
|
|
"ed25519-public" = {
|
|
symlink = false;
|
|
file = ../../secrets/${config.networking.hostName}/host-key-ed25519-public;
|
|
path = "/etc/ssh/ssh_host_ed25519_key.pub";
|
|
mode = "0644";
|
|
};
|
|
"rsa-public" = {
|
|
symlink = false;
|
|
file = ../../secrets/${config.networking.hostName}/host-key-rsa-public;
|
|
path = "/etc/ssh/ssh_host_rsa_key.pub";
|
|
mode = "0644";
|
|
};
|
|
};
|
|
};
|
|
|
|
system.stateVersion = "23.05";
|
|
}
|