2016-08-12 12:46:36 +02:00
{ config , lib , pkgs , . . . }:
let
inherit ( lib ) mkIf mkMerge mkThenElse ;
2017-04-24 23:22:11 +02:00
annuaire = config . r6d . machines ;
currentMachine = annuaire . " ${ config . networking . hostName } " ;
2017-05-31 00:23:10 +02:00
flags = currentMachine . configurationFlags ;
2016-08-12 12:46:36 +02:00
in
2016-04-23 12:43:24 +02:00
{
2016-06-09 16:26:01 +02:00
# Nombre de process d'installation en parrallèle effectués par Nix
nix . buildCores = 0 ;
# The NixOS release to be compatible with for stateful data such as databases.
2017-11-19 22:09:01 +01:00
system . stateVersion = " 1 8 . 0 3 " ;
2016-06-09 16:26:01 +02:00
2016-09-20 15:21:48 +02:00
# copies the NixOS configuration file (usually /etc/nixos/configuration.nix) and links it from the resulting system (getting to /run/current-system/configuration.nix)
system . copySystemConfiguration = true ;
2016-06-09 16:31:18 +02:00
# On autorise les paquets non-libres
nixpkgs . config . allowUnfree = true ;
2016-10-26 08:32:16 +02:00
# NixOS Hardening
2016-10-28 21:27:00 +02:00
#security.grsecurity.enable = true;
2016-10-26 08:32:16 +02:00
2016-08-12 12:46:36 +02:00
# Paquets
2016-04-23 12:43:24 +02:00
environment = {
shellAliases = {
byobu = " b y o b u - t m u x " ;
2016-10-25 19:52:45 +02:00
gpg = " g p g 2 " ;
2016-09-04 10:21:36 +02:00
jacques-a-dit = " s u d o " ;
2016-04-23 12:43:24 +02:00
tree = " t r e e - C " ;
tree1 = " t r e e - d - L 1 " ;
tree2 = " t r e e - d - L 2 " ;
tree3 = " t r e e - d - L 3 " ;
2016-12-22 00:01:23 +01:00
# https://gist.github.com/amitchhajer/4461043 : Count number of code lines in git repository per user
#git-loc = "git ls-files | while read f; do git blame --line-porcelain "${f}" | grep '^author '; done | sort -f | uniq -ic | sort -n";
2016-04-23 12:43:24 +02:00
grep = " g r e p - - c o l o r = a u t o " ;
vi = " v i m " ;
2017-02-27 23:38:21 +01:00
byobu-adminsys = " / e t c / n i x o s / b a s e / b y o b u - a d m i n s y s " ;
2016-04-23 12:43:24 +02:00
} ;
etc . gitconfig . text = builtins . readFile ./gitconfig ;
} ;
programs . bash = {
enableCompletion = true ;
promptInit = builtins . readFile ./bash-prompt.sh ;
interactiveShellInit = builtins . readFile ./bash-interactive-init.sh ;
} ;
2016-07-21 23:16:27 +02:00
# https://wiki.mozilla.org/Security/Guidelines/OpenSSH#Modern
programs . ssh . extraConfig = ''
# Ensure KnownHosts are unreadable if leaked - it is otherwise easier to know which hosts your keys have access to.
HashKnownHosts yes
# Host keys the client accepts - order here is honored by OpenSSH
HostKeyAlgorithms ssh-ed25519-cert-v01 @ openssh . com , ssh-rsa-cert-v01 @ openssh . com , ssh-ed25519 , ssh-rsa , ecdsa-sha2-nistp521-cert-v01 @ openssh . com , ecdsa-sha2-nistp384-cert-v01 @ openssh . com , ecdsa-sha2-nistp256-cert-v01 @ openssh . com , ecdsa-sha2-nistp521 , ecdsa-sha2-nistp384 , ecdsa-sha2-nistp256
KexAlgorithms curve25519-sha256 @ libssh . org , ecdh-sha2-nistp521 , ecdh-sha2-nistp256 , ecdh-sha2-nistp384 , diffie-hellman-group-exchange-sha256
MACs hmac-sha2-512-etm @ openssh . com , hmac-sha2-256-etm @ openssh . com , umac-128-etm @ openssh . com , hmac-sha2-512 , hmac-sha2-256 , umac-128 @ openssh . com
Ciphers chacha20-poly1305 @ openssh . com , aes256-gcm @ openssh . com , aes128-gcm @ openssh . com , aes256-ctr , aes192-ctr , aes128-ctr
'' ;
2016-04-23 12:43:24 +02:00
}
