diff --git a/hosts/server/configuration.nix b/hosts/server/configuration.nix index 0311fe3..8854a0d 100644 --- a/hosts/server/configuration.nix +++ b/hosts/server/configuration.nix @@ -25,7 +25,19 @@ networking.hostName = "${hostName}"; - services.openssh.enable = true; + # hardened openssh + services.openssh = { + passwordAuthentication = false; + allowSFTP = false; + challengeResponseAuthentication = false; + extraConfig = '' + AllowTcpForwarding yes + X11Forwarding no + AllowAgentForwarding no + AllowStreamLocalForwarding no + AuthenticationMethods publickey + ''; + }; system.stateVersion = "24.11"; diff --git a/modules/home-manager/default.nix b/modules/home-manager/default.nix index 7c8e20d..119520d 100644 --- a/modules/home-manager/default.nix +++ b/modules/home-manager/default.nix @@ -13,6 +13,7 @@ "fish" "gh" "git" + "lazygit" "starship" "yazi" "zoxide" diff --git a/modules/home-manager/features/aerc.nix b/modules/home-manager/features/aerc.nix index 0bb36a5..7debd0a 100644 --- a/modules/home-manager/features/aerc.nix +++ b/modules/home-manager/features/aerc.nix @@ -18,34 +18,164 @@ sort = "-r date"; }; }; + extraBinds = { + global = { + # keep-sorted start + "" = ":next-tab "; + "" = ":prev-tab"; + "" = ":term"; + "?" = ":help keys"; + # keep-sorted end + }; + messages = { + # keep-sorted start + "!" = ":term"; + "$" = ":term"; + "/" = ":search-a"; + "" = ":prev 100%"; + "" = ":next 50%"; + "" = ":next 100%"; + "" = ":prev 50%"; + "" = ":next"; + "" = ":view"; + "" = ":clear"; + "" = ":next 100%"; + "" = ":prev 100%"; + "" = ":prev"; + "\\" = ":filter "; + "|" = ":pipe"; + A = ":archive flat"; + C = ":compose"; + D = ":move Trash"; + G = ":select -1"; + H = ":collapse-folder"; + J = ":next-folder "; + K = ":prev-folder"; + L = ":expand-folder"; + N = ":prev-result"; + R = ":read"; + Rq = ":reply -q"; + Rr = ":reply"; + T = ":toggle-threads"; + U = ":unread"; + V = ":mark -v"; + c = ":cf"; + d = ":prompt 'Really delete this message?' 'delete-message'"; + g = ":select 0 "; + j = ":next "; + k = ":prev "; + n = ":next-result"; + q = ":quit"; + rq = ":reply -aq"; + rr = ":reply -a"; + v = ":mark -t"; + # keep-sorted end + }; + "messages:folder=Drafts" = { + "" = ":recall"; + }; + view = { + # keep-sorted start + "/" = ":toggle-key-passthrough /"; + "" = ":next-part"; + "" = ":prev-part"; + "" = ":open-link "; + "|" = ":pipe"; + A = ":archive flat"; + D = ":move Trash"; + H = ":toggle-headers"; + J = ":next "; + K = ":prev"; + O = ":open"; + R = ":read"; + Rq = ":reply -q"; + Rr = ":reply"; + S = ":save"; + U = ":unread"; + f = ":forward "; + q = ":close"; + rq = ":reply -aq"; + rr = ":reply -a"; + # keep-sorted end + }; + "view::passthrough" = { + # keep-sorted start + "$ex" = ""; + "$noinherit" = "true"; + "" = ":toggle-key-passthrough"; + # keep-sorted end + }; + compose = { + # keep-sorted start + "$ex" = ""; + "$noinherit" = "true"; + "" = ":switch-account -n"; + "" = ":switch-account -p"; + "" = ":next-field"; + "" = ":prev-field"; + "" = ":next-tab"; + "" = ":prev-tab"; + "" = ":next-field"; + # keep-sorted end + }; + "compose::editor" = { + # keep-sorted start + "$ex" = ""; + "$noinherit" = "true"; + "" = ":next-field"; + "" = ":prev-field"; + "" = ":next-tab"; + "" = ":prev-tab"; + # keep-sorted end + }; + "compose::review" = { + # keep-sorted start + a = ":attach"; + d = ":detach"; + e = ":edit"; + n = ":abort"; + p = ":postpone"; + q = ":choose -o d discard abort -o p postpone postpone"; + y = ":send "; + # keep-sorted end + }; + terminal = { + # keep-sorted start + "$ex" = ""; + "$noinherit" = "true"; + "" = ":next-tab"; + "" = ":prev-tab"; + # keep-sorted end + }; + }; stylesets.catppuccin-mocha = '' - "*.default" = true; - "*.normal" = true; - "default.fg" = "#cdd6f4"; - "error.fg" = "#f38ba8"; - "warning.fg" = "#fab387"; - "success.fg" = "#a6e3a1"; - "tab.fg" = "#6c7086"; - "tab.bg" = "#181825"; - "tab.selected.fg" = "#cdd6f4"; - "tab.selected.bg" = "#1e1e2e"; - "tab.selected.bold" = true; - "border.fg" = "#11111b"; - "border.bold" = true; - "msglist_unread.bold" = true; - "msglist_flagged.fg" = "#f9e2af"; - "msglist_flagged.bold" = true; - "msglist_result.fg" = "#89b4fa"; - "msglist_result.bold" = true; - "msglist_*.selected.bold" = true; - "msglist_*.selected.bg" = "#313244"; - "dirlist_*.selected.bold" = true; - "dirlist_*.selected.bg" = "#313244"; - "statusline_default.fg" = "#9399b2"; - "statusline_default.bg" = "#313244"; - "statusline_error.bold" = true; - "statusline_success.bold" = true; - "completion_default.selected.bg" = "#313244"; + "*.default" = true + "*.normal" = true + "default.fg" = "#cdd6f4" + "error.fg" = "#f38ba8" + "warning.fg" = "#fab387" + "success.fg" = "#a6e3a1" + "tab.fg" = "#6c7086" + "tab.bg" = "#181825" + "tab.selected.fg" = "#cdd6f4" + "tab.selected.bg" = "#1e1e2e" + "tab.selected.bold" = true + "border.fg" = "#11111b" + "border.bold" = true + "msglist_unread.bold" = true + "msglist_flagged.fg" = "#f9e2af" + "msglist_flagged.bold" = true + "msglist_result.fg" = "#89b4fa" + "msglist_result.bold" = true + "msglist_*.selected.bold" = true + "msglist_*.selected.bg" = "#313244" + "dirlist_*.selected.bold" = true + "dirlist_*.selected.bg" = "#313244" + "statusline_default.fg" = "#9399b2" + "statusline_default.bg" = "#313244" + "statusline_error.bold" = true + "statusline_success.bold" = true + "completion_default.selected.bg" = "#313244" ''; }; } diff --git a/modules/home-manager/features/lazygit.nix b/modules/home-manager/features/lazygit.nix new file mode 100644 index 0000000..e4938bf --- /dev/null +++ b/modules/home-manager/features/lazygit.nix @@ -0,0 +1,14 @@ +{ + ... +}: +{ + programs.lazygit = { + enable = true; + settings = { + log = { + localBranchSortOrder = "recency"; + remoteBranchSortOrder = "recency"; + }; + }; + }; +} diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix index b1c31ad..e980470 100644 --- a/modules/nixos/default.nix +++ b/modules/nixos/default.nix @@ -13,8 +13,7 @@ "localisation" "network" "nh" - "nix-settings" - "nixpkgs" + "nix" "nixvim" "syncthing" "systemd-boot" @@ -46,7 +45,6 @@ hexyl # hexadecimal viewer hyperfine # benchmarking tool keep-sorted # alphabetical formatter - lazygit # git tui mprocs # run long running commands and monitor output navi # cheatsheet browser nb # note taking diff --git a/modules/nixos/features/network.nix b/modules/nixos/features/network.nix index 5ea2774..ce2b3a9 100644 --- a/modules/nixos/features/network.nix +++ b/modules/nixos/features/network.nix @@ -6,5 +6,6 @@ networking = { hostName = "${hostName}"; networkmanager.enable = true; + firewall.enable = true; }; } diff --git a/modules/nixos/features/nix-settings.nix b/modules/nixos/features/nix.nix similarity index 64% rename from modules/nixos/features/nix-settings.nix rename to modules/nixos/features/nix.nix index eda2992..a73a504 100644 --- a/modules/nixos/features/nix-settings.nix +++ b/modules/nixos/features/nix.nix @@ -1,4 +1,14 @@ { + lib, + ... +}: +{ + # rip out default packages + environment.defaultPackages = lib.mkForce [ ]; + + # allow packages with non-free licenses + nixpkgs.config.allowUnfree = true; + nix = { gc = { automatic = true; @@ -11,6 +21,7 @@ persistent = true; }; settings = { + allowed-users = [ "@wheel" ]; experimental-features = [ "nix-command" "flakes" diff --git a/modules/nixos/features/nixpkgs.nix b/modules/nixos/features/nixpkgs.nix deleted file mode 100644 index e95ec3c..0000000 --- a/modules/nixos/features/nixpkgs.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ - nixpkgs.config.allowUnfree = true; -} diff --git a/modules/nixos/features/paperless.nix b/modules/nixos/features/paperless.nix index eef48b1..348b42d 100644 --- a/modules/nixos/features/paperless.nix +++ b/modules/nixos/features/paperless.nix @@ -30,7 +30,7 @@ in ]; }; - nginx.virtualHosts."miniflux.fi33.buzz" = { + nginx.virtualHosts."paperless.fi33.buzz" = { forceSSL = true; useACMEHost = "fi33.buzz"; locations."/".proxyPass = "http://localhost:${port}"; diff --git a/modules/nixos/features/sudo.nix b/modules/nixos/features/sudo.nix new file mode 100644 index 0000000..78f1db5 --- /dev/null +++ b/modules/nixos/features/sudo.nix @@ -0,0 +1,6 @@ +{ + ... +}: +{ + security.sudo.execWheelOnly = true; +}