diff --git a/hosts/main-homelab/configuration.nix b/hosts/main-homelab/configuration.nix index bde23ea..838f6d9 100644 --- a/hosts/main-homelab/configuration.nix +++ b/hosts/main-homelab/configuration.nix @@ -1,13 +1,26 @@ -{ pkgs, ... }: { +{ pkgs, lib, ... }: { imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix + ../../nixosModules/default.nix ]; - - programs.gnupg.agent = { - enable = true; - enableSSHSupport = true; + + settings = { + users.veneficium.enable = lib.mkForce true; + + programs.gnupg.enable = lib.mkForce true; + programs.gnupg.ssh = lib.mkForce true; + + services = { + pam = { + enable = lib.mkForce true; + sshd.useGoogleAuth = lib.mkForce true; + sshd.gnupg = lib.mkForce true; + }; + openssh.enable = lib.mkForce true; + openssh.usePAM = lib.mkForce true; + }; }; boot.kernelPackages = pkgs.linuxPackages_latest; @@ -18,50 +31,6 @@ networking.networkmanager.enable = true; - services.openssh = { - enable = true; - ports = [ 12342 ]; - settings = { - PasswordAuthentication = true; - AllowUsers = null; - UsePAM = true; - X11Forwarding = false; - PermitRootLogin = "prohibit-password"; # "yes", "without-password", "prohibit-password", "forced-commands-only", "no" - }; - }; - - security.pam = { - services.sshd = { - name = "sshd"; - unixAuth = true; - googleAuthenticator.enable = true; - gnupg.enable = true; - }; - }; - - time.timeZone = "Europe/Rome"; - - i18n.defaultLocale = "en_US.UTF-8"; - - i18n.extraLocaleSettings = { - LC_ADDRESS = "it_IT.UTF-8"; - LC_IDENTIFICATION = "it_IT.UTF-8"; - LC_MEASUREMENT = "it_IT.UTF-8"; - LC_MONETARY = "it_IT.UTF-8"; - LC_NAME = "it_IT.UTF-8"; - LC_NUMERIC = "it_IT.UTF-8"; - LC_PAPER = "it_IT.UTF-8"; - LC_TELEPHONE = "it_IT.UTF-8"; - LC_TIME = "it_IT.UTF-8"; - }; - - services.xserver.xkb = { - layout = "it"; - variant = ""; - }; - - console.keyMap = "it"; - environment.systemPackages = with pkgs; [ nano lshw @@ -73,14 +42,6 @@ google-authenticator ]; - users.users.veneficium = { - isNormalUser = true; - description = "Veneficium"; - extraGroups = [ "networkmanager" "wheel" ]; - packages = with pkgs; []; - }; - - programs.zsh.enable = true; # Allow unfree packages diff --git a/hosts/main-laptop/configuration.nix b/hosts/main-laptop/configuration.nix index aaea5d9..14355b1 100644 --- a/hosts/main-laptop/configuration.nix +++ b/hosts/main-laptop/configuration.nix @@ -7,15 +7,13 @@ ../../nixosModules/default.nix ]; - #todo gnupg - programs.gnupg.agent = { - enable = true; - enableSSHSupport = true; - }; - settings = { + users.fedfer.enable = lib.mkForce true; + programs.docker.enable = lib.mkForce true; programs.tailscale.enable = lib.mkForce true; + programs.gnupg.enable = lib.mkForce true; + programs.gnupg.ssh = lib.mkForce true; drivers = { printer.M2020.enable = lib.mkForce true; diff --git a/nixosModules/default.nix b/nixosModules/default.nix index 4c0a3dd..d2026c0 100644 --- a/nixosModules/default.nix +++ b/nixosModules/default.nix @@ -1,7 +1,8 @@ { lib, ... }: { imports = [ - ./fedfer.nix + ./users/fedfer.nix + ./users/veneficium.nix ./drivers/samsung-printer.nix ./drivers/ipod.nix @@ -16,16 +17,24 @@ ./services/fstrim.nix ./services/tlp.nix ./services/switcheroo.nix + ./services/pam.nix + ./services/openssh.nix ./programs/docker.nix ./programs/tailscale.nix ./programs/powertop.nix + ./programs/gnupg.nix ]; settings = { + users.fedfer.enable = lib.mkDefault false; + users.veneficium.enable = lib.mkDefault false; + programs.docker.enable = lib.mkDefault false; programs.tailscale.enable = lib.mkDefault false; programs.powertop.enable = lib.mkDefault true; + programs.gnupg.enable = lib.mkDefault true; + programs.gnupg.ssh = lib.mkDefault true; drivers = { printer.M2020.enable = lib.mkDefault false; @@ -38,6 +47,7 @@ sync = lib.mkDefault false; offload = lib.mkDefault true; }; + amd.enable = lib.mkDefault false; }; }; @@ -48,6 +58,13 @@ fstrim.enable = lib.mkDefault true; tlp.enable = lib.mkDefault false; switcheroo.enable = lib.mkDefault false; + pam = { + enable = lib.mkDefault false; + sshd.useGoogleAuth = lib.mkDefault false; + sshd.gnupg = lib.mkDefault false; + }; + openssh.enable = lib.mkDefault false; + openssh.usePAM = lib.mkDefault false; }; gnome.enable = lib.mkDefault false; diff --git a/nixosModules/fedfer.nix b/nixosModules/fedfer.nix deleted file mode 100644 index 78d2c2d..0000000 --- a/nixosModules/fedfer.nix +++ /dev/null @@ -1,9 +0,0 @@ -#need to move stuff to home-manager -{ pkgs, ... }: { - users.users.fedfer = { - isNormalUser = true; - description = "FedFer"; - extraGroups = [ "networkmanager" "wheel" ]; - shell = pkgs.zsh; - }; -} diff --git a/nixosModules/programs/gnupg.nix b/nixosModules/programs/gnupg.nix new file mode 100644 index 0000000..27b851c --- /dev/null +++ b/nixosModules/programs/gnupg.nix @@ -0,0 +1,11 @@ +{ config, lib, ... }: { + options.settings = { + programs.gnupg.enable = lib.mkEnableOption "enable gnuPG"; + programs.gnupg.ssh = lib.mkEnableOption "enable gnuPG ssh integration"; + }; + + programs.gnupg.agent = lib.mkIf config.settings.programs.gnupg.enable { + enable = true; + enableSSHSupport = config.settings.programs.gnupg.ssh; + }; +} \ No newline at end of file diff --git a/nixosModules/services/openssh.nix b/nixosModules/services/openssh.nix new file mode 100644 index 0000000..d012ff2 --- /dev/null +++ b/nixosModules/services/openssh.nix @@ -0,0 +1,22 @@ +{ config, lib, ... }: { + options.settings = { + services.openssh.enable = lib.mkEnableOption "enable openSSH"; + services.openssh.usePAM = lib.mkEnableOption "use PAM for ssh authentication"; + }; + + +#further move these options into settings + config = lib.mkIf config.settings.services.openssh.enable { + services.openssh = { + enable = true; + ports = [ 12342 ]; + settings = { + UsePAM = config.settings.services.openssh.usePAM; + PasswordAuthentication = true; + AllowUsers = null; + X11Forwarding = false; + PermitRootLogin = "prohibit-password"; + }; + }; + }; +} \ No newline at end of file diff --git a/nixosModules/services/pam.nix b/nixosModules/services/pam.nix new file mode 100644 index 0000000..c95c403 --- /dev/null +++ b/nixosModules/services/pam.nix @@ -0,0 +1,16 @@ +{ config, lib, ... }: { + options.settings = { + services.pam.enable = lib.mkEnableOption "enables PAM"; + services.pam.sshd.useGoogleAuth = lib.mkEnableOption "use pam_google_authenticator.so module"; + services.pam.sshd.gnupg = lib.mkEnableOption "enable gnuPG integration"; + }; + + security.pam = lib.mkIf config.settings.services.pam.enable { + services.sshd = { + name = "sshd"; + unixAuth = true; + googleAuthenticator.enable = config.settings.services.pam.sshd.useGoogleAuth; + gnupg.enable = config.settings.services.pam.sshd.gnupg; + }; + }; +} \ No newline at end of file diff --git a/nixosModules/users/fedfer.nix b/nixosModules/users/fedfer.nix new file mode 100644 index 0000000..0794312 --- /dev/null +++ b/nixosModules/users/fedfer.nix @@ -0,0 +1,13 @@ +#need to move stuff to home-manager +{ pkgs, config, lib, ... }: { + options.settings = { + users.fedfer.enable = lib.mkEnableOption "enables user FedFer"; + }; + + users.users.fedfer = lib.mkIf config.settings.users.fedfer.enable { + isNormalUser = true; + description = "FedFer"; + extraGroups = [ "networkmanager" "wheel" ]; + shell = pkgs.zsh; + }; +} diff --git a/nixosModules/users/veneficium.nix b/nixosModules/users/veneficium.nix new file mode 100644 index 0000000..9096813 --- /dev/null +++ b/nixosModules/users/veneficium.nix @@ -0,0 +1,11 @@ +{ config, lib, ... }: { + options.settings = { + users.veneficium.enable = lib.mkEnableOption "enables user Veneficium"; + }; + + users.users.veneficium = lib.mkIf config.settings.users.veneficium.enable { + isNormalUser = true; + description = "Veneficium"; + extraGroups = [ "networkmanager" "wheel" ]; + }; +} \ No newline at end of file