Skip to content

Instantly share code, notes, and snippets.

@roblabla

roblabla/configuration.nix

Created January 12, 2016 22:44
Show Gist options
  • Save roblabla/8d1555ceb202eddb1b77 to your computer and use it in GitHub Desktop.
Save roblabla/8d1555ceb202eddb1b77 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
configuration.nix
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running ‘nixos-help’).
{ config, pkgs, ... }:
let
nixpkgs = import <nixpkgs> {};
hydra = nixpkgs.fetchgit {
url = https://github.com/NixOS/hydra;
rev = "29db16bc69d90b7bc851ed15c38dc7f7d1240637";
sha256 = "4d970136c4afe327219bcd3e440580405a7f4b1ae8e6657e18c5fe235239aeb1";
};
roblabla-pkgs-src = nixpkgs.fetchgit {
url = https://github.com/roblabla/roblabla_nixpkgs;
rev = "221eac3771b65c875b90690dcfb52b52ce2c5f8c";
sha256 = "604ed7742fd4ac6d906b58528312fc876e5fa97507b81c6b031f3dbdb4ab8acf";
};
matrix-synapse-head = pkgs.lib.overrideDerivation pkgs.matrix-synapse (oldAttrs: {
src = pkgs.fetchgit {
url = "https://github.com/matrix-org/synapse.git";
rev = "ea47760bd8cb73e86590eddfeafa9b32116f2c12";
sha256 = "b594e48ed5fa0773edced88406d5f57f31fe815231be252030f77397a6663589";
};
});
vector = (import roblabla-pkgs-src).vector;
in
{
require =
[
"${hydra}/hydra-module.nix"
"${roblabla-pkgs-src}/norminette-ci/service.nix"
];
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
];
# Use the GRUB 2 boot loader.
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
# Define on which hard drive you want to install Grub.
boot.loader.grub.device = "/dev/sda";
boot.kernelPackages = pkgs.linuxPackages_4_2;
# Used by the container to access the outside world.
networking.nat.enable = true;
networking.nat.internalInterfaces = ["ve-+"];
networking.nat.externalInterface = "enp1s0";
# networking.hostName = "nixos"; # Define your hostname.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# Select internationalisation properties.
i18n.consoleFont = "Lat2-Terminus16";
i18n.consoleKeyMap = "us";
i18n.defaultLocale = "en_US.UTF-8";
# Set your time zone.
time.timeZone = "Europe/Amsterdam";
# List packages installed in system profile. To search by name, run:
# $ nix-env -qaP | grep wget
environment.systemPackages = with pkgs; [
mosh
];
programs.zsh.enable = true;
# List services that you want to enable:
services.matrix-synapse.enable = true;
#services.matrix-synapse.no_tls = true;
services.matrix-synapse.tls_certificate_path = /var/lib/acme/matrix.cmc.im/fullchain.pem;
services.matrix-synapse.tls_private_key_path = /var/lib/acme/matrix.cmc.im/key.pem;
services.matrix-synapse.web_client = false;
services.matrix-synapse.server_name = "cmc.im";
services.matrix-synapse.registration_shared_secret = "redacted";
services.matrix-synapse.turn_uris = [ "bonjour.cmc.im" "thisisbetter" ];
services.matrix-synapse.package = matrix-synapse-head;
services.norminette-ci.enable = true;
services.norminette-ci.apikey = "redacted";
services.openssh.enable = true;
services.openssh.passwordAuthentication = false;
services.openssh.challengeResponseAuthentication = false;
# Containerize this - tried it, it crashes :(
services.openvpn.servers.vpn42 = {
config = ''
client
dev tun
proto tcp-client
remote 62.210.35.144 443
resolv-retry infinite
nobind
persist-key
persist-tun
ca /var/lib/containers/vpn/root/ca.crt
cert /var/lib/containers/vpn/root/rlambert.crt
key /var/lib/containers/vpn/root/rlambert.key
tls-client
tls-auth /var/lib/containers/vpn/root/ta.key 1
cipher AES-256-CBC
comp-lzo
route-method exe
route-delay 2
script-security 2
up /var/lib/containers/vpn/etc/openvpn/update-resolv-conf.sh
down /var/lib/containers/vpn/etc/openvpn/update-resolv-conf.sh
'';
};
services.murmur.enable = true;
services.openldap.enable = true;
services.openldap.extraConfig = ''
include ${pkgs.openldap}/etc/openldap/schema/core.schema
include ${pkgs.openldap}/etc/openldap/schema/cosine.schema
include ${pkgs.openldap}/etc/openldap/schema/inetorgperson.schema
include ${pkgs.openldap}/etc/openldap/schema/nis.schema
database config
rootdn "cn=admin,cn=config"
rootpw {SSHA}RS0SRNe2c90kqEgkJZ+7XGoCc3d94Mjm
'';
services.gitlab.enable = true;
services.gitlab.host = "cmc.im";
services.gitlab.databasePassword = "gitlab";
security.acme.certs."matrix.cmc.im" = {
webroot = "/var/www/challenges";
email = "[email protected]";
postRun = "systemctl reload nginx.service";
plugins = [ "account_key.json" "key.pem" "chain.pem" "fullchain.pem" ];
};
security.acme.certs."norminette.cmc.im" = {
webroot = "/var/www/challenges";
email = "[email protected]";
postRun = "systemctl reload nginx.service";
plugins = [ "account_key.json" "key.pem" "chain.pem" "fullchain.pem" ];
};
security.acme.certs."bethesound.ben.cmc.im" = {
webroot = "/var/www/challenges";
email = "[email protected]";
postRun = "systemctl reload nginx.service";
plugins = [ "account_key.json" "key.pem" "chain.pem" "fullchain.pem" ];
};
security.acme.certs."bethesound.co" = {
webroot = "/var/www/challenges";
email = "[email protected]";
postRun = "systemctl reload nginx.service";
extraDomains = {
"bethesound.rob.cmc.im" = null;
};
plugins = [ "account_key.json" "key.pem" "chain.pem" "fullchain.pem" ];
};
services.nginx.enable = true;
services.nginx.package = pkgs.nginxUnstable;
services.nginx.httpConfig = ''
access_log syslog:server=unix:/dev/log;
error_log syslog:server=unix:/dev/log;
# Default SSL config
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 1440m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
# Using list of ciphers from "Bulletproof SSL and TLS"
ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA256 ECDHE-ECDSA-AES256-SHA384 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-SHA ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES256-SHA384 DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA DHE-RSA-AES128-SHA256 DHE-RSA-AES256-SHA256 EDH-RSA-DES-CBC3-SHA";
server {
listen 80 default_server;
server_name localhost;
location / {
root ${pkgs.nginxUnstable}/html;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root ${pkgs.nginxUnstable}/html;
}
}
server {
listen 80;
listen [::]:80;
server_name hydra.cmc.im;
location / {
proxy_pass http://localhost:${toString config.services.hydra.port};
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
server {
listen 80;
listen [::]:80;
server_name gitlab.cmc.im;
location / {
proxy_pass http://localhost:${toString config.services.gitlab.port};
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
server {
listen 80;
listen [::]:80;
server_name dl.cmc.im;
location / {
autoindex on;
root /home/dl.cmc.im/http;
}
}
server {
listen 80;
listen [::]:80;
server_name matrix.cmc.im;
location /.well-known/acme-challenge {
root /var/www/challenges;
}
location / {
return 301 https://$server_name$request_uri;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name matrix.cmc.im;
ssl_certificate /var/lib/acme/matrix.cmc.im/fullchain.pem;
ssl_certificate_key /var/lib/acme/matrix.cmc.im/key.pem;
ssl_trusted_certificate /var/lib/acme/matrix.cmc.im/chain.pem;
ssl_stapling on;
ssl_stapling_verify on;
location /_matrix {
proxy_pass http://localhost:8008;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location / {
root ${vector}/vector;
}
}
server {
listen 80;
listen [::]:80;
server_name bethesound.cmc.im;
location / {
autoindex on;
root /home/roblabla/Dropbox/dev/src/js/bethesound-react;
# proxy_pass http://localhost:9008;
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection "upgrade";
}
}
server {
listen 80;
listen [::]:80;
server_name bethesound.co bethesound.rob.cmc.im;
location /.well-known/acme-challenge {
root /var/www/challenges;
}
location / {
return 301 https://$server_name$request_uri;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name bethesound.co bethesound.rob.cmc.im;
ssl_certificate /var/lib/acme/bethesound.co/fullchain.pem;
ssl_certificate_key /var/lib/acme/bethesound.co/key.pem;
ssl_trusted_certificate /var/lib/acme/bethesound.co/chain.pem;
ssl_stapling on;
ssl_stapling_verify on;
location / {
proxy_pass http://localhost:9008;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
server {
listen 80;
listen [::]:80;
server_name bethesound.ben2.cmc.im;
location / {
proxy_pass http://localhost:9010;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
server {
listen 80;
listen [::]:80;
server_name bethesound.ben.cmc.im;
location /.well-known/acme-challenge {
root /var/www/challenges;
}
location / {
return 301 https://$server_name$request_uri;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name bethesound.ben.cmc.im;
ssl_certificate /var/lib/acme/bethesound.ben.cmc.im/fullchain.pem;
ssl_certificate_key /var/lib/acme/bethesound.ben.cmc.im/key.pem;
ssl_trusted_certificate /var/lib/acme/bethesound.ben.cmc.im/chain.pem;
ssl_stapling on;
ssl_stapling_verify on;
location / {
#autoindex on;
#root /home/benjamin/bethesound;
proxy_pass http://localhost:9010;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
server {
listen 80;
listen [::]:80;
server_name norminette.cmc.im;
location /.well-known/acme-challenge {
root /var/www/challenges;
}
location / {
return 301 https://$server_name$request_uri;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name norminette.cmc.im;
ssl_certificate /var/lib/acme/norminette.cmc.im/fullchain.pem;
ssl_certificate_key /var/lib/acme/norminette.cmc.im/key.pem;
# ssl_trusted_certificate /var/lib/acme/norminette.cmc.im/chain.pem;
# ssl_stapling on;
# ssl_stapling_verify on;
location / {
proxy_pass http://localhost:9999;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
server {
listen 80;
listen [::]:80;
server_name 2016.cmc.im;
location / {
root /home/roblabla/Dropbox/dev/src/js/countdown-2016;
}
}
server {
listen 80;
listen [::]:80;
server_name game.cmc.im;
location / {
root /home/roblabla/rush01php;
index index.php index.html index.htm;
}
location ~* \.php$ {
root /home/roblabla/rush01php;
fastcgi_index index.php;
fastcgi_pass unix:/run/phpfpm/nginx;
include ${pkgs.nginxUnstable}/conf/fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
}
}
'';
services.phpfpm.poolConfigs.nginx = ''
listen = /run/phpfpm/nginx
listen.owner = 'nginx'
listen.group = 'nginx'
listen.mode = 0660
user = nginx
pm = dynamic
catch_workers_output = yes
pm.max_children = 75
pm.start_servers = 10
pm.min_spare_servers = 5
pm.max_spare_servers = 20
pm.max_requests = 500
php_flag[display_errors] = off
;php_admin_value[error_log] = "/run/phpfpm/php-fpm.log"
;php_admin_flag[log_errors] = on
php_value[date.timezone] = "UTC"
php_value[upload_max_filesize] = 10G
env[PATH] = /srv/www/bin:/var/setuid-wrappers:/srv/www/.nix-profile/bin:/srv/www/.nix-profile/sbin:/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin:/run/current-system/sw/bin/run/current-system/sw/sbin
'';
services.hydra.enable = true;
services.hydra.hydraURL = "http://hydra.cmc.im";
services.hydra.notificationSender = "[email protected]";
services.znc.enable = true;
services.znc.mutable = true;
programs.ssh.package = pkgs.openssh_with_kerberos;
programs.ssh.extraConfig = ''
Host *.42.fr
GSSAPIAuthentication yes
'';
krb5.enable = true;
krb5.defaultRealm = "42.FR";
krb5.domainRealm = "42.fr";
krb5.kdc = "kdc1.42.fr";
krb5.kerberosAdminServer = "kdc1.42.fr";
services.postgresql.enable = true;
# Enable CUPS to print documents.
# services.printing.enable = true;
# Enable the X11 windowing system.
services.xserver.enable = true;
# services.xserver.layout = "us";
# services.xserver.xkbOptions = "eurosign:e";
# Enable the KDE Desktop Environment.
# services.xserver.displayManager.kdm.enable = true;
# services.xserver.desktopManager.kde4.enable = true;
networking.firewall.allowPing = true;
networking.firewall.rejectPackets = true;
networking.firewall.extraCommands = "iptables -I INPUT 1 -s 85.25.217.213 -j DROP";
networking.firewall.allowedTCPPorts = [ 80 443 8448 8100 9000 9001 9002 9003 9004 9005 9006 9007 9008 9009 9010
9990 9991 9992 9993 9994 9995 9996 9997 9998 9999
25565
config.services.znc.confOptions.port
config.services.gitlab.port
config.services.murmur.port ];
networking.firewall.allowedUDPPorts = [ config.services.murmur.port ];
#users.ldap = true;
users.extraUsers.root.openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsVJ+pxXtQBt2BcWtLxldQR9A0YYPxuQswdaWZPrVC+PMfmSauFYeng0ytVgQY3xrQFhbI9DqxxgchmOJ9Wh3i1/8+6Oz0iyIMKbwMqLzuXC0O6hVjedZX9MX7hSZox0wf3wFfAArU3rE4EnuTqGgDo697Yfw6XfL8fr0Ry78JkH7NduF8m/2dSG2/pVEc08htu2uWjXIUuOZJ+z4VCFgNK6rvKyKh7bzanpmRVbTkzRhGFUJF8nL3FayqVr9sXLl/HDWXSufYWtUIX90TvTnLq1BD+ZFvY8bdWEALMF3UgLeklqSy4QDgddibQ+ru5zcTXgwTrOAOxsFcfOn9g5QD [email protected]"
""
];
users.extraUsers.root.extraGroups = [ "nginx" ];
# Define a user account. Don't forget to set a password with ‘passwd’.
users.extraUsers.dl_cmc_im = {
group = "nginx";
home = "/home/dl.cmc.im";
createHome = true;
};
users.extraUsers.roblabla = {
isNormalUser = true;
extraGroups = [ "wheel" ];
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsVJ+pxXtQBt2BcWtLxldQR9A0YYPxuQswdaWZPrVC+PMfmSauFYeng0ytVgQY3xrQFhbI9DqxxgchmOJ9Wh3i1/8+6Oz0iyIMKbwMqLzuXC0O6hVjedZX9MX7hSZox0wf3wFfAArU3rE4EnuTqGgDo697Yfw6XfL8fr0Ry78JkH7NduF8m/2dSG2/pVEc08htu2uWjXIUuOZJ+z4VCFgNK6rvKyKh7bzanpmRVbTkzRhGFUJF8nL3FayqVr9sXLl/HDWXSufYWtUIX90TvTnLq1BD+ZFvY8bdWEALMF3UgLeklqSy4QDgddibQ+ru5zcTXgwTrOAOxsFcfOn9g5QD [email protected]"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDCNb96zW62uqJjNeYzy0e4iITy6hMi/dqNePDOTqeQPRo1ntnPjiOZZfl6K47f3EmzIfJNOT2BYvY9eKNJKvGx8NMPFpacJWWjJA6yHsr5s0pIrHdk7tcaA3akSOaZrUnU1ZB3Lb5ow8i+xS/g5yUIgyVx7eUNLZgKhWsyOMx+eSZjB/aL9d9L1rB9g4sipwXO3DIAxvAEoIlEv6GpXH8bzKSAJt4tLsKRiGf00r83AIlGewb8LEldp6Hm1GlAUtLMTa6IU8+d04JJVzgyC7sO+Xznr2rwC6NXOhlc2kjpPOfapdbJOnmOjmsLUUlRUX8STH9co0xuowEwypcd9fEZ COMMENT"
];
shell = "/run/current-system/sw/bin/zsh";
};
users.extraUsers.agadiffe = {
isNormalUser = true;
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCmTj8PgE0HbFFc3CcOwHWkDqFqiSw1vhl+iwJX33x0/aPg5rXc8GdSnq2R0WomZScr1QleOapzGpeK3JtMl31yTSNFY3nhkxHuo54CLJa0jnkUuw4+NZ4ysRIO3/+TTJlB5Fs+hhFMY6uCu4OWTmHRJhuXphsC28ZC0mGwmKmFfqdE39JX0599ziVxyOUMp4KeVM9xhY2qKA52z94vBkALNAYelm0GZcOfKgp+9YeKiOW7BWrhjOK9rgbUKHoTxdzr3Ewe7+c8n/jT3JgRcbvSf2CyFDdb9usIog0UiX55qD/5Jx2QK+nwj0eYv+GpYFqRvWvrtvM1NkVLi0Km36N4hehsYu9C6uSEG2vhsFmtUjAkM0t2cWPr3VCm6YFbO91IgetnkqR5NLs6+bLuTkiarptkH+Hdy15k96HDUbd3m8QQsCL6KJ57M9EkdsqzVkPBcd/dGc5hlq3CQ3oyeFDwjWWC6xx/SV9mixADzpKqcMpySS7OEe9V+6O0z2XPVx6zg+JhNaCjDo0dVEv83dHLewdiTjLBQl4DYmx4AMHNdJV3UlazLdzePuYh7erNzCHyfqv6Podsqcl0iTsVNxa7LyHkV5JXNP8sg5IXhD2VV3G+H79xAxVAoMxdK5p/Ip2Xf6jYxifE5WIuJ9B+PLg+Oj1jS6xYlM2drC05g8bvcw== [email protected]"
];
shell = "/run/current-system/sw/bin/zsh";
};
users.extraUsers.mguillon = {
isNormalUser = true;
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDOSjG4BQT8oW5/9lyl3WXsqim2dL/bMbue8f6Y3G2XEZQuW+qHynz/TBS5yKrwwXt2bsSdvx76sbHaQv3V8CKcQF8tuRX4sC5LXv2Es1i0GO+T3EQNVHOM0bBmvDY2oaqavJcY/JRCgZbUCYv6XHfbGj2w6BCWg7JgTcBqjveoI6RpHx7fOXFZRRdvanA51LZweqBzKS+RjcLDAY9lN12sPyANDYGJdViUZBTaFAOyvw74DtmxFRoMXqB0OSX21UZVb17mbw5qFUir1Wzzxa5EKfJWeYb2JUGNywowpWMPLvilo7pQ5gLSi/mmSbbkfaPeODI1QvuDacXU6aah6RVt [email protected]"
];
shell = "/run/current-system/sw/bin/zsh";
};
users.extraUsers.gclement = {
isNormalUser = true;
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDYOs/gU3SDzaXpZExsIuatqYTR9LtrtoQ6BPOYM1zSnMzB4jU5vVzMCs+LtR76OeWDQD+JEbZs9IkPOUi1/poYxmGwG6bEizPZ6nJ7CuNeyNuOuV+cAi0I9K0bqlC1U/FGepQ65VZj5OHoj4lkuFS/z+rGSu8gijthBCGP5SwhIMlyJ2Dou106noDiBkkzCExqy2tm/tXlfH0iwAdVbDe2K1AKktzTWm8x6KsCmwCPVNbJmvAn2IgsRNSqhm+cRfEeJ5Hv6UzIuqF/ab8lbcDOT1puqcbqL5WKq6jU/oQw2TaIg1zh12xWi8g6O0fHLKEiJgSbeTHpKumdYXYrpZJ70uypcFMoDpiMs+fwK2gOQfyyFHdW8cUo40Cy3Zo0rW1urYo4fzGw0OOqIadQ1EexkieLiN/hab+7Pgdu2TvGG/JaLiD35m4vB6YiZinfWA1UZeevdH3AWvreN7K8GvUAwABzU+F2ZGAWIf/Wh/J9DjmvAQRX07yEf3cQR07CPp/zCOTZmDeG0ccgF3S47E7X1Umt+scJa3xZ7HjJYTAjPujsZlNEM34pqNYKqDTJcMvToQz+9QnyaxpVkMoTYSs7p8bNIneWI9g5TxJzovcogAt89iIccWnO4AillKvxpbYPoLLMECmNWM4I+wRr/942TylzAuOJqBfbgNRKMUA/EQ== [email protected]"
];
shell = "/run/current-system/sw/bin/zsh";
};
users.extraUsers.rhum = {
isNormalUser = true;
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAqOb968b6+3/UangGpUAZf2QPlHop3aTx7SwYlM+GPtTU6VLloklBBKN6wnQReJeO5xKd0gTGnjRQdbwziEWuwUR0i4hDjS+QgbuuRnzVHSpKxjZC/MustuSKHZ8zxkByMaTy+lROM7rT/DYltzBtT2Xv86zDk56PAWuEU7FMaVTtkr53RiryaIeRhtoH8fPyMdERJh7tnBz3K7nmWwuaLN0JzZmmnKtbQIsiRUX5e49VM8BAFss/EysNpKxMU3IzJATCTrYdqO8IYJYKX0iNkGPaFS6IvYoVhtgS3sgZyvBY6FGnnAOjLBewN76gP5EZJ38uxJHpiqudWVfBNelaIQ== rsa-key-20151105"
];
shell = "/run/current-system/sw/bin/zsh";
};
users.extraUsers.barbare = {
isNormalUser = true;
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDK9JLn5ggSNzPtvk8MCPuB1owYvO7Lo01+ZXBixNSTInkUiUi1XvHNBEalqwlv0/2FoLFzYQVX+ERvUWWoOdK0Jkzr5Thq93+RmpWL/OA7bG/Q0JmZ9n3frlcgSWp/7o7RAZWpaZdhHaxwA6uuf2kMAOWdBCoYH8C14LoLzShHSKr5vkKE6UydCdvYfWM3ae4i8K3kAWjiT83xJgGFIbksapLqunxzSRTOZoKNydU+E1dLtfM6QNz7/0LEAtNIcGe/vmpBLvfJDWQtz1agH7KaPCBOTE+UuHo/gzJ6wk0+Xx/XKw4JWcYd6qjs2SGUpxaBx3/gFAwm0jyIeZkljhF8+igvavEC2m9pY/GP19GcqwiTVx9lmWwPz2gvJYKNnQnVIVOtph/7zJDNUItwqMgf/6imWFpYEWo+GzZvnHZx/280my9WgFPfKWI7wQ9ob00HLq40pWnpPbufcS4ia8QrToF/53skkQ2RmOluQAopilPfU4T0Ll86sqbgmPoMuuNH3VbDvWkztg8roZSgQdF9je7PcAzgD4h+/MefSO98JzuGjHLODHKz680PbeGC5cYMFv6Bc9UMWWoi8DA/L77iEldjNIEIKQPmoH9dapv2Qq2FxKg1nAw9UcKH8Qr8FZugww5pEVANlz6uXglmLUTRNO3Yt6uGOb1QDWimJYi61w== [email protected]"
];
shell = "/run/current-system/sw/bin/zsh";
};
users.extraUsers.benjamin = {
isNormalUser = true;
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCo01HraSOYujU0FL4cXylomBnjV7YSmanliVI/VgE1LrX8+ooS/qEvM/dqaerdfptZVWxgZ5Twqrd0ZlOtUdwM6ky7vqb3DcvGi1DqmXuwPMYDephmmhK9XHWFHsJ5NjDZF75DMLU0m8YZz8AKQUExncHyy/Hn1+dF0L4nuat8SAjh4sB8AC/Gb4A8lRyAV3Ag5dgZh/I1bWAJfZb/Tqyy/grhm3MQDB/bvmaMHZAkzVElxqjnIe2CySQhouo4iVAe3LRLEdu9UEqq+Cfrfm6TW++knSlH1pTeTJ8Z/X85zuu3bjPc0+Rv0cIlLGFog44QOn1W0aQlqzM3jVZ941z5 [email protected]"
];
shell = "/run/current-system/sw/bin/zsh";
};
users.extraUsers.dwillems = {
isNormalUser = true;
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCoGOd8k9JoarvTDCCrrV86H+MvPKap8K72ZiELZD9BQDfISKMnI6yqrBByPl9dsCJFqkEW0puKbBnCqOa29a1RonTO/vQNzyABdDqiM3IZD8LJwgsI4EcZHbPoWglUTH9GF9ocMb13C/rIwoxPWXDAYOvQfgbh0PVHr+ltwOX/V8zLhCJnrUbzjS6+JCiSxf7D8TOeeoErrbekmrIavZs0+nK64azIr+N0/siwn7eDTZnnXZ5lIIUREUJn/mHHXQv79ISzbD/gkK4uAy0/wL395C29or38riCYrri3rpvyXEghxeyfGjR8cuQFZz/VxjDOF+/tJdrC4RkLlY0YEjed geekstay@geekstay-HP"
];
shell = "/run/current-system/sw/bin/zsh";
};
users.motd = ''To install the norminette :
nix-channel --add http://hydra.cmc.im/jobset/roblabla/master/channel/latest roblabla
nix-channel --update
nix-env -iA roblabla.norminette
To get a 42 kerberos ticket :
kinit <42login>
'';
# The NixOS release to be compatible with for stateful data such as databases.
system.stateVersion = "16.03";
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment