From 360d35308d28bd11eff654d6bfec8805708f43a2 Mon Sep 17 00:00:00 2001 From: Matthieu Morin Date: Sun, 9 Jun 2024 15:53:08 +0000 Subject: [PATCH] Scan all core, add sudo 2h limit --- systems/common/core/default.nix | 41 ++++++++++----------------------- 1 file changed, 12 insertions(+), 29 deletions(-) diff --git a/systems/common/core/default.nix b/systems/common/core/default.nix index b88aac0..62f9fea 100644 --- a/systems/common/core/default.nix +++ b/systems/common/core/default.nix @@ -1,29 +1,7 @@ # This file (and the global directory) holds config that i use on all hosts -{ - inputs, - outputs, - ... -}: { - imports = - [ - inputs.home-manager.nixosModules.home-manager - ./acme.nix - ./auto-upgrade.nix - ./fish.nix - ./locale.nix - ./nix.nix - ./openssh.nix - ./optin-persistence.nix - ./podman.nix - ./sops.nix - ./ssh-serve-store.nix - ./steam-hardware.nix - ./systemd-initrd.nix - ./tailscale.nix - ./gamemode.nix - ./nix-ld.nix - ./prometheus-node-exporter.nix - ] +{ inputs, outputs, configLib, ... }: { + imports = (configLib.scanPaths ./.) + ++ [ inputs.home-manager.nixosModules.home-manager ] ++ (builtins.attrValues outputs.nixosModules); home-manager.extraSpecialArgs = { @@ -31,10 +9,9 @@ }; nixpkgs = { + # you can add global overlays here overlays = builtins.attrValues outputs.overlays; - config = { - allowUnfree = true; - }; + config.allowUnfree = true; }; # Fix for qt6 plugins @@ -44,7 +21,13 @@ }; hardware.enableRedistributableFirmware = true; - networking.domain = "m7.rs"; + networking.domain = "mattmor.in"; + + security.sudo.extraConfig = '' + Defaults timestamp_timeout=120 # only ask for password every 2h + # Keep SSH_AUTH_SOCK so that pam_ssh_agent_auth.so can do its magic. + # Defaults env_keep + =SSH_AUTH_SOCK + ''; # Increase open file limit for sudoers security.pam.loginLimits = [