up
This commit is contained in:
Christoph Schmatzler
@@ -6,13 +6,10 @@
|
||||
hostname,
|
||||
user,
|
||||
...
|
||||
}: let
|
||||
sshKeys = import ../../../shared/ssh-keys.nix;
|
||||
in {
|
||||
}: {
|
||||
imports = [
|
||||
../../../profiles/base
|
||||
../../../profiles/nixos
|
||||
agenix.nixosModules.default
|
||||
];
|
||||
|
||||
boot = {
|
||||
@@ -34,93 +31,11 @@ in {
|
||||
kernelPackages = pkgs.linuxPackages_latest;
|
||||
};
|
||||
|
||||
time.timeZone = "UTC";
|
||||
|
||||
networking = {
|
||||
hostName = hostname;
|
||||
useDHCP = false;
|
||||
interfaces."%INTERFACE%".useDHCP = true;
|
||||
};
|
||||
|
||||
nix.nixPath = ["nixos-config=/home/${user}/.local/share/src/nixos-config:/etc/nixos"];
|
||||
|
||||
programs = {
|
||||
gnupg.agent.enable = true;
|
||||
fish.enable = true;
|
||||
};
|
||||
|
||||
services = {
|
||||
openssh = {
|
||||
enable = true;
|
||||
settings = {
|
||||
PermitRootLogin = "yes";
|
||||
PasswordAuthentication = false;
|
||||
};
|
||||
};
|
||||
syncthing = {
|
||||
enable = true;
|
||||
openDefaultPorts = true;
|
||||
dataDir = "/home/${user}/.local/share/syncthing";
|
||||
configDir = "/home/${user}/.config/syncthing";
|
||||
user = "${user}";
|
||||
group = "users";
|
||||
guiAddress = "127.0.0.1:8384";
|
||||
overrideFolders = true;
|
||||
overrideDevices = true;
|
||||
|
||||
settings = {
|
||||
devices = {};
|
||||
options.globalAnnounceEnabled = false; # Only sync on LAN
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
# Enable CUPS to print documents
|
||||
# services.printing.enable = true;
|
||||
# services.printing.drivers = [ pkgs.brlaser ]; # Brother printer driver
|
||||
|
||||
# Crypto wallet support
|
||||
hardware.ledger.enable = true;
|
||||
|
||||
# Add docker daemon
|
||||
virtualisation.docker.enable = true;
|
||||
virtualisation.docker.logDriver = "json-file";
|
||||
|
||||
# Additional user config beyond what's in profiles/nixos
|
||||
users.users = {
|
||||
${user} = {
|
||||
extraGroups = [
|
||||
"docker"
|
||||
];
|
||||
openssh.authorizedKeys.keys = sshKeys.keys;
|
||||
};
|
||||
|
||||
root = {
|
||||
openssh.authorizedKeys.keys = sshKeys.keys;
|
||||
};
|
||||
};
|
||||
|
||||
# Don't require password for users in `wheel` group for these commands
|
||||
security.sudo = {
|
||||
enable = true;
|
||||
extraRules = [
|
||||
{
|
||||
commands = [
|
||||
{
|
||||
command = "${pkgs.systemd}/bin/reboot";
|
||||
options = ["NOPASSWD"];
|
||||
}
|
||||
];
|
||||
groups = ["wheel"];
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
agenix.packages."${pkgs.system}".default # "x86_64-linux"
|
||||
gitAndTools.gitFull
|
||||
inetutils
|
||||
];
|
||||
|
||||
system.stateVersion = "21.05"; # Don't change this
|
||||
system.stateVersion = "21.05";
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user