diff --git a/secrets b/secrets index 236a335..3f3a8d1 160000 --- a/secrets +++ b/secrets @@ -1 +1 @@ -Subproject commit 236a3353a7c109546e9c4a2b6b3e10c8dca444a7 +Subproject commit 3f3a8d13343010d19bbf74aee8ff22f6d3cd4caf diff --git a/systems/ful/configuration.nix b/systems/ful/configuration.nix index 6448e58..7b72c01 100644 --- a/systems/ful/configuration.nix +++ b/systems/ful/configuration.nix @@ -15,6 +15,7 @@ in { ./go-webring.nix ./gemini.nix ./wallabag.nix + ./nethack.nix ../../configs/monitoring.nix ../../configs/mycelium.nix ../../configs/tor.nix diff --git a/systems/ful/nethack.nix b/systems/ful/nethack.nix new file mode 100644 index 0000000..a1b8487 --- /dev/null +++ b/systems/ful/nethack.nix @@ -0,0 +1,60 @@ +{ + networking.firewall.allowedTCPPorts = [ 22 ]; + + containers.nethack = { + autoStart = true; + + forwardPorts = [ + { + containerPort = 22; + hostPort = 22; + } + ]; + + config = + { pkgs, ... }: + { + system.stateVersion = "25.11"; + + networking.hostName = "nethack"; + services.openssh.enable = true; + + environment.systemPackages = [ pkgs.nethack ]; + + programs.tmux.enable = true; + programs.tmux.extraConfig = '' + set -g mouse on + set -g allow-rename off + set -g detach-on-destroy off + + unbind-key C-b + set -g prefix None + ''; + + users.users.nethack = { + isNormalUser = true; + home = "/home/nethack"; + createHome = true; + shell = pkgs.bash; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAA...yourkey" + "ssh-ed25519 AAAA...friendkey" + ]; + }; + + services.openssh.settings = { + PasswordAuthentication = false; + PermitRootLogin = "no"; + }; + + services.openssh.extraConfig = '' + Match User nethack + ForceCommand ${pkgs.tmux}/bin/tmux attach -t nethack || \ + ${pkgs.tmux}/bin/tmux new -s nethack ${pkgs.nethack}/bin/nethack + AllowTcpForwarding no + X11Forwarding no + PermitTTY yes + ''; + }; + }; +}