e9df3608e1
I primarily use GitHub for most of these preexisting repositories, but they should be properly replicated on edwin in case I want to stop. Pushing the respective refs manually is cumbersome and error prone, so let's automate it. The repositories are basically chowned to git:git currently and `git fetch <remote> 'refs/*:refs/*' --prune` is execute regularly to update the repository. In the future I could contemplate doing it the other way round – using edwin as upstream and using `git push --mirror` to update the GitHub repositories. Change-Id: Icb8a11223c0b4d3c8ce9a2da7fb2b4d4df4887f8 Reviewed-on: https://cl.tvl.fyi/c/depot/+/7486 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>
88 lines
2 KiB
Nix
88 lines
2 KiB
Nix
{ config, lib, pkgs, depot, ... }:
|
|
|
|
{
|
|
imports = [
|
|
# Third party modules we use
|
|
"${depot.third_party.agenix.src}/modules/age.nix"
|
|
# These modules touch things related to booting (filesystems, initrd network…)
|
|
./hardware.nix
|
|
./network.nix
|
|
# These modules configure services, websites etc.
|
|
../../modules/disk-checkup.nix
|
|
./minecraft.nix
|
|
./gopher.nix
|
|
./http/sterni.lv.nix
|
|
./http/code.sterni.lv.nix
|
|
./http/flipdot.openlab-augsburg.de.nix
|
|
./http/likely-music.sterni.lv.nix
|
|
];
|
|
|
|
config = {
|
|
time.timeZone = "Europe/Berlin";
|
|
|
|
nixpkgs.config.allowUnfreeRedistributable = true;
|
|
nix = {
|
|
package = pkgs.nix_2_3;
|
|
settings = {
|
|
trusted-public-keys = lib.mkAfter [
|
|
"headcounter.org:/7YANMvnQnyvcVB6rgFTdb8p5LG1OTXaO+21CaOSBzg="
|
|
];
|
|
substituters = lib.mkAfter [
|
|
"https://hydra.build"
|
|
];
|
|
};
|
|
};
|
|
tvl.cache.enable = true;
|
|
|
|
services = {
|
|
journald.extraConfig = ''
|
|
SystemMaxUse=1024M
|
|
'';
|
|
|
|
openssh.enable = true;
|
|
};
|
|
|
|
security.acme = {
|
|
defaults.email = builtins.getAttr "email" (
|
|
builtins.head (
|
|
builtins.filter (attrs: attrs.username == "sterni") depot.ops.users
|
|
)
|
|
);
|
|
acceptTerms = true;
|
|
};
|
|
|
|
programs = {
|
|
fish.enable = true;
|
|
mosh.enable = true;
|
|
tmux.enable = true;
|
|
};
|
|
|
|
environment.systemPackages = [
|
|
pkgs.weechat
|
|
pkgs.wget
|
|
pkgs.git
|
|
pkgs.stow
|
|
pkgs.htop
|
|
pkgs.foot.terminfo
|
|
pkgs.vim
|
|
];
|
|
|
|
users = {
|
|
users = {
|
|
root.openssh.authorizedKeys.keys = depot.users.sterni.keys.all;
|
|
lukas = {
|
|
isNormalUser = true;
|
|
extraGroups = [ "wheel" "http" "git" ];
|
|
openssh.authorizedKeys.keys = depot.users.sterni.keys.all;
|
|
shell = "${pkgs.fish}/bin/fish";
|
|
};
|
|
};
|
|
};
|
|
|
|
nix.settings.trusted-users = [
|
|
"lukas"
|
|
];
|
|
|
|
system.stateVersion = "20.09";
|
|
};
|
|
}
|