Cloonar/nixos
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
nixos/hosts/dev/configuration.nix

107 lines
3.2 KiB
Nix
Raw Blame History

{ config, lib, pkgs, ... }:
let
projectsDir = "projects"; # Relative to /home/dominik
repositories = [
{ url = "gitea@git.cloonar.com:Cloonar/wohnservice-wien-typo3.git"; path = "cloonar/wohnservice-wien"; }
# Add repos here: { url = "git@..."; path = "relative/path"; }
];
cloneScript = pkgs.writeShellScript "clone-repos" ''
set -eu
export PATH="${pkgs.openssh}/bin:$PATH"
export GIT_SSH_COMMAND="${pkgs.openssh}/bin/ssh"
HOME_DIR="/home/dominik"
PROJECTS_DIR="$HOME_DIR/${projectsDir}"
mkdir -p "$PROJECTS_DIR"
chown dominik:users "$PROJECTS_DIR"
${lib.concatMapStrings (repo: ''
if [ ! -d "$PROJECTS_DIR/${repo.path}" ]; then
${pkgs.sudo}/bin/sudo -u dominik -E ${pkgs.git}/bin/git clone ${repo.url} "$PROJECTS_DIR/${repo.path}" || true
fi
'') repositories}
'';
in
{
imports = [
./modules/dev-tools.nix
];
networking.hostName = "dev";
networking.firewall = {
enable = true;
allowedTCPPorts = [ 22 80 443 ];
};
system.stateVersion = "22.05";
time.timeZone = "Europe/Vienna";
# User configuration
users.users.dominik = {
isNormalUser = true;
uid = 1000;
home = "/home/dominik";
extraGroups = [ "wheel" "docker" ];
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDN/2SAFm50kraB1fepAizox/QRXxB7WbqVbH+5OPalDT47VIJGNKOKhixQoqhABHxEoLxdf/C83wxlCVlPV9poLfDgVkA3Lyt5r3tSFQ6QjjOJAgchWamMsxxyGBedhKvhiEzcr/Lxytnoz3kjDG8fqQJwEpdqMmJoMUfyL2Rqp16u+FQ7d5aJtwO8EUqovhMaNO7rggjPpV/uMOg+tBxxmscliN7DLuP4EMTA/FwXVzcFNbOx3K9BdpMRAaSJt4SWcJO2cS2KHA5n/H+PQI7nz5KN3Yr/upJN5fROhi/SHvK39QOx12Pv7FCuWlc+oR68vLaoCKYhnkl3DnCfc7A7"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIRQuPqH5fdX3KEw7DXzWEdO3AlUn1oSmtJtHB71ICoH Generated By Termius"
];
};
users.groups.users = {};
services.openssh.enable = true;
programs.zsh.enable = true;
users.defaultUserShell = pkgs.zsh;
# Auto-attach to tmux on SSH login
environment.interactiveShellInit = ''
if [[ -n "$SSH_CONNECTION" ]] && [[ -z "$TMUX" ]]; then
tmux attach-session -t main 2>/dev/null || tmux new-session -s main
fi
'';
# Passwordless sudo for dominik
security.sudo.extraRules = [{
users = [ "dominik" ];
commands = [{
command = "ALL";
options = [ "NOPASSWD" ];
}];
}];
# Clone repos as dominik user on boot
systemd.services.clone-repos = {
description = "Clone configured git repositories";
after = [ "network-online.target" ];
wants = [ "network-online.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "oneshot";
ExecStart = cloneScript;
RemainAfterExit = true;
};
};
# Create ddev global config to bind on all interfaces (allows access from other devices)
systemd.services.ddev-config = {
description = "Create ddev global config";
after = [ "local-fs.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
User = "dominik";
Group = "users";
};
script = ''
mkdir -p /home/dominik/.ddev
if [ ! -f /home/dominik/.ddev/global_config.yaml ]; then
cat > /home/dominik/.ddev/global_config.yaml << 'EOF'
router_bind_all_interfaces: true
EOF
fi
'';
};
}
Reference in a new issue View git blame Copy permalink