orange/citrus.nix

{pkgs, ... }:
{
  system.stateVersion = "23.05";

  # Enables flakes and the updated `nix` command
  nix.settings.experimental-features = [ "nix-command" "flakes" ];

  environment.systemPackages = with pkgs; [
    zellij tmux minicom tio lrzsz python3Packages.pyserial btop
  ];
  programs.fish.enable = true;

  users = {
    # No need to edit users on a single-purpose system.
    mutableUsers = false;
    users = {
      geekygay = {
        shell = pkgs.fish;
        isNormalUser = true;
        extraGroups = [ "wheel" "dialout" ];
        password = "";
        openssh.authorizedKeys.keyFiles = [
          ./authorized_keys
        ];
      };
    };
  };

  security.sudo.wheelNeedsPassword = false; # Needed for colmena.
  nix.settings.trusted-users = [ "root" "@wheel" ];

  documentation.man.enable = false; # Takes way too long to build.

  # Allow SSH with authorized keys only!
  services.openssh = {
    enable = true;
    settings.PasswordAuthentication = false;
  };

  # Start tmux session for serial console on boot.
  systemd.services.tmux-serial = {
    description   = "Tmux Serial Server Service";
    wantedBy      = [ "multi-user.target" ];
    after         = [ "network.target" ];


    serviceConfig = {
      Restart = "always";
      User    = "geekygay";
      Type = "forking";
      WorkingDirectory = "~";
      GuessMainPID = true;
      ExecStart = "${pkgs.tmux}/bin/tmux new -d ${pkgs.python3Packages.pyserial}/bin/pyserial-miniterm /dev/ttyS1 115200 --eol lf --raw";
    };
  };
}
Works with colmena on Pi 3. 2023-07-25 07:32:19 +00:00			`{pkgs, ... }:`
Adds SSH config. 2023-05-07 02:04:36 +00:00			`{`
Works with colmena on Pi 3. 2023-07-25 07:32:19 +00:00			`system.stateVersion = "23.05";`
Adds native vm for testing. 2023-08-03 20:00:12 +00:00
Adds comments. 2023-08-03 20:26:44 +00:00			# Enables flakes and the updated `nix` command
Adds graphfix application. 2023-07-27 19:24:32 +00:00			`nix.settings.experimental-features = [ "nix-command" "flakes" ];`
Adds native vm for testing. 2023-08-03 20:00:12 +00:00
Customized for serial port monitor. 2023-08-16 14:03:37 +00:00			`environment.systemPackages = with pkgs; [`
Adds serial console in tmux and btop. 2023-08-20 02:21:15 +00:00			`zellij tmux minicom tio lrzsz python3Packages.pyserial btop`
Customized for serial port monitor. 2023-08-16 14:03:37 +00:00			`];`
			`programs.fish.enable = true;`
Works with colmena on Pi 3. 2023-07-25 07:32:19 +00:00
Runs application as non-root user. 2023-08-03 18:11:59 +00:00			`users = {`
Adds comments. 2023-08-03 20:26:44 +00:00			`# No need to edit users on a single-purpose system.`
Runs application as non-root user. 2023-08-03 18:11:59 +00:00			`mutableUsers = false;`
			`users = {`
Customized for serial port monitor. 2023-08-16 14:03:37 +00:00			`geekygay = {`
			`shell = pkgs.fish;`
Runs application as non-root user. 2023-08-03 18:11:59 +00:00			`isNormalUser = true;`
Customized for serial port monitor. 2023-08-16 14:03:37 +00:00			`extraGroups = [ "wheel" "dialout" ];`
Runs application as non-root user. 2023-08-03 18:11:59 +00:00			`password = "";`
Customized for serial port monitor. 2023-08-16 14:03:37 +00:00			`openssh.authorizedKeys.keyFiles = [`
			`./authorized_keys`
Runs application as non-root user. 2023-08-03 18:11:59 +00:00			`];`
			`};`
			`};`
			`};`

Deploys as non-root user 2023-08-16 16:44:20 +00:00			`security.sudo.wheelNeedsPassword = false; # Needed for colmena.`
			`nix.settings.trusted-users = [ "root" "@wheel" ];`

			`documentation.man.enable = false; # Takes way too long to build.`

Adds comments. 2023-08-03 20:26:44 +00:00			`# Allow SSH with authorized keys only!`
Runs application as non-root user. 2023-08-03 18:11:59 +00:00			`services.openssh = {`
			`enable = true;`
			`settings.PasswordAuthentication = false;`
Adds SSH config. 2023-05-07 02:04:36 +00:00			`};`
Adds serial console in tmux and btop. 2023-08-20 02:21:15 +00:00
			`# Start tmux session for serial console on boot.`
			`systemd.services.tmux-serial = {`
			`description = "Tmux Serial Server Service";`
			`wantedBy = [ "multi-user.target" ];`
			`after = [ "network.target" ];`


			`serviceConfig = {`
			`Restart = "always";`
			`User = "geekygay";`
			`Type = "forking";`
			`WorkingDirectory = "~";`
			`GuessMainPID = true;`
			`ExecStart = "${pkgs.tmux}/bin/tmux new -d ${pkgs.python3Packages.pyserial}/bin/pyserial-miniterm /dev/ttyS1 115200 --eol lf --raw";`
			`};`
			`};`
Adds SSH config. 2023-05-07 02:04:36 +00:00			`}`