diff options
Diffstat (limited to 'sys/preset/user.nix')
| -rw-r--r-- | sys/preset/user.nix | 107 |
1 files changed, 107 insertions, 0 deletions
diff --git a/sys/preset/user.nix b/sys/preset/user.nix new file mode 100644 index 0000000..ff939f8 --- /dev/null +++ b/sys/preset/user.nix @@ -0,0 +1,107 @@ +{ + config, + lib, + pkgs, + ... +}: let + inherit (lib) mkDefault; + cfg = config.local.preset.user; +in { + options.local.preset.user = { + enable = lib.mkEnableOption "user-like preset"; + + kdeconnect = { + self6 = lib.mkOption { + type = lib.types.str; + }; + + peers6 = lib.mkOption { + type = with lib.types; listOf str; + default = []; + }; + }; + }; + + config = lib.mkIf cfg.enable { + local = { + installUsers = mkDefault "single"; + + auth = { + oath.enable = mkDefault true; + + openssh = { + enable = mkDefault true; + + hostKeys = { + rsa = mkDefault true; + ecdsa = mkDefault true; + ed25519 = mkDefault true; + }; + }; + }; + + boot = { + kernel = mkDefault pkgs.linuxPackages_latest; + loader = mkDefault "grub"; + + efi = { + enable = mkDefault true; + removable = mkDefault false; + }; + + firmware.mode = mkDefault "redistributable"; + detachedLuks.enable = mkDefault true; + + stack.btrfsToplevelMultidrive = { + enable = mkDefault true; + + toplevel.root = mkDefault "/root"; + secondary.home = mkDefault "/home"; + }; + }; + + hardware = { + yubico = { + enable = mkDefault true; + pamAuth = mkDefault true; + }; + + bluetooth.enable = mkDefault true; + }; + + net.enable = true; + + seat = { + enable = true; + graphical = mkDefault true; + }; + + #trivionomiconMotd.enable = true; + + athena-bccr = { + mirror = "https://public.posixlycorrect.com/dist/firma_digital"; + vendor = "athena"; + }; + }; + + networking = { + firewall.extraCommands = let + inherit (cfg.kdeconnect) self6; + + peerRules = peer6: '' + ip6tables -A local-input -s ${peer6} -d ${self6} -p tcp -m multiport --dports 1714:1764 -j ACCEPT + ip6tables -A local-input -s ${peer6} -d ${self6} -p udp -m multiport --dports 1714:1764 -j ACCEPT + ''; + in + lib.concatStrings (map peerRules cfg.kdeconnect.peers6); + }; + + services.nullmailer = { + enable = mkDefault true; + + config = { + me = "${config.networking.hostName}@${config.networking.domain}"; + }; + }; + }; +} |