gwg313/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

some updates

Browse source
This commit is contained in:
gwg313 2024-09-20 15:26:06 -04:00
parent db319ed5af
commit 6e8014e0b5
Signed by: gwg313
GPG key ID: 60FF63B4826B7400
13 changed files with 153 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

2
common/networking/default.nix
View file

@ -2,8 +2,10 @@
imports = [
./zerotier.nix
./firewall.nix
./wireless.nix
];
zerotier.enable = lib.mkDefault true;
firewall.enable = lib.mkDefault true;
wireless.enable = lib.mkDefault false;
}

44
common/networking/wireless.nix Normal file
View file

@ -0,0 +1,44 @@
{
config,
lib,
pkgs,
...
}: {
options = {
wireless.enable = lib.mkEnableOption "Enables Wifi and adds my networks";
};
config = lib.mkIf config.wireless.enable {
sops.secrets."wireless.env" = {};
networking.wireless.enable = true;
environment.systemPackages = with pkgs; [wpa_supplicant_gui];
networking.wireless.userControlled.enable = true;
networking.wireless.environmentFile = config.sops.secrets."wireless.env".path;
networking.wireless.networks = {
"@home_uuid@" = {
psk = "@home_psk@";
priority = 99;
};
"@school_uuid@" = {
auth = ''
key_mgmt=WPA-EAP
eap=PEAP
phase2="auth=MSCHAPV2"
identity="@school_identity@"
password="@school_password@"
'';
priority = 89;
};
"eduroam" = {
auth = ''
key_mgmt=WPA-EAP
eap=PEAP
phase2="auth=MSCHAPV2"
identity="@eduroam_identity@"
password="@school_password@"
'';
priority = 79;
};
};
};
}

6
common/nixos/laptop.nix
View file

@ -3,7 +3,10 @@
lib,
...
}: {
imports = [./bluetooth.nix];
imports = [
./bluetooth.nix
../networking/wireless.nix
];
options = {
laptop.enable = lib.mkEnableOption "Enables Laptop options";
};
@ -16,5 +19,6 @@
services.tlp.enable = true;
bluetooth.enable = true;
wireless.enable = true;
};
}

56
common/nixos/ssh/ssh.nix
View file

@ -58,7 +58,17 @@
PermitRootLogin = "no";
# nix enables pam by default
#UsePam = true;
# UsePAM = false;
# challenge-response authentication backend it not configured by default
# therefore, it is set to "no" by default to avoid the use of an unconfigured backend
ChallengeResponseAuthentication = false;
# set maximum authentication retries to prevent brute force attacks
MaxAuthTries = 3;
# disallow connecting using empty passwords
PermitEmptyPasswords = false;
########## Cryptography ##########
@ -66,9 +76,28 @@
# AES CTR modes have been removed to mitigate the Terrapin attack
# https://terrapin-attack.com/
Ciphers = ["aes256-gcm@openssh.com" "aes128-gcm@openssh.com"];
Macs = ["hmac-sha2-256-etm@openssh.com" "hmac-sha2-512-etm@openssh.com" "umac-128-etm@openssh.com"];
KexAlgorithms = ["curve25519-sha256" "curve25519-sha256@libssh.org" "diffie-hellman-group16-sha512" "diffie-hellman-group18-sha512"];
Ciphers = [
"aes256-gcm@openssh.com"
"aes128-gcm@openssh.com"
];
Macs = [
"hmac-sha2-256-etm@openssh.com"
"hmac-sha2-512-etm@openssh.com"
"umac-128-etm@openssh.com"
];
KexAlgorithms = [
"sntrup761x25519-sha512@openssh.com"
"curve25519-sha256"
"curve25519-sha256@libssh.org"
"diffie-hellman-group16-sha512"
"diffie-hellman-group18-sha512"
];
# hostKeyAlgorithms = [
# "rsa-sha2-512"
# "rsa-sha2-256"
# "ssh-ed25519"
# ];
########## Connection Preferences ##########
@ -97,7 +126,26 @@
# allow a maximum of two multiplexed sessions over a single TCP connection
MaxSessions = 2;
# let ClientAliveInterval handle keepalive
TCPKeepAlive = false;
# disable reverse DNS lookups
# UseDNS = false;
};
extraConfig = ''
########## Features ##########
# accept locale-related environment variables
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS
########## Connection Preferences ##########
# disable reverse DNS lookups
UseDNS no
'';
};
};
}

1
common/nixos/ssh/ssh_client.nix
View file

@ -34,6 +34,7 @@
"umac-128-etm@openssh.com"
];
kexAlgorithms = [
"sntrup761x25519-sha512@openssh.com"
"curve25519-sha256"
"curve25519-sha256@libssh.org"
"diffie-hellman-group16-sha512"

4
home-manager/modules/neovim/plugins/cmp.nix
View file

@ -40,7 +40,7 @@
cmp-nvim-lsp.enable = true;
cmp-nvim-lua.enable = true;
cmp_luasnip.enable = true;
cmp-path.enable = true;
# cmp-path.enable = true;
cmp-latex-symbols.enable = true;
cmp-buffer.enable = true;
cmp = {
@ -62,7 +62,7 @@
{name = "buffer";}
{name = "path";}
# { name = "path"; }
];
mapping = {

1
home-manager/modules/neovim/plugins/default.nix
View file

@ -34,5 +34,6 @@ _: {
./which-key.nix
./undotree.nix
./yazi.nix
./vimtex.nix
];
}

2
home-manager/modules/neovim/plugins/lsp.nix
View file

@ -74,6 +74,8 @@
pyright.enable = true;
hls.enable = true;
leanls.enable = true;
texlab.enable = true;
html.enable = true;
};
};
which-key.settings.spec = [

15
home-manager/modules/neovim/plugins/vimtex.nix Normal file
View file

@ -0,0 +1,15 @@
{...}: {
programs.nixvim = {
plugins.vimtex = {
enable = true;
settings = {
compiler_method = "latexrun";
toc_config = {
split_pos = "vert topleft";
split_width = 40;
};
view_method = "zathura";
};
};
};
}

18
home-manager/modules/tmux/tmux.nix
View file

@ -163,5 +163,23 @@
tksv = "tmux kill-server";
tkss = "tmux kill-session -t";
};
initExtra = ''
function sesh-sessions() {
{
exec </dev/tty
exec <&1
local session
session=$(sesh list -t -c | fzf --height 40% --reverse --border-label ' sesh ' --border --prompt ' ')
[[ -z "$session" ]] && return
sesh connect $session
}
}
zle -N sesh-sessions
bindkey -M emacs '\es' sesh-sessions
bindkey -M vicmd '\es' sesh-sessions
bindkey -M viins '\es' sesh-sessions
'';
};
}

8
home-manager/modules/zsh.nix
View file

@ -61,7 +61,10 @@
oh-my-zsh = {
enable = true;
plugins = ["git"];
plugins = [
"git"
"copyfile"
];
theme = "robbyrussell";
};
@ -69,7 +72,6 @@
size = 10000;
path = "${config.xdg.dataHome}/zsh/history";
};
initExtra = ''
'';
initExtra = '''';
};
}

3
hosts/candlekeep/configuration.nix
View file

@ -6,6 +6,7 @@
lib,
config,
user,
pkgs,
...
}: {
# You can import other NixOS modules here
@ -104,7 +105,7 @@
config.nix.registry;
networking.hostName = "candlekeep";
networking.networkmanager.enable = true;
# networking.networkmanager.enable = true;
users.users = {
gwg313 = {

7
secrets/secrets.yaml
View file

@ -1,4 +1,5 @@
restic_key: ENC[AES256_GCM,data:DzpWvFP5gyhrnLVIYgu9ouotWqkOAHehihSKf/TqJE+sHTD4vnIScfhzoKzdkoDoWfkcmQ==,iv:q83qNYuP/3mngvg+kUfOVToogL8VTvZ6HiGIztpnP/s=,tag:YNWwbma0HmPKqYCS1L5kQQ==,type:str]
wireless.env: ENC[AES256_GCM,data:LzvMh6lfM9pnS3joSK3SUqEZDfP+Qk7NQmROWny1XhvQ0SkihvlM40YgA4ZGtwcPO1OnrDy6Srfvy+fuOqqt1XEK6qIOSir6cODkGQbKBa1Ui347P28tw6hgEHM57EYTAfMMwaHTtglPAvN/7YvdMPMT+EwcoyCzj5efRR6pZ0FeLSOtzKeYwe4oaRX1MP+THooSzw+zuoGmU6x3Dq4E8hruFd2o0ug3OEj2r95LVmGnnUiiLxU8YhDd+PXXyz8T6fFdapN1,iv:pdXqMqiR3qEQG1LvXqXWB8vpM6d2/Curv4gvuLOOatI=,tag:7H2wST9Mx9C3RCsOeUD1Vw==,type:str]
sops:
kms: []
gcp_kms: []
@ -14,8 +15,8 @@ sops:
US9oa0pORXRVWWlyYlZZTGhXdTdOaWsKClqIK/YNJIIGFqOO0t4oni8dRTTXQniG
ioIwAOdEgE/n0vcYhHXxLxWlTeqGZF076g7EFfIqiSNqrDtacRnazg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-12-16T17:19:46Z"
mac: ENC[AES256_GCM,data:6nDxe2yQZswjX7LAry3DAfOpVUoQvZ52iIp8F7/Z1r69acXT2Eif/pEtyQ3KXBPl4ape15FrDyzpr0FW2Gmrj7vwITC2xBV68SmTuBp5Ou4QHftVpO6s4Y6ucXcdpkFx+UQ/lpkvNibrV+K6yPB7QfIP+sTpjhREJColwD7Meeo=,iv:WWpmoDXF6yiRsRase2O3HZwixxO9IPwkWLDPwlxNRdo=,tag:KPR5NreED05GK3uCHK5kXg==,type:str]
lastmodified: "2024-09-13T19:21:22Z"
mac: ENC[AES256_GCM,data:dzWc9v24u1tT8ZeVCXawKn3IovFxlfs6B8yrgzkn7rZGtZDN5iAwTStuZtRYW8tydNuY7KZa9dH/9+Eh7YW9iGsumzQ3ewCHCyg9kdBpC9yGGDkIw41mKG3aweFERtXfq0WWnqDHnr7ZGrtPfsEOxvMG+uKU7K3lslhlcyeQf+U=,iv:BNXwcKP5vOHxbKX8fD3lbEuzhuHqAI5qi8mXtleG6p4=,tag:7WPAxw8IfE+flxzAentE6Q==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1
version: 3.9.0