up

2025-08-11 12:38:20 +02:00
parent 8b3e652b40
commit 9a797194d8
4 changed files with 75 additions and 138 deletions
--- a/profiles/darwin/default.nix
+++ b/profiles/darwin/default.nix
@@ -35,7 +35,6 @@
  };

  home-manager = {
-    useGlobalPkgs = true;
    users.${user} = {
      pkgs,
      config,
--- a/profiles/nixos/default.nix
+++ b/profiles/nixos/default.nix
@@ -2,32 +2,88 @@
  pkgs,
  nixvim,
  user,
+  agenix,
  ...
-}: {
+}: let
+  sshKeys = import ../../shared/ssh-keys.nix;
+in {
  imports = [
-    ./disks.nix
+    agenix.nixosModules.default
  ];

-  nix.gc = {
-    automatic = true;
-    dates = "weekly";
-    options = "--delete-older-than 30d";
+  time.timeZone = "UTC";
+
+  nix = {
+    gc = {
+      automatic = true;
+      dates = "weekly";
+      options = "--delete-older-than 30d";
+    };
+    nixPath = ["nixos-config=/home/${user}/.local/share/src/nixos-config:/etc/nixos"];
  };

-  users.users.${user} = {
-    isNormalUser = true;
-    home = "/home/${user}";
-    extraGroups = [
-      "wheel"
-      "sudo"
-      "network"
-      "systemd-journal"
-    ];
-    shell = pkgs.fish;
+  virtualisation.docker = {
+    enable = true;
+    logDriver = "json-file";
  };

+  programs = {
+    gnupg.agent.enable = true;
+    fish.enable = true;
+  };
+
+  services = {
+    openssh = {
+      enable = true;
+      settings = {
+        PermitRootLogin = "yes";
+        PasswordAuthentication = false;
+      };
+    };
+    tailscale.enable = true;
+  };
+
+  users.users = {
+    ${user} = {
+      isNormalUser = true;
+      home = "/home/${user}";
+      extraGroups = [
+        "wheel"
+        "sudo"
+        "network"
+        "systemd-journal"
+        "docker"
+      ];
+      shell = pkgs.fish;
+      openssh.authorizedKeys.keys = sshKeys.keys;
+    };
+
+    root = {
+      openssh.authorizedKeys.keys = sshKeys.keys;
+    };
+  };
+
+  security.sudo = {
+    enable = true;
+    extraRules = [
+      {
+        commands = [
+          {
+            command = "${pkgs.systemd}/bin/reboot";
+            options = ["NOPASSWD"];
+          }
+        ];
+        groups = ["wheel"];
+      }
+    ];
+  };
+
+  environment.systemPackages = with pkgs; [
+    agenix.packages."${pkgs.system}".default
+    inetutils
+  ];
+
  home-manager = {
-    useGlobalPkgs = true;
    users.${user} = {
      pkgs,
      config,
--- a/profiles/nixos/disks.nix
+++ b/profiles/nixos/disks.nix
@@ -1,33 +0,0 @@
-_: {
-  disko.devices = {
-    disk = {
-      main = {
-        device = "/dev/nvme0n1";
-        type = "disk";
-        content = {
-          type = "gpt";
-          partitions = {
-            ESP = {
-              type = "EF00";
-              size = "512M";
-              content = {
-                type = "filesystem";
-                format = "vfat";
-                mountpoint = "/boot";
-                mountOptions = [ "fmask=0022" "dmask=0022" ];
-              };
-            };
-            root = {
-              size = "100%";
-              content = {
-                type = "filesystem";
-                format = "ext4";
-                mountpoint = "/";
-              };
-            };
-          };
-        };
-      };
-    };
-  };
-}