148 lines
2.9 KiB
Nix
148 lines
2.9 KiB
Nix
{ inputs, config, pkgs, ... }:
|
|
|
|
{
|
|
imports =
|
|
[
|
|
./hardware-configuration.nix
|
|
inputs.home-manager.nixosModules.home-manager
|
|
./modules/nix
|
|
];
|
|
|
|
nix.settings.experimental-features = [ "nix-command" "flakes" ];
|
|
|
|
boot.loader.grub.enable = true;
|
|
boot.loader.grub.device = "/dev/sdb";
|
|
|
|
networking.hostName = "srv-sin";
|
|
networking.networkmanager.enable = true;
|
|
|
|
time.timeZone = "Europe/Paris";
|
|
|
|
i18n.defaultLocale = "en_US.UTF-8";
|
|
|
|
i18n.extraLocaleSettings = {
|
|
LC_ADDRESS = "fr_FR.UTF-8";
|
|
LC_IDENTIFICATION = "fr_FR.UTF-8";
|
|
LC_MEASUREMENT = "fr_FR.UTF-8";
|
|
LC_MONETARY = "fr_FR.UTF-8";
|
|
LC_NAME = "fr_FR.UTF-8";
|
|
LC_NUMERIC = "fr_FR.UTF-8";
|
|
LC_PAPER = "fr_FR.UTF-8";
|
|
LC_TELEPHONE = "fr_FR.UTF-8";
|
|
LC_TIME = "fr_FR.UTF-8";
|
|
};
|
|
|
|
services.xserver.xkb = {
|
|
layout = "fr";
|
|
variant = "azerty";
|
|
};
|
|
|
|
console.keyMap = "fr";
|
|
|
|
programs.nh = {
|
|
enable = true;
|
|
clean = {
|
|
enable = true;
|
|
extraArgs = "--keep 10";
|
|
dates = "hourly";
|
|
};
|
|
flake = "/home/baptiste/srv-sin";
|
|
};
|
|
|
|
security.sudo.wheelNeedsPassword = false;
|
|
|
|
users.users.baptiste = {
|
|
isNormalUser = true;
|
|
description = "server1";
|
|
extraGroups = [ "networkmanager" "wheel" ];
|
|
};
|
|
|
|
home-manager = {
|
|
extraSpecialArgs = { inherit inputs; };
|
|
users = {
|
|
baptiste = import ./home.nix;
|
|
};
|
|
};
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
vim
|
|
git
|
|
wget
|
|
tldr
|
|
tree
|
|
dig
|
|
btop
|
|
file
|
|
fastfetch
|
|
lf
|
|
tshark
|
|
nixfmt
|
|
usbutils
|
|
unzip
|
|
nixfmt-tree
|
|
fzf
|
|
nmap
|
|
];
|
|
programs.fzf.keybindings = true;
|
|
|
|
programs.zsh.enable = true;
|
|
users.defaultUserShell = pkgs.zsh;
|
|
|
|
services.openssh = {
|
|
enable = true;
|
|
ports = [ 22 ];
|
|
settings = {
|
|
PasswordAuthentication = true;
|
|
AllowUsers = null;
|
|
UseDns = true;
|
|
X11Forwarding = false;
|
|
PermitRootLogin = "prohibit-password";
|
|
};
|
|
};
|
|
|
|
system.stateVersion = "25.05";
|
|
|
|
systemd.timers."scan" = {
|
|
wantedBy = [ "timers.target" ];
|
|
timerConfig = {
|
|
OnBootSec = "5m";
|
|
OnCalendar = "*:0/5";
|
|
Unit = "scan.service";
|
|
};
|
|
};
|
|
|
|
systemd.services."scan" = {
|
|
script = ''
|
|
/run/current-system/sw/bin/nmap -sn 192.168.1.0/24 \
|
|
| /run/current-system/sw/bin/awk '
|
|
/Nmap scan report for/ {
|
|
if (match($0, /\(([^)]+)\)/)) {
|
|
ip = substr($0, RSTART+1, RLENGTH-2)
|
|
host = $5
|
|
} else {
|
|
ip = $NF
|
|
host = ""
|
|
}
|
|
}
|
|
/MAC Address:/ {
|
|
mac = $3
|
|
vendor = $0
|
|
sub(/^.*\(/, "", vendor)
|
|
sub(/\).*$/, "", vendor)
|
|
|
|
print ip "," host "," vendor "," mac
|
|
}
|
|
' > "/data/nmap/$(date +%F_%H-%M-%S)-nmap.csv"
|
|
'';
|
|
serviceConfig = {
|
|
Type = "oneshot";
|
|
User = "root";
|
|
};
|
|
};
|
|
|
|
systemd.tmpfiles.rules = [
|
|
"d /data 777 root root"
|
|
"d /data/nmap 777 root root"
|
|
];
|
|
}
|