diff options
| author | polwex <polwex@sortug.com> | 2024-07-21 01:09:48 +0700 |
|---|---|---|
| committer | polwex <polwex@sortug.com> | 2024-07-21 01:09:48 +0700 |
| commit | 78907aa98c1af8624a62ca123d088c6c16424f41 (patch) | |
| tree | 477fe923810522acc211b7514e4931af80f33ed7 /hosts/cloud/sortug | |
init
Diffstat (limited to 'hosts/cloud/sortug')
| -rw-r--r-- | hosts/cloud/sortug/configuration.nix | 90 | ||||
| -rw-r--r-- | hosts/cloud/sortug/coturn.nix | 60 | ||||
| -rw-r--r-- | hosts/cloud/sortug/default.nix | 3 | ||||
| -rw-r--r-- | hosts/cloud/sortug/disk-config.nix | 56 | ||||
| -rw-r--r-- | hosts/cloud/sortug/fetch/configuration.nix | 126 | ||||
| -rw-r--r-- | hosts/cloud/sortug/fetch/hardware-configuration.nix | 24 | ||||
| -rw-r--r-- | hosts/cloud/sortug/gitea.nix | 27 | ||||
| -rw-r--r-- | hosts/cloud/sortug/hardware-configuration.nix | 17 | ||||
| -rw-r--r-- | hosts/cloud/sortug/hardware2.nix | 29 | ||||
| -rw-r--r-- | hosts/cloud/sortug/legacy.nix | 40 | ||||
| -rw-r--r-- | hosts/cloud/sortug/minio.nix | 9 | ||||
| -rw-r--r-- | hosts/cloud/sortug/nginx.nix | 124 | ||||
| -rw-r--r-- | hosts/cloud/sortug/packages.nix | 53 | ||||
| -rw-r--r-- | hosts/cloud/sortug/users.nix | 56 |
14 files changed, 714 insertions, 0 deletions
diff --git a/hosts/cloud/sortug/configuration.nix b/hosts/cloud/sortug/configuration.nix new file mode 100644 index 0000000..da267f6 --- /dev/null +++ b/hosts/cloud/sortug/configuration.nix @@ -0,0 +1,90 @@ +{ modulesPath, lib, ... }: +{ + imports = lib.optional (builtins.pathExists ./do-userdata.nix) ./do-userdata.nix ++ [ + ./hardware-configuration.nix + (modulesPath + "/installer/scan/not-detected.nix") + ./gitea.nix + ./nginx.nix + ./minio.nix + # ./coturn.nix + ./disk-config.nix + # ./mail.nix + ]; + + + boot = { + loader.grub.enable = true; + # loader.grub.device = "/dev/sda"; + }; + + services.openssh = { + enable = true; + passwordAuthentication = false; + ports = [5522]; + }; + + users.users.root.openssh.authorizedKeys.keys = + [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+qXhCHNrSZmy4HEXaFn6xAp1w2GzQBMOfVdbR3E81Q cloudboxes" ]; + + services.do-agent.enable = true; + networking = { + firewall.enable = false; + networkmanager.enable = true; + hostName = "sortug"; # use Digital Ocean metadata server + useDHCP = false; + interfaces.enp3s0.ipv4.addresses = [ + {address = "209.182.234.186"; prefixLength = 24;} + ]; + interfaces.enp3s0.ipv6.addresses = [ + {address = "2602:ff16:14:0:1:f7:0:1"; prefixLength = 64;} + ]; + defaultGateway = { + address = "209.182.234.1"; + interface = "enp3s0"; + }; + defaultGateway6 = { + address = "2602:ff16:14::1"; + interface = "enp3s0"; + }; + nameservers = [ + "8.8.8.8" + "8.8.4.4" + "2001:4860:4860::8888" + "2001:4860:4860::8844" + ]; + }; + + # curl https://raw.githubusercontent.com/elitak/nixos-infect/master/nixos-infect | NIX_CHANNEL=nixos-23.11 bash -x + + services.resolved = { + enable = true; + domains = + [ "2001:4860:4860::8888" "2001:4860:4860::8844" ]; + }; + + # networking.firewall = { + # enable = true; + # allowedTCPPorts = [ 40308 80 443 53 51820 5522 ]; + # allowedUDPPorts = [ 40308 80 443 53 51820 5522 + # 50000 + # 50001 + # 50002 + # 50003 + # 50004 + # 50005 + # 50006 + # 50007 + # 50008 + # 50009 + # 50010 + # ]; + # }; + services.ntfy-sh = { + enable = true; + settings = { + base-url = "https://ntfy.sortug.com"; + listen-http = ":8099"; + }; + }; + system.stateVersion = "24.05"; # Did you read the comment? +} diff --git a/hosts/cloud/sortug/coturn.nix b/hosts/cloud/sortug/coturn.nix new file mode 100644 index 0000000..aaf097c --- /dev/null +++ b/hosts/cloud/sortug/coturn.nix @@ -0,0 +1,60 @@ +{ ... }: + +{ + services.coturn = { + enable = true; + lt-cred-mech = true; + # use-auth-secret = true; + # static-auth-secret = "GHhc4i7Hwto0KxoDgNioYgWgkc1iLbEE8t45G6voTzD07vKvFsK6R4b8kShVZEhC"; + realm = "turn.sortug.com"; + # relay-ips = [ + # "<public-server-ip>" + # ]; + # no-tcp-relay = true; + extraConfig = " + cipher-list=\"HIGH\" + no-loopback-peers + no-multicast-peers + "; + # secure-stun = true; + cert = "/var/lib/acme/turn.sortug.com/fullchain.pem"; + pkey = "/var/lib/acme/turn.sortug.com/key.pem"; + min-port = 49152; + max-port = 49999; + }; + + # Open ports in the firewall. + networking.firewall = { + enable = true; + allowPing = false; + allowedTCPPorts = [ + 5349 # STUN tls + 5350 # STUN tls alt + 80 # http + 443 # https + ]; + allowedUDPPortRanges = [ + { from=49152; to=49999; } # TURN relay + ]; + }; + + # setup certs + services.nginx = { + enable = true; + virtualHosts = { + "turn.sortug.com" = { + forceSSL = true; + enableACME = true; + }; + }; + }; + users.groups.turnserver.members = ["nginx" "coturn"]; + + # share certs with coturn and restart on renewal + security.acme.certs = { + "turn.sortug.com" = { + postRun = "systemctl reload nginx.service; systemctl restart coturn.service"; + }; + }; +} + diff --git a/hosts/cloud/sortug/default.nix b/hosts/cloud/sortug/default.nix new file mode 100644 index 0000000..0307c7b --- /dev/null +++ b/hosts/cloud/sortug/default.nix @@ -0,0 +1,3 @@ +inputs: [ + ./configuration.nix +] diff --git a/hosts/cloud/sortug/disk-config.nix b/hosts/cloud/sortug/disk-config.nix new file mode 100644 index 0000000..75ae234 --- /dev/null +++ b/hosts/cloud/sortug/disk-config.nix @@ -0,0 +1,56 @@ +# Example to create a bios compatible gpt partition +{ lib, ... }: +{ + disko.devices = { + disk.disk1 = { + device = lib.mkDefault "/dev/sda"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + boot = { + name = "boot"; + size = "1M"; + type = "EF02"; + }; + esp = { + name = "ESP"; + size = "500M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + }; + root = { + name = "root"; + size = "100%"; + content = { + type = "lvm_pv"; + vg = "pool"; + }; + }; + }; + }; + }; + lvm_vg = { + pool = { + type = "lvm_vg"; + lvs = { + root = { + size = "100%FREE"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + mountOptions = [ + "defaults" + ]; + }; + }; + }; + }; + }; + }; +} diff --git a/hosts/cloud/sortug/fetch/configuration.nix b/hosts/cloud/sortug/fetch/configuration.nix new file mode 100644 index 0000000..11b56bc --- /dev/null +++ b/hosts/cloud/sortug/fetch/configuration.nix @@ -0,0 +1,126 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page, on +# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). + +{ config, lib, pkgs, ... }: + +{ + imports = + [ # Include the results of the hardware scan. + ./hardware-configuration.nix + ]; + + # Use the GRUB 2 boot loader. + boot.loader.grub.enable = true; + # boot.loader.grub.efiSupport = true; + # boot.loader.grub.efiInstallAsRemovable = true; + # boot.loader.efi.efiSysMountPoint = "/boot/efi"; + # Define on which hard drive you want to install Grub. + # boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only + + # networking.hostName = "nixos"; # Define your hostname. + # Pick only one of the below networking options. + # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + # networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. + + # Set your time zone. + # time.timeZone = "Europe/Amsterdam"; + + # Configure network proxy if necessary + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + # Select internationalisation properties. + # i18n.defaultLocale = "en_US.UTF-8"; + # console = { + # font = "Lat2-Terminus16"; + # keyMap = "us"; + # useXkbConfig = true; # use xkb.options in tty. + # }; + + # Enable the X11 windowing system. + # services.xserver.enable = true; + + + + + # Configure keymap in X11 + # services.xserver.xkb.layout = "us"; + # services.xserver.xkb.options = "eurosign:e,caps:escape"; + + # Enable CUPS to print documents. + # services.printing.enable = true; + + # Enable sound. + # hardware.pulseaudio.enable = true; + # OR + # services.pipewire = { + # enable = true; + # pulse.enable = true; + # }; + + # Enable touchpad support (enabled default in most desktopManager). + # services.xserver.libinput.enable = true; + + # Define a user account. Don't forget to set a password with ‘passwd’. + # users.users.alice = { + # isNormalUser = true; + # extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. + # packages = with pkgs; [ + # firefox + # tree + # ]; + # }; + + # List packages installed in system profile. To search, run: + # $ nix search wget + # environment.systemPackages = with pkgs; [ + # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. + # wget + # ]; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + # programs.gnupg.agent = { + # enable = true; + # enableSSHSupport = true; + # }; + + # List services that you want to enable: + + # Enable the OpenSSH daemon. + # services.openssh.enable = true; + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + # Copy the NixOS configuration file and link it from the resulting system + # (/run/current-system/configuration.nix). This is useful in case you + # accidentally delete configuration.nix. + # system.copySystemConfiguration = true; + + # This option defines the first version of NixOS you have installed on this particular machine, + # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. + # + # Most users should NEVER change this value after the initial install, for any reason, + # even if you've upgraded your system to a new NixOS release. + # + # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, + # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how + # to actually do that. + # + # This value being lower than the current NixOS release does NOT mean your system is + # out of date, out of support, or vulnerable. + # + # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, + # and migrated your data accordingly. + # + # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . + system.stateVersion = "24.05"; # Did you read the comment? + +} + diff --git a/hosts/cloud/sortug/fetch/hardware-configuration.nix b/hosts/cloud/sortug/fetch/hardware-configuration.nix new file mode 100644 index 0000000..119faaf --- /dev/null +++ b/hosts/cloud/sortug/fetch/hardware-configuration.nix @@ -0,0 +1,24 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "virtio_scsi" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp3s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +} diff --git a/hosts/cloud/sortug/gitea.nix b/hosts/cloud/sortug/gitea.nix new file mode 100644 index 0000000..a25773a --- /dev/null +++ b/hosts/cloud/sortug/gitea.nix @@ -0,0 +1,27 @@ +{ config, ...}: +{ + services.gitea = { + enable = true; + user = "git"; + appName = "Sortug Git"; + settings.server = { + domain = "git.sortug.com"; + ROOT_URL = "https://git.sortug.com/"; + SSH_PORT = 5522; + }; + lfs.enable = true; + }; + + users.users = { + git = { + description = "Gitea Service"; + home = "/var/lib/gitea"; + useDefaultShell = true; + group = "gitea"; + isSystemUser = true; + }; + }; + + + +} diff --git a/hosts/cloud/sortug/hardware-configuration.nix b/hosts/cloud/sortug/hardware-configuration.nix new file mode 100644 index 0000000..f219647 --- /dev/null +++ b/hosts/cloud/sortug/hardware-configuration.nix @@ -0,0 +1,17 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "virtio_scsi" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +} diff --git a/hosts/cloud/sortug/hardware2.nix b/hosts/cloud/sortug/hardware2.nix new file mode 100644 index 0000000..beece7b --- /dev/null +++ b/hosts/cloud/sortug/hardware2.nix @@ -0,0 +1,29 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "virtio_scsi" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + swapDevices = []; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/bb9bdf23-2368-4452-988d-8b82e64b7fc4"; + fsType = "ext4"; + }; + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp3s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +} diff --git a/hosts/cloud/sortug/legacy.nix b/hosts/cloud/sortug/legacy.nix new file mode 100644 index 0000000..98348ee --- /dev/null +++ b/hosts/cloud/sortug/legacy.nix @@ -0,0 +1,40 @@ +{ + disko.devices = { + disk = { + vdb = { + device = "/dev/sda"; + type = "disk"; + content = { + type = "table"; + format = "gpt"; + partitions = [ + { + name = "ESP"; + start = "1M"; + end = "500M"; + bootable = true; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + } + { + name = "root"; + start = "500M"; + end = "100%"; + part-type = "primary"; + bootable = true; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + }; + } + ]; + }; + }; + }; + }; +} + diff --git a/hosts/cloud/sortug/minio.nix b/hosts/cloud/sortug/minio.nix new file mode 100644 index 0000000..13a5ff5 --- /dev/null +++ b/hosts/cloud/sortug/minio.nix @@ -0,0 +1,9 @@ +{...}: { + + services.minio = { + enable = true; + listenAddress = "127.0.0.1:9000"; + consoleAddress = "127.0.0.1:9001"; + rootCredentialsFile = /etc/nixos/minio-creds; + }; +} diff --git a/hosts/cloud/sortug/nginx.nix b/hosts/cloud/sortug/nginx.nix new file mode 100644 index 0000000..a3e5a85 --- /dev/null +++ b/hosts/cloud/sortug/nginx.nix @@ -0,0 +1,124 @@ +{ ... }: { + + security.acme.acceptTerms = true; + security.acme.defaults.email = "security@sortug.com"; + services.nginx = { + enable = true; + virtualHosts."sortug.com" = { + enableACME = true; + forceSSL = true; + root = "/var/www/sortug"; + # root = "/home/y/www"; + }; + virtualHosts."cal.sortug.com" = { + enableACME = true; + forceSSL = true; + root = "/var/www/sorcal"; + # root = "/home/y/www"; + }; + virtualHosts."git.sortug.com" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:3000"; + proxyWebsockets = true; # needed if you need to use WebSocket + }; + }; + virtualHosts."u.sortug.com" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:8082"; + proxyWebsockets = true; # needed if you need to use WebSocket + }; + }; + virtualHosts."p.sortug.com" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:8083"; + # proxyWebsockets = true; # needed if you need to use WebSocket + extraConfig = '' + proxy_set_header Host $host; + proxy_set_header Forwarded $proxy_add_x_forwarded_for; + ''; + }; + extraConfig = '' + proxy_http_version 1.1; + chunked_transfer_encoding off; + proxy_buffering off; + proxy_cache off; + ''; + }; + virtualHosts."ntfy.sortug.com" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:8099"; + proxyWebsockets = true; # needed if you need to use WebSocket + extraConfig = '' + proxy_set_header Host $host; + proxy_set_header Forwarded $proxy_add_x_forwarded_for; + ''; + }; + extraConfig = '' + proxy_http_version 1.1; + chunked_transfer_encoding off; + proxy_buffering off; + proxy_cache off; + ''; + }; + virtualHosts."ustj.sortug.com" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:8085"; + # proxyWebsockets = true; # needed if you need to use WebSocket + extraConfig = '' + proxy_set_header Host $host; + proxy_set_header Forwarded $proxy_add_x_forwarded_for; + ''; + }; + extraConfig = '' + proxy_http_version 1.1; + chunked_transfer_encoding off; + proxy_buffering off; + proxy_cache off; + ''; + }; + virtualHosts."s3.sortug.com" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:9000"; + proxyWebsockets = true; # needed if you need to use WebSocket + extraConfig = '' + proxy_set_header Host $Host; + ''; + # actually important + }; + }; + virtualHosts."s3c.sortug.com" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:9001"; + proxyWebsockets = true; # needed if you need to use WebSocket + extraConfig = '' + proxy_set_header Host $Host; + ''; + }; + }; + # proxy_http_version 1.1; + # proxy_set_header Upgrade $http_upgrade; + # proxy_set_header Connection "Upgrade"; + virtualHosts."urbit.s3.sortug.com" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:9000"; + proxyWebsockets = true; # needed if you need to use WebSocket + }; + }; + }; +} diff --git a/hosts/cloud/sortug/packages.nix b/hosts/cloud/sortug/packages.nix new file mode 100644 index 0000000..6985acb --- /dev/null +++ b/hosts/cloud/sortug/packages.nix @@ -0,0 +1,53 @@ +{ config, pkgs, ... }: + +{ + nixpkgs.config = { + allowUnfree = true; + }; + + environment.systemPackages = with pkgs; [ + neovim + fish + # unix utilities + tmux + bat # cat replacement written in Rust + colordiff + direnv # Per-directory environment variables + lsd + fd # find replacement written in Rust + fzf # Fuzzy finder + git + glibcLocales + gnumake + htop # Resource monitoring + jq # JSON parsing for the CLI + lsof + ripgrep # grep replacement written in Rust + sd # Fancy sed replacement + silver-searcher + skim # High-powered fuzzy finder written in Rust + strace # debug stack trace + tealdeer # tldr for various shell tools + testdisk + tokei # Handy tool to see lines of code by language + watchexec # Fileystem watcher/executor useful for speedy development + xsv # CSV file parsing utility + just # Intriguing new make replacement + mdcat # Markdown converter/reader for the CLI + tree + unzip + zip + + # networking + curl + caddy # simple web server made with go + innernet + + # s3 + minio + # databases + # postgresql + # sqlite + ]; +} + diff --git a/hosts/cloud/sortug/users.nix b/hosts/cloud/sortug/users.nix new file mode 100644 index 0000000..b3515c1 --- /dev/null +++ b/hosts/cloud/sortug/users.nix @@ -0,0 +1,56 @@ +{ config, pkgs, ... }: + + +let shellAliases = { + l = "lsd -lAh"; + la = "lsd -lAh"; + ports = "sudo lsof -i -P -n | grep LISTEN"; + gco = "git checkout"; + gcob = "git checkout -b"; +}; + +in { + programs.fish = { + inherit shellAliases; + enable = true; +# plugins = [{ +# name="foreign-env"; +# src = pkgs.fetchFromGitHub { +# owner = "oh-my-fish"; +# repo = "plugin-foreign-env"; +# rev = "dddd9213272a0ab848d474d0cbde12ad034e65bc"; +# sha256 = "00xqlyl3lffc5l0viin1nyp819wf81fncqyz87jx8ljjdhilmgbs"; +# }; +# }]; +}; + + users = { + extraUsers = { + y = { + group = "users"; + isNormalUser = true; + extraGroups = [ + "systemd-journal" + "wheel" + ]; + createHome = true; + home = "/home/y"; + isSystemUser = false; + shell = pkgs.fish; + openssh.authorizedKeys.keys = + [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+qXhCHNrSZmy4HEXaFn6xAp1w2GzQBMOfVdbR3E81Q cloudboxes" ]; + }; +# urbit = { +# group = "users"; +# isNormalUser = true; +# createHome = true; +# isSystemUser = false; +# openssh.authorizedKeys.keys = +# [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC/VzXbaX1CLqQfPCkRdMHzAKsbS//2B0qlw3ROnR74tgl7jrBP2qeYhydcNECqC5WWO+KLZrbOWdVLATLW6z6oLlMx6E6WCfRVx/F7coMd/FBYqHwJ2Z1PbG0YSjWH07GyVYU2Nc9HfW459aXpGQ2LlTjYP14i7DqvSesCIkfbPfHzwAkyDxj4oIMXS3LMQlh4u69YKoXS/LPU+1Qv+bT5alRc2Uw+/9/q1IfDDxIiKqt3EVNEM6p5QssXtlFhk0+7zXRApWbpYLbjAVHDHbFoPAXeKLQvpgnz1K84fOGNlXj9nISYfDba8NVWQbetKnVxmQNDUKk3jOcBFmjgHvYv pkova@Pyrys-MacBook-Pro.local" ]; +# }; + }; + }; +} + + + |