nix-server/hosts/nixos-server-reid/default.nix

{ config, lib, pkgs, ... }:

{
  imports = [
    ./hardware.nix
    ./webapps/default.nix
  ];

  services.vscode-server.enable = true;

  normalUsers = {
    reidlab = {
      conf = {
        packages = with pkgs; [
          # archives
          zip xz unrar unzip p7zip zstd lrzip
          # utils
          ripgrep ripgrep-all jq libqalculate
          # nix
          nix-output-monitor nix-prefetch-scripts nix-top
          # system
          btop duf lm_sensors killall
          # debug
          strace ltrace lsof
          # misc
          bat file which
        ];
        extraGroups = [ "wheel" "dotfiles" ];
        openssh.authorizedKeys.keys = [
          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICmwWuwS+a1GzYFSNOkgk/zF5bolXqat1RP5FXJv+vto reidlab@rei-pc"
          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKC12NkyZAFNDHfq1ECh4uAgM4mpKfsQnL3XF/ZzSyCJ reidlab@rei-phone"
          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICwLg6iD9ylbJlxrmnCBI97CTGSBJaKELplZQ5PlVDfA pgp-laptop"
          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP2J6Vf9fLmiUVbIfaccCLWlO0zQ/xG/z7Mpeox/laX6 pgp-pc"
        ];
      };

      homeConf.home = {
        sessionVariables = {
          EDITOR = "micro";
        };
      };
    };
  };

  modules = {
    core = {
      # security
      security.useDoas = true;
    };
    services = {
      ssh.enable = true;
      ssh.enableMoshSupport = true;

      postgres.enable = true;
      mysql.enable = true;
    };
  };

  security.doas = {
    extraRules = [
      { users = [ "reidlab" ]; noPass = true; persist = false; keepEnv = true; }
    ];
  };
}