starred/nix-config
1
0
Fork 0
mirror of https://github.com/ryan4yin/nix-config.git synced 2026-02-22 16:07:40 +01:00
Code Issues Packages Projects Releases 10 Wiki Activity
Files
47225fffbc4bbd32ae1c4280e1cccfd07762875c
nix-config/modules/base.nix

64 lines
2.2 KiB
Nix
Raw Blame History

{
vars_networking,
username,
userfullname,
nuenv,
...
} @ args: {
nixpkgs.overlays =
[
nuenv.overlays.default
]
++ (import ../overlays args);
users.users.${username} = {
description = userfullname;
# Public Keys that can be used to login to all my PCs, Macbooks, and servers.
#
# Since its authority is so large, we must strengthen its security:
# 1. The corresponding private key must be:
# 1. Generated locally on every trusted client via:
# ```bash
# # KDF: bcrypt with 256 rounds, takes 2s on Apple M2):
# # Passphrase: digits + letters + symbols, 12+ chars
# ssh-keygen -t ed25519 -a 256 -C "ryan@xxx" -f ~/.ssh/xxx`
# ```
# 2. Never leave the device and never sent over the network.
# 2. Or just use hardware security keys like Yubikey/CanoKey.
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIKlN+Q/GxvwxDX/OAjJHaNFEznEN4Tw4E4TwqQu/eD6 ryan@idols-ai"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPoa9uEI/gR5+klqTQwvCgD6CD5vT5iD9YCNx2xNrH3B ryan@fern"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPwZ9MdotnyhxIJrI4gmVshExHiZOx+FGFhcW7BaYkfR ryan@harmonica"
];
};
nix.settings = {
# enable flakes globally
experimental-features = ["nix-command" "flakes"];
# given the users in this list the right to specify additional substituters via:
# 1. `nixConfig.substituers` in `flake.nix`
# 2. command line args `--options substituers http://xxx`
trusted-users = [username];
# substituers that will be considered before the official ones(https://cache.nixos.org)
substituters = [
# cache mirror located in China
# status: https://mirror.sjtu.edu.cn/
# "https://mirror.sjtu.edu.cn/nix-channels/store"
# status: https://mirrors.ustc.edu.cn/status/
"https://mirrors.ustc.edu.cn/nix-channels/store"
"https://nix-community.cachix.org"
# my own cache server
"https://ryan4yin.cachix.org"
];
trusted-public-keys = [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"ryan4yin.cachix.org-1:Gbk27ZU5AYpGS9i3ssoLlwdvMIh0NxG0w8it/cv9kbU="
];
builders-use-substitutes = true;
};
}
Reference in New Issue View Git Blame Copy Permalink