diff --git a/hosts/be.lt.ts.hillion.co.uk/default.nix b/hosts/be.lt.ts.hillion.co.uk/default.nix index dc17748..5c301d2 100644 --- a/hosts/be.lt.ts.hillion.co.uk/default.nix +++ b/hosts/be.lt.ts.hillion.co.uk/default.nix @@ -2,7 +2,6 @@ { imports = [ - ../../modules/common/default.nix ./hardware-configuration.nix ]; @@ -15,6 +14,8 @@ boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; + custom.defaults = true; + ## Impermanence custom.impermanence = { enable = true; diff --git a/hosts/boron.cx.ts.hillion.co.uk/default.nix b/hosts/boron.cx.ts.hillion.co.uk/default.nix index 59ef20f..038b2a4 100644 --- a/hosts/boron.cx.ts.hillion.co.uk/default.nix +++ b/hosts/boron.cx.ts.hillion.co.uk/default.nix @@ -2,7 +2,6 @@ { imports = [ - ../../modules/common/default.nix ./hardware-configuration.nix ]; @@ -29,6 +28,8 @@ }; }; + custom.defaults = true; + ## Impermanence custom.impermanence.enable = true; diff --git a/hosts/gendry.jakehillion-terminals.ts.hillion.co.uk/default.nix b/hosts/gendry.jakehillion-terminals.ts.hillion.co.uk/default.nix index 02e19bf..2e17c46 100644 --- a/hosts/gendry.jakehillion-terminals.ts.hillion.co.uk/default.nix +++ b/hosts/gendry.jakehillion-terminals.ts.hillion.co.uk/default.nix @@ -2,7 +2,6 @@ { imports = [ - ../../modules/common/default.nix ../../modules/spotify/default.nix ./bluetooth.nix ./hardware-configuration.nix @@ -17,6 +16,8 @@ boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; + custom.defaults = true; + ## Impermanence custom.impermanence = { enable = true; diff --git a/hosts/jorah.cx.ts.hillion.co.uk/default.nix b/hosts/jorah.cx.ts.hillion.co.uk/default.nix index 7aa55a0..6b485a3 100644 --- a/hosts/jorah.cx.ts.hillion.co.uk/default.nix +++ b/hosts/jorah.cx.ts.hillion.co.uk/default.nix @@ -2,7 +2,6 @@ { imports = [ - ../../modules/common/default.nix ./hardware-configuration.nix ]; @@ -15,6 +14,8 @@ boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; + custom.defaults = true; + ## Impermanence custom.impermanence.enable = true; diff --git a/hosts/li.pop.ts.hillion.co.uk/default.nix b/hosts/li.pop.ts.hillion.co.uk/default.nix index fd56ec1..abc78c4 100644 --- a/hosts/li.pop.ts.hillion.co.uk/default.nix +++ b/hosts/li.pop.ts.hillion.co.uk/default.nix @@ -3,7 +3,6 @@ { imports = [ ./hardware-configuration.nix - ../../modules/common/default.nix ../../modules/rpi/rpi4.nix ]; @@ -13,6 +12,8 @@ networking.hostName = "li"; networking.domain = "pop.ts.hillion.co.uk"; + custom.defaults = true; + ## Custom Services custom.locations.autoServe = true; diff --git a/hosts/microserver.home.ts.hillion.co.uk/default.nix b/hosts/microserver.home.ts.hillion.co.uk/default.nix index 5a8f83e..bd162ab 100644 --- a/hosts/microserver.home.ts.hillion.co.uk/default.nix +++ b/hosts/microserver.home.ts.hillion.co.uk/default.nix @@ -3,7 +3,6 @@ { imports = [ ./hardware-configuration.nix - ../../modules/common/default.nix ../../modules/rpi/rpi4.nix ]; @@ -13,6 +12,8 @@ networking.hostName = "microserver"; networking.domain = "home.ts.hillion.co.uk"; + custom.defaults = true; + ## Custom Services custom.locations.autoServe = true; diff --git a/hosts/router.home.ts.hillion.co.uk/default.nix b/hosts/router.home.ts.hillion.co.uk/default.nix index 33ba706..b91bf93 100644 --- a/hosts/router.home.ts.hillion.co.uk/default.nix +++ b/hosts/router.home.ts.hillion.co.uk/default.nix @@ -2,7 +2,6 @@ { imports = [ - ../../modules/common/default.nix ./hardware-configuration.nix ]; @@ -19,6 +18,8 @@ "net.ipv4.conf.all.forwarding" = true; }; + custom.defaults = true; + ## Interactive password custom.users.jake.password = true; diff --git a/hosts/theon.storage.ts.hillion.co.uk/default.nix b/hosts/theon.storage.ts.hillion.co.uk/default.nix index 8186a2b..5469054 100644 --- a/hosts/theon.storage.ts.hillion.co.uk/default.nix +++ b/hosts/theon.storage.ts.hillion.co.uk/default.nix @@ -2,7 +2,6 @@ { imports = [ - ../../modules/common/default.nix ./hardware-configuration.nix ]; @@ -15,6 +14,8 @@ boot.loader.grub.enable = false; boot.loader.generic-extlinux-compatible.enable = true; + custom.defaults = true; + ## Custom Services custom = { locations.autoServe = true; diff --git a/hosts/tywin.storage.ts.hillion.co.uk/default.nix b/hosts/tywin.storage.ts.hillion.co.uk/default.nix index 8d71cb7..e11c8a1 100644 --- a/hosts/tywin.storage.ts.hillion.co.uk/default.nix +++ b/hosts/tywin.storage.ts.hillion.co.uk/default.nix @@ -2,7 +2,6 @@ { imports = [ - ../../modules/common/default.nix ./hardware-configuration.nix ]; @@ -17,6 +16,7 @@ boot.loader.efi.canTouchEfiVariables = true; custom.locations.autoServe = true; + custom.defaults = true; ## Tailscale age.secrets."tailscale/tywin.storage.ts.hillion.co.uk".file = ../../secrets/tailscale/tywin.storage.ts.hillion.co.uk.age; diff --git a/modules/common/default.nix b/modules/common/default.nix deleted file mode 100644 index dad3136..0000000 --- a/modules/common/default.nix +++ /dev/null @@ -1,60 +0,0 @@ -{ pkgs, lib, config, agenix, ... }: - -{ - imports = [ - ../home/default.nix - ./shell.nix - ./ssh.nix - ./update_scripts.nix - ]; - - nix = { - settings.experimental-features = [ "nix-command" "flakes" ]; - settings = { - auto-optimise-store = true; - }; - gc = { - automatic = true; - dates = "weekly"; - options = "--delete-older-than 90d"; - }; - }; - nixpkgs.config.allowUnfree = true; - - time.timeZone = "Europe/London"; - i18n.defaultLocale = "en_GB.UTF-8"; - - users = { - mutableUsers = false; - users."jake" = { - isNormalUser = true; - extraGroups = [ "wheel" ]; # enable sudo - }; - }; - - security.sudo.wheelNeedsPassword = false; - - environment = { - systemPackages = with pkgs; [ - agenix.packages."${system}".default - gh - git - htop - nix - sapling - vim - ]; - variables.EDITOR = "vim"; - shellAliases = { - ls = "ls -p --color=auto"; - }; - }; - - networking = rec { - nameservers = [ "1.1.1.1" "8.8.8.8" ]; - networkmanager.dns = "none"; - }; - networking.firewall.enable = true; - - custom.hostinfo.enable = true; -} diff --git a/modules/common/ssh.nix b/modules/common/ssh.nix deleted file mode 100644 index 241cfe1..0000000 --- a/modules/common/ssh.nix +++ /dev/null @@ -1,44 +0,0 @@ -{ pkgs, lib, config, ... }: - -{ - users.users."jake".openssh.authorizedKeys.keys = [ - "sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBBwJH4udKNvi9TjOBgkxpBBy7hzWqmP0lT5zE9neusCpQLIiDhr6KXYMPXWXdZDc18wH1OLi2+639dXOvp8V/wgAAAAEc3NoOg== jake@beryllium-keys" - - "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOt74U+rL+BMtAEjfu/Optg1D7Ly7U+TupRxd5u9kfN7oJnW4dJA25WRSr4dgQNq7MiMveoduBY/ky2s0c9gvIA= jake@jake-gentoo" - "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBC0uKIvvvkzrOcS7AcamsQRFId+bqPwUC9IiUIsiH5oWX1ReiITOuEo+TL9YMII5RyyfJFeu2ZP9moNuZYlE7Bs= jake@jake-mbp" - - "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAyFsYYjLZ/wyw8XUbcmkk6OKt2IqLOnWpRE5gEvm3X0V4IeTOL9F4IL79h7FTsPvi2t9zGBL1hxeTMZHSGfrdWaMJkQp94gA1W30MKXvJ47nEVt0HUIOufGqgTTaAn4BHxlFUBUuS7UxaA4igFpFVoPJed7ZMhMqxg+RWUmBAkcgTWDMgzUx44TiNpzkYlG8cYuqcIzpV2dhGn79qsfUzBMpGJgkxjkGdDEHRk66JXgD/EtVasZvqp5/KLNnOpisKjR88UJKJ6/buV7FLVra4/0hA9JtH9e1ecCfxMPbOeluaxlieEuSXV2oJMbQoPP87+/QriNdi/6QuCHkMDEhyGw== jake@jake-mbp" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCw4lgH20nfuchDqvVf0YciqN0GnBw5hfh8KIun5z0P7wlNgVYnCyvPvdIlGf2Nt1z5EGfsMzMLhKDOZkcTMlhupd+j2Er/ZB764uVBGe1n3CoPeasmbIlnamZ12EusYDvQGm2hVJTGQPPp9nKaRxr6ljvTMTNl0KWlWvKP4kec74d28MGgULOPLT3HlAyvUymSULK4lSxFK0l97IVXLa8YwuL5TNFGHUmjoSsi/Q7/CKaqvNh+ib1BYHzHYsuEzaaApnCnfjDBNexHm/AfbI7s+g3XZDcZOORZn6r44dOBNFfwvppsWj3CszwJQYIFeJFuMRtzlC8+kyYxci0+FXHn jake@jake-gentoo" - - ]; - - programs.mosh.enable = true; - services.openssh = { - enable = true; - openFirewall = true; - - settings = { - PermitRootLogin = "no"; - PasswordAuthentication = false; - }; - }; - - programs.ssh.knownHosts = { - # Global Internet hosts - "ssh.gitea.hillion.co.uk".publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCxQpywsy+WGeaEkEL67xOBL1NIE++pcojxro5xAPO6VQe2N79388NRFMLlX6HtnebkIpVrvnqdLOs0BPMAokjaWCC4Ay7T/3ko1kXSOlqHY5Ye9jtjRK+wPHMZgzf74a3jlvxjrXJMA70rPQ3X+8UGpA04eB3JyyLTLuVvc6znMe53QiZ0x+hSz+4pYshnCO2UazJ148vV3htN6wRK+uqjNdjjQXkNJ7llNBSrvmfrLidlf0LRphEk43maSQCBcLEZgf4pxXBA7rFuZABZTz1twbnxP2ziyBaSOs7rcII+jVhF2cqJlElutBfIgRNJ3DjNiTcdhNaZzkwJ59huR0LUFQlHI+SALvPzE9ZXWVOX/SqQG+oIB8VebR52icii0aJH7jatkogwNk0121xmhpvvR7gwbJ9YjYRTpKs4lew3bq/W/OM8GF/FEuCsCuNIXRXKqIjJVAtIpuuhxPymFHeqJH3wK3f6jTJfcAz/z33Rwpow2VOdDyqrRfAW8ti73CCnRlN+VJi0V/zvYGs9CHldY3YvMr7rSd0+fdGyJHSTSRBF0vcyRVA/SqSfcIo/5o0ssYoBnQCg6gOkc3nNQ0C0/qh1ww17rw4hqBRxFJ2t3aBUMK+UHPxrELLVmG6ZUmfg9uVkOoafjRsoML6DVDB4JAk5JsmcZhybOarI9PJfEQ=="; - - # Tailscale hosts - "boron.cx.ts.hillion.co.uk".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOtQy+FGs/2cN82X15LUGJk8iAAxkttEffwpNnpmLXdg"; - "be.lt.ts.hillion.co.uk".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILV3OSUT+cqFqrFHZGfn7/xi5FW3n1qjUFy8zBbYs2Sm"; - "dancefloor.dancefloor.ts.hillion.co.uk".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEXkGueVYKr2wp/VHo2QLis0kmKtc/Upg3pGoHr6RkzY"; - "gendry.jakehillion.terminals.ts.hillion.co.uk".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPXM5aDvNv4MTITXAvJWSS2yvr/mbxJE31tgwJtcl38c"; - "homeassistant.homeassistant.ts.hillion.co.uk".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPM2ytacl/zYXhgvosvhudsl0zW5eQRHXm9aMqG9adux"; - "jorah.cx.ts.hillion.co.uk".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILA9Hp37ljgVRZwjXnTh+XqRuQWk23alOqe7ptwSr2A5"; - "li.pop.ts.hillion.co.uk".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHQWgcDFL9UZBDKHPiEGepT1Qsc4gz3Pee0/XVHJ6V6u"; - "microserver.home.ts.hillion.co.uk".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPPOCPqXm5a+vGB6PsJFvjKNgjLhM5MxrwCy6iHGRjXw"; - "router.home.ts.hillion.co.uk".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAlCj/i2xprN6h0Ik2tthOJQy6Qwq3Ony73+yfbHYTFu"; - "theon.storage.ts.hillion.co.uk".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN59psLVu3/sQORA4x3p8H3ei8MCQlcwX5T+k3kBeBMf"; - "tywin.storage.ts.hillion.co.uk".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGATsjWO0qZNFp2BhfgDuWi+e/ScMkFxp79N2OZoed1k"; - }; - programs.ssh.knownHostsFiles = [ ./github_known_hosts ]; -} diff --git a/modules/default.nix b/modules/default.nix index d97d000..00b8c13 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -4,13 +4,17 @@ imports = [ ./backups/default.nix ./chia.nix - ./common/hostinfo.nix + ./defaults.nix ./desktop/awesome/default.nix + ./home/default.nix + ./hostinfo.nix ./ids.nix ./impermanence.nix ./locations.nix ./resilio.nix ./services/default.nix + ./shell/default.nix + ./ssh/default.nix ./storj.nix ./tailscale.nix ./users.nix diff --git a/modules/defaults.nix b/modules/defaults.nix new file mode 100644 index 0000000..ff19caf --- /dev/null +++ b/modules/defaults.nix @@ -0,0 +1,62 @@ +{ pkgs, lib, config, agenix, ... }: + +{ + options.custom.defaults = lib.mkEnableOption "defaults"; + + config = lib.mkIf config.custom.defaults { + nix = { + settings.experimental-features = [ "nix-command" "flakes" ]; + settings = { + auto-optimise-store = true; + }; + gc = { + automatic = true; + dates = "weekly"; + options = "--delete-older-than 90d"; + }; + }; + nixpkgs.config.allowUnfree = true; + + time.timeZone = "Europe/London"; + i18n.defaultLocale = "en_GB.UTF-8"; + + users = { + mutableUsers = false; + users.${config.custom.user} = { + isNormalUser = true; + extraGroups = [ "wheel" ]; # enable sudo + uid = config.ids.uids.${config.custom.user}; + }; + }; + + security.sudo.wheelNeedsPassword = false; + + environment = { + systemPackages = with pkgs; [ + agenix.packages."${system}".default + gh + git + htop + nix + sapling + vim + ]; + variables.EDITOR = "vim"; + shellAliases = { + ls = "ls -p --color=auto"; + }; + }; + + networking = rec { + nameservers = [ "1.1.1.1" "8.8.8.8" ]; + networkmanager.dns = "none"; + }; + networking.firewall.enable = true; + + # Delegation + custom.home.defaults = true; + custom.hostinfo.enable = true; + custom.shell.enable = true; + custom.ssh.enable = true; + }; +} diff --git a/modules/home/default.nix b/modules/home/default.nix index 9240f41..7176ebf 100644 --- a/modules/home/default.nix +++ b/modules/home/default.nix @@ -6,7 +6,9 @@ ./tmux/default.nix ]; - config = { + options.custom.home.defaults = lib.mkEnableOption "home"; + + config = lib.mkIf config.custom.home.defaults { home-manager = { users.root.home = { stateVersion = "22.11"; @@ -22,5 +24,9 @@ file.".zshrc".text = ""; }; }; + + # Delegation + custom.home.git.enable = true; + custom.home.tmux.enable = true; }; } diff --git a/modules/home/git.nix b/modules/home/git.nix index f1fb230..c50b5af 100644 --- a/modules/home/git.nix +++ b/modules/home/git.nix @@ -1,21 +1,30 @@ { pkgs, lib, config, ... }: +let + cfg = config.custom.home.git; +in { - home-manager.users.jake.programs.git = { - enable = true; - extraConfig = { - user = { - email = "jake@hillion.co.uk"; - name = "Jake Hillion"; - }; - pull = { - rebase = true; - }; - merge = { - conflictstyle = "diff3"; - }; - init = { - defaultBranch = "main"; + options.custom.home.git = { + enable = lib.mkEnableOption "git"; + }; + + config = lib.mkIf cfg.enable { + home-manager.users.jake.programs.git = lib.mkIf (config.custom.user == "jake") { + enable = true; + extraConfig = { + user = { + email = "jake@hillion.co.uk"; + name = "Jake Hillion"; + }; + pull = { + rebase = true; + }; + merge = { + conflictstyle = "diff3"; + }; + init = { + defaultBranch = "main"; + }; }; }; }; diff --git a/modules/home/tmux/default.nix b/modules/home/tmux/default.nix index f98c5d4..8f7f83f 100644 --- a/modules/home/tmux/default.nix +++ b/modules/home/tmux/default.nix @@ -1,8 +1,17 @@ { pkgs, lib, config, ... }: +let + cfg = config.custom.home.tmux; +in { - home-manager.users.jake.programs.tmux = { - enable = true; - extraConfig = lib.readFile ./.tmux.conf; + options.custom.home.tmux = { + enable = lib.mkEnableOption "tmux"; + }; + + config = lib.mkIf cfg.enable { + home-manager.users.jake.programs.tmux = { + enable = true; + extraConfig = lib.readFile ./.tmux.conf; + }; }; } diff --git a/modules/common/hostinfo.nix b/modules/hostinfo.nix similarity index 100% rename from modules/common/hostinfo.nix rename to modules/hostinfo.nix diff --git a/modules/common/shell.nix b/modules/shell/default.nix similarity index 78% rename from modules/common/shell.nix rename to modules/shell/default.nix index 1924fde..ed797e1 100644 --- a/modules/common/shell.nix +++ b/modules/shell/default.nix @@ -1,7 +1,20 @@ { pkgs, lib, config, ... }: +let + cfg = config.custom.shell; +in { - config = { + imports = [ + ./update_scripts.nix + ]; + + options.custom.shell = { + enable = lib.mkEnableOption "shell"; + }; + + config = lib.mkIf cfg.enable { + custom.shell.update_scripts.enable = true; + users.defaultUserShell = pkgs.zsh; environment.systemPackages = with pkgs; [ direnv ]; diff --git a/modules/common/update_scripts.nix b/modules/shell/update_scripts.nix similarity index 87% rename from modules/common/update_scripts.nix rename to modules/shell/update_scripts.nix index 0a681aa..fe1f20d 100644 --- a/modules/common/update_scripts.nix +++ b/modules/shell/update_scripts.nix @@ -1,6 +1,8 @@ { config, pkgs, lib, ... }: let + cfg = config.custom.shell.update_scripts; + update = pkgs.writeScriptBin "update" '' #! ${pkgs.runtimeShell} set -e @@ -50,7 +52,11 @@ let ''; in { - config = { + options.custom.shell.update_scripts = { + enable = lib.mkEnableOption "update_scripts"; + }; + + config = lib.mkIf cfg.enable { environment.systemPackages = [ update ]; diff --git a/modules/ssh/default.nix b/modules/ssh/default.nix new file mode 100644 index 0000000..7669a2f --- /dev/null +++ b/modules/ssh/default.nix @@ -0,0 +1,55 @@ +{ pkgs, lib, config, ... }: + +let + cfg = config.custom.ssh; +in +{ + options.custom.ssh = { + enable = lib.mkEnableOption "ssh"; + }; + + config = lib.mkIf cfg.enable { + users.users = + if config.custom.user == "jake" then { + "jake".openssh.authorizedKeys.keys = [ + "sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBBwJH4udKNvi9TjOBgkxpBBy7hzWqmP0lT5zE9neusCpQLIiDhr6KXYMPXWXdZDc18wH1OLi2+639dXOvp8V/wgAAAAEc3NoOg== jake@beryllium-keys" + + "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOt74U+rL+BMtAEjfu/Optg1D7Ly7U+TupRxd5u9kfN7oJnW4dJA25WRSr4dgQNq7MiMveoduBY/ky2s0c9gvIA= jake@jake-gentoo" + "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBC0uKIvvvkzrOcS7AcamsQRFId+bqPwUC9IiUIsiH5oWX1ReiITOuEo+TL9YMII5RyyfJFeu2ZP9moNuZYlE7Bs= jake@jake-mbp" + + "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAyFsYYjLZ/wyw8XUbcmkk6OKt2IqLOnWpRE5gEvm3X0V4IeTOL9F4IL79h7FTsPvi2t9zGBL1hxeTMZHSGfrdWaMJkQp94gA1W30MKXvJ47nEVt0HUIOufGqgTTaAn4BHxlFUBUuS7UxaA4igFpFVoPJed7ZMhMqxg+RWUmBAkcgTWDMgzUx44TiNpzkYlG8cYuqcIzpV2dhGn79qsfUzBMpGJgkxjkGdDEHRk66JXgD/EtVasZvqp5/KLNnOpisKjR88UJKJ6/buV7FLVra4/0hA9JtH9e1ecCfxMPbOeluaxlieEuSXV2oJMbQoPP87+/QriNdi/6QuCHkMDEhyGw== jake@jake-mbp" + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCw4lgH20nfuchDqvVf0YciqN0GnBw5hfh8KIun5z0P7wlNgVYnCyvPvdIlGf2Nt1z5EGfsMzMLhKDOZkcTMlhupd+j2Er/ZB764uVBGe1n3CoPeasmbIlnamZ12EusYDvQGm2hVJTGQPPp9nKaRxr6ljvTMTNl0KWlWvKP4kec74d28MGgULOPLT3HlAyvUymSULK4lSxFK0l97IVXLa8YwuL5TNFGHUmjoSsi/Q7/CKaqvNh+ib1BYHzHYsuEzaaApnCnfjDBNexHm/AfbI7s+g3XZDcZOORZn6r44dOBNFfwvppsWj3CszwJQYIFeJFuMRtzlC8+kyYxci0+FXHn jake@jake-gentoo" + ]; + } else { }; + + programs.mosh.enable = true; + services.openssh = { + enable = true; + openFirewall = true; + + settings = { + PermitRootLogin = "no"; + PasswordAuthentication = false; + }; + }; + + programs.ssh.knownHosts = { + # Global Internet hosts + "ssh.gitea.hillion.co.uk".publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCxQpywsy+WGeaEkEL67xOBL1NIE++pcojxro5xAPO6VQe2N79388NRFMLlX6HtnebkIpVrvnqdLOs0BPMAokjaWCC4Ay7T/3ko1kXSOlqHY5Ye9jtjRK+wPHMZgzf74a3jlvxjrXJMA70rPQ3X+8UGpA04eB3JyyLTLuVvc6znMe53QiZ0x+hSz+4pYshnCO2UazJ148vV3htN6wRK+uqjNdjjQXkNJ7llNBSrvmfrLidlf0LRphEk43maSQCBcLEZgf4pxXBA7rFuZABZTz1twbnxP2ziyBaSOs7rcII+jVhF2cqJlElutBfIgRNJ3DjNiTcdhNaZzkwJ59huR0LUFQlHI+SALvPzE9ZXWVOX/SqQG+oIB8VebR52icii0aJH7jatkogwNk0121xmhpvvR7gwbJ9YjYRTpKs4lew3bq/W/OM8GF/FEuCsCuNIXRXKqIjJVAtIpuuhxPymFHeqJH3wK3f6jTJfcAz/z33Rwpow2VOdDyqrRfAW8ti73CCnRlN+VJi0V/zvYGs9CHldY3YvMr7rSd0+fdGyJHSTSRBF0vcyRVA/SqSfcIo/5o0ssYoBnQCg6gOkc3nNQ0C0/qh1ww17rw4hqBRxFJ2t3aBUMK+UHPxrELLVmG6ZUmfg9uVkOoafjRsoML6DVDB4JAk5JsmcZhybOarI9PJfEQ=="; + + # Tailscale hosts + "boron.cx.ts.hillion.co.uk".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOtQy+FGs/2cN82X15LUGJk8iAAxkttEffwpNnpmLXdg"; + "be.lt.ts.hillion.co.uk".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILV3OSUT+cqFqrFHZGfn7/xi5FW3n1qjUFy8zBbYs2Sm"; + "dancefloor.dancefloor.ts.hillion.co.uk".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEXkGueVYKr2wp/VHo2QLis0kmKtc/Upg3pGoHr6RkzY"; + "gendry.jakehillion.terminals.ts.hillion.co.uk".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPXM5aDvNv4MTITXAvJWSS2yvr/mbxJE31tgwJtcl38c"; + "homeassistant.homeassistant.ts.hillion.co.uk".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPM2ytacl/zYXhgvosvhudsl0zW5eQRHXm9aMqG9adux"; + "jorah.cx.ts.hillion.co.uk".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILA9Hp37ljgVRZwjXnTh+XqRuQWk23alOqe7ptwSr2A5"; + "li.pop.ts.hillion.co.uk".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHQWgcDFL9UZBDKHPiEGepT1Qsc4gz3Pee0/XVHJ6V6u"; + "microserver.home.ts.hillion.co.uk".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPPOCPqXm5a+vGB6PsJFvjKNgjLhM5MxrwCy6iHGRjXw"; + "router.home.ts.hillion.co.uk".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAlCj/i2xprN6h0Ik2tthOJQy6Qwq3Ony73+yfbHYTFu"; + "theon.storage.ts.hillion.co.uk".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN59psLVu3/sQORA4x3p8H3ei8MCQlcwX5T+k3kBeBMf"; + "tywin.storage.ts.hillion.co.uk".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGATsjWO0qZNFp2BhfgDuWi+e/ScMkFxp79N2OZoed1k"; + }; + programs.ssh.knownHostsFiles = [ ./github_known_hosts ]; + }; +} diff --git a/modules/common/github_known_hosts b/modules/ssh/github_known_hosts similarity index 100% rename from modules/common/github_known_hosts rename to modules/ssh/github_known_hosts