Factorise other configuration options #22

Manually merged
Niols merged 6 commits from factorise-other-config into main 2024-11-21 12:08:16 +01:00
Owner

This PR builds on top of #21; it factorises the other options that are in common between all configurations.

This PR builds on top of #21; it factorises the other options that are in common between all configurations.
Niols added 8 commits 2024-11-20 17:44:53 +01:00
fricklerhandwerk approved these changes 2024-11-20 23:21:04 +01:00
@ -7,0 +16,4 @@
system.stateVersion = "24.05"; # do not change
nixpkgs.hostPlatform = mkDefault "x86_64-linux";
## REVIEW: Do we actually need this?

yes because then you can ditch passwords entirely. you already have authorization when getting logged in over SSH, why would you type random strings into your keyboard again?

yes because then you can ditch passwords entirely. you already *have* authorization when getting logged in over SSH, why would you type random strings into your keyboard *again*?
Author
Owner

I was wondering what security specialists thought about this. @koen said on Matrix that they very much dislike direct root SSH, but they were fine with password-less sudo, so let's keep this option then.

I was wondering what security specialists thought about this. @koen said on Matrix that they very much dislike direct `root` SSH, but they were fine with password-less sudo, so let's keep this option then.
Niols marked this conversation as resolved
@ -7,0 +21,4 @@
nix.settings.trusted-users = [ "@wheel" ];
environment.systemPackages = with pkgs; [

my rant won't fix it, so this is not a change request, but for the record: everyone should just bring their own tools to the server via ssh, there's technically no need to clutter the config with some random preferences that will never age well.

there's a thing called sshrc that demonstrates the principle, but these days with Nix you can have your exact favorite environment, defined locally on each remote login via SSH. to my surprise, no one seems to have thought it through to write the handful lines of bash and Nix required for that, but in my humble opinion this is how it should be done.

my rant won't fix it, so this is not a change request, but for the record: everyone should just bring their own tools to the server via ssh, there's *technically* no need to clutter the config with some random preferences that will never age well. there's a thing called [sshrc](https://github.com/danrabinowitz/sshrc/blob/master/sshrc) that demonstrates the principle, but these days with Nix you can have *your exact favorite environment, defined locally* on each remote login via SSH. to my surprise, no one seems to have thought it through to write the handful lines of bash and Nix required for that, but in my humble opinion this is how it should be done.
Author
Owner

I very much agree with all this, and I was not happy copying these packages, but I decided that it was easier to just refactor, and to discuss this later. I have started keeping track of this discussion in #25.

I very much agree with all this, and I was not happy copying these packages, but I decided that it was easier to just refactor, and to discuss this later. I have started keeping track of this discussion in https://git.fediversity.eu/Fediversity/Fediversity/issues/25.
@ -1,5 +1,3 @@
{ lib, ... }:

I recommend keeping

{ ... }:

so it's clear at first glance that it's a module.

I recommend keeping ```nix { ... }: ``` so it's clear at first glance that it's a module.
Niols marked this conversation as resolved
Niols changed target branch from factorise-hardware-config to main 2024-11-21 11:58:53 +01:00
Niols force-pushed factorise-other-config from 37b1cc01c4 to fca563a987 2024-11-21 12:07:17 +01:00 Compare
Niols manually merged commit d2638845d0 into main 2024-11-21 12:08:16 +01:00
Sign in to join this conversation.
No reviewers
No milestone
No project
No assignees
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: Fediversity/Fediversity#22
No description provided.