etorres/nixos
1
0
Fork 0
Code Issues 4 Pull Requests Actions Packages Projects Releases Wiki Activity

base/base.nix: allow setting of ssh keys using an option

Browse Source
This commit is contained in:
Eric Torres
2025-07-07 23:12:45 -07:00
parent a265777138
commit 30e1a3837b
1 changed files with 86 additions and 82 deletions
Download Patch File Download Diff File Expand all files Collapse all files

168
base/base.nix
View File

@@ -3,104 +3,108 @@
with lib;
let
cfg = config.base;
let cfg = config.base;
in {
options.base = {
userSSHKeys = mkOption {
type = types.listOf types.str;
default = [];
description = "List of SSH keys to grant to the primary user";
example = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILiUy2yjIkdryH7pYMdkCNryy9gceqXJ7bhtMvvpPBIk etorres@xenon";
type = types.listOf types.str;
default = [ ];
description = "List of SSH keys to grant to the primary user";
example =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILiUy2yjIkdryH7pYMdkCNryy9gceqXJ7bhtMvvpPBIk etorres@xenon";
};
};
imports = [ ./grafana-alloy.nix ./network.nix ./qemu.nix ./spice.nix ];
time.timeZone = "Etc/UTC";
config = {
i18n.defaultLocale = "en_US.UTF-8";
console = {
font = "Lat2-Terminus16";
useXkbConfig = true;
};
time.timeZone = "Etc/UTC";
environment.variables = { PAGER = "nvimpager"; };
i18n.defaultLocale = "en_US.UTF-8";
console = {
font = "Lat2-Terminus16";
useXkbConfig = true;
};
# Maintenance
nix.gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 14d";
};
environment.variables = { PAGER = "nvimpager"; };
nix.settings = {
auto-optimise-store = true;
cores = 2;
max-jobs = 2;
};
# Maintenance
nix.gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 14d";
};
users.users.etorres = {
isNormalUser = true;
extraGroups = [ "wheel" ];
packages = with pkgs; [
compose2nix
curl
fd
fzf
git
neovim
nixfmt-rfc-style
nvimpager
ripgrep
safe-rm
stow
tmux
tree
wget
zsh
nix.settings = {
auto-optimise-store = true;
cores = 2;
max-jobs = 2;
};
users.users.etorres = {
isNormalUser = true;
extraGroups = [ "wheel" ];
packages = with pkgs; [
compose2nix
curl
fd
fzf
git
neovim
nixfmt-rfc-style
nvimpager
ripgrep
safe-rm
stow
tmux
tree
wget
zsh
];
shell = pkgs.zsh;
openssh.authorizedKeys.keys = cfg.userSSHKeys;
};
programs.neovim = {
enable = true;
defaultEditor = true;
};
programs.zsh = {
enable = true;
enableCompletion = true;
autosuggestions.enable = true;
};
security.sudo = {
enable = true;
extraConfig = ''
Defaults env_keep += "EDITOR"
Defaults pwfeedback
'';
};
environment.systemPackages = with pkgs; [
borgbackup
borgmatic
grafana-alloy
python3 # For Ansible
];
shell = pkgs.zsh;
# ========== Services ==========
services.openssh = {
enable = true;
settings.PasswordAuthentication = false;
settings.PermitRootLogin = "no";
};
openssh.authorizedKeys.keys = cfg.userSSHKeys;
services.xserver.enable = false;
# /run/current-system/configuration.nix
system.copySystemConfiguration = true;
};
programs.neovim = {
enable = true;
defaultEditor = true;
};
programs.zsh = {
enable = true;
enableCompletion = true;
autosuggestions.enable = true;
};
security.sudo = {
enable = true;
extraConfig = ''
Defaults env_keep += "EDITOR"
Defaults pwfeedback
'';
};
environment.systemPackages = with pkgs; [
borgbackup
borgmatic
grafana-alloy
python3 # For Ansible
];
# ========== Services ==========
services.openssh = {
enable = true;
settings.PasswordAuthentication = false;
settings.PermitRootLogin = "no";
};
services.xserver.enable = false;
# /run/current-system/configuration.nix
system.copySystemConfiguration = true;
}