summaryrefslogtreecommitdiff
path: root/ullr.nix
blob: 71c5ee23d3fea02eb17bc0f45c8255ec0992d93c (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
{ config, pkgs, ... }:

{
  imports =
    [ # Include the results of the hardware scan.
      ./ullr/hw.nix
      ./nixpkgs.nix
      ./users.nix
      ./utils/nix/module.nix
    ];

  # Use the GRUB 2 boot loader.
  boot.loader.grub.enable = true;
  boot.loader.grub.version = 2;
  boot.loader.grub.device = "/dev/sda";

  # The global useDHCP flag is deprecated, therefore explicitly set to false here.
  # Per-interface useDHCP will be mandatory in the future, so this generated config
  # replicates the default behaviour.
  networking = {
    domain = "yggdrasil.li";
    hostName = "ullr";

    useDHCP = false;
    enableIPv6 = true;

    firewall = {
      enable = true;
      allowPing = true;
      allowedTCPPorts = [ 22 # ssh
                        ];
      allowedUDPPortRanges = [ { from = 60000; to = 61000; } # mosh
                             ];
    };

    interfaces.ens3 = {
      useDHCP = true;
      ipv6.addresses = [
        { address = "2a03:4000:15:93d::";
          prefixLength = 64;
        }
      ];
    };
  };

  # Set your time zone.
  time.timeZone = "Europe/Berlin";

  environment.systemPackages = with pkgs; [
    git mosh rsync tmux zsh
    rebuild-system
  ];

  users.extraUsers.root = let
    template = (import users/gkleen.nix);
    in {
        inherit (template) shell;
        openssh.authorizedKeys.keyFiles = template.openssh.authorizedKeys.keyFiles;
      };

  # Enable the OpenSSH daemon.
  services.openssh = {
    enable = true;
    passwordAuthentication = false;
    challengeResponseAuthentication = false;
    extraConfig = ''
      AllowGroups ssh
    '';
  };
  users.groups."ssh" = {
    members = ["root"];
  };

  services.factorio = {
    enable = true;
    package = pkgs.factorio-headless-experimental;
    autosave-interval = 10;
    game-name = "Ullr";
    public = true;
    username = "ndxsbvrt";
    token = builtins.readFile /etc/factorio-token;
    extraSettings = {
      admins = ["ndxsbvrt" "BoeseMilch"];
      only_admins_can_pause_the_game = false;
    };
    whitelist = ["ndxsbvrt" "BoeseMilch"];
    dynamicMods = true;
  };
  users.groups."games" = {};
  nixpkgs.config.allowUnfree = true;

  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave
  # this value at the release version of the first install of this system.
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
  system.stateVersion = "20.09";
}