starred/nix-config-ryan4yin
1
0
Fork 0
mirror of https://github.com/ryan4yin/nix-config.git synced 2026-01-11 14:20:23 +01:00
Code Issues Packages Projects Releases 10 Wiki Activity
Files
f8a8ae8d13c008379c0e2bf7233334013c5cd732
nix-config-ryan4yin/modules/base.nix
Ryan Yin f8a8ae8d13 feat: update flake inputs, fix issues
2024-11-11 17:20:26 +08:00

111 lines
3.5 KiB
Nix
Raw Blame History

{
pkgs,
myvars,
nuenv,
...
} @ args: {
nixpkgs.overlays =
[
nuenv.overlays.default
]
++ (import ../overlays args);
# Add my private PKI's CA certificate to the system-wide trust store.
security.pki.certificateFiles = [
../certs/ecc-ca.crt
];
# auto upgrade nix to the unstable version
# https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/tools/package-management/nix/default.nix#L284
nix.package = pkgs.nixVersions.latest;
environment.systemPackages = with pkgs; [
git # used by nix flakes
git-lfs # used by huggingface models
# archives
zip
xz
zstd
unzipNLS
p7zip
# Text Processing
# Docs: https://github.com/learnbyexample/Command-line-text-processing
gnugrep # GNU grep, provides `grep`/`egrep`/`fgrep`
gnused # GNU sed, very powerful(mainly for replacing text in files)
gawk # GNU awk, a pattern scanning and processing language
jq # A lightweight and flexible command-line JSON processor
# networking tools
mtr # A network diagnostic tool
iperf3
dnsutils # `dig` + `nslookup`
ldns # replacement of `dig`, it provide the command `drill`
wget
curl
aria2 # A lightweight multi-protocol & multi-source command-line download utility
socat # replacement of openbsd-netcat
nmap # A utility for network discovery and security auditing
ipcalc # it is a calculator for the IPv4/v6 addresses
# misc
file
findutils
which
tree
gnutar
rsync
];
users.users.${myvars.username} = {
description = myvars.userfullname;
# Public Keys that can be used to login to all my PCs, Macbooks, and servers.
#
# Since its authority is so large, we must strengthen its security:
# 1. The corresponding private key must be:
# 1. Generated locally on every trusted client via:
# ```bash
# # KDF: bcrypt with 256 rounds, takes 2s on Apple M2):
# # Passphrase: digits + letters + symbols, 12+ chars
# ssh-keygen -t ed25519 -a 256 -C "ryan@xxx" -f ~/.ssh/xxx`
# ```
# 2. Never leave the device and never sent over the network.
# 2. Or just use hardware security keys like Yubikey/CanoKey.
openssh.authorizedKeys.keys = myvars.sshAuthorizedKeys;
};
nix.settings = {
# enable flakes globally
experimental-features = ["nix-command" "flakes"];
# given the users in this list the right to specify additional substituters via:
# 1. `nixConfig.substituers` in `flake.nix`
# 2. command line args `--options substituers http://xxx`
trusted-users = [myvars.username];
# substituers that will be considered before the official ones(https://cache.nixos.org)
substituters = [
# cache mirror located in China
# status: https://mirrors.ustc.edu.cn/status/
"https://mirrors.ustc.edu.cn/nix-channels/store"
"https://mirrors.tuna.tsinghua.edu.cn/nix-channels/store"
# status: https://mirror.sjtu.edu.cn/
"https://mirror.sjtu.edu.cn/nix-channels/store"
"https://nix-community.cachix.org"
# my own cache server
"https://ryan4yin.cachix.org"
# cuda-maintainer's cache server
"https://cuda-maintainers.cachix.org"
];
trusted-public-keys = [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"ryan4yin.cachix.org-1:Gbk27ZU5AYpGS9i3ssoLlwdvMIh0NxG0w8it/cv9kbU="
"cuda-maintainers.cachix.org-1:0dq3bujKpuEPMCX6U4WylrUDZ9JyUG0VpVZa7CNfq5E="
];
builders-use-substitutes = true;
};
}
Reference in New Issue View Git Blame Copy Permalink