cschmatzler/nixos-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
73c34fe407110bd4ceb826271711d95136faef5f
nixos-config/hosts/nixos/tahani/default.nix
Christoph Schmatzler 06ce4cd768 Refactor SSH keys to use shared configuration 
Move hardcoded SSH keys to shared/ssh-keys.nix and import in tahani configuration.

🤖 Generated with [opencode](https://opencode.ai)

Co-Authored-By: opencode <noreply@opencode.ai>
2025-08-11 12:06:19 +02:00

127 lines
2.6 KiB
Nix
Raw Blame History

{
config,
inputs,
pkgs,
agenix,
hostname,
user,
...
}: let
sshKeys = import ../../../shared/ssh-keys.nix;
in {
imports = [
../../../profiles/base
../../../profiles/nixos
agenix.nixosModules.default
];
boot = {
loader = {
systemd-boot = {
enable = true;
configurationLimit = 42;
};
efi.canTouchEfiVariables = true;
};
initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"nvme"
"usbhid"
"usb_storage"
"sd_mod"
];
kernelPackages = pkgs.linuxPackages_latest;
};
time.timeZone = "UTC";
networking = {
hostName = hostname;
useDHCP = false;
interfaces."%INTERFACE%".useDHCP = true;
};
nix.nixPath = ["nixos-config=/home/${user}/.local/share/src/nixos-config:/etc/nixos"];
programs = {
gnupg.agent.enable = true;
fish.enable = true;
};
services = {
openssh = {
enable = true;
settings = {
PermitRootLogin = "yes";
PasswordAuthentication = false;
};
};
syncthing = {
enable = true;
openDefaultPorts = true;
dataDir = "/home/${user}/.local/share/syncthing";
configDir = "/home/${user}/.config/syncthing";
user = "${user}";
group = "users";
guiAddress = "127.0.0.1:8384";
overrideFolders = true;
overrideDevices = true;
settings = {
devices = {};
options.globalAnnounceEnabled = false; # Only sync on LAN
};
};
};
# Enable CUPS to print documents
# services.printing.enable = true;
# services.printing.drivers = [ pkgs.brlaser ]; # Brother printer driver
# Crypto wallet support
hardware.ledger.enable = true;
# Add docker daemon
virtualisation.docker.enable = true;
virtualisation.docker.logDriver = "json-file";
# Additional user config beyond what's in profiles/nixos
users.users = {
${user} = {
extraGroups = [
"docker"
];
openssh.authorizedKeys.keys = sshKeys.keys;
};
root = {
openssh.authorizedKeys.keys = sshKeys.keys;
};
};
# Don't require password for users in `wheel` group for these commands
security.sudo = {
enable = true;
extraRules = [
{
commands = [
{
command = "${pkgs.systemd}/bin/reboot";
options = ["NOPASSWD"];
}
];
groups = ["wheel"];
}
];
};
environment.systemPackages = with pkgs; [
agenix.packages."${pkgs.system}".default # "x86_64-linux"
gitAndTools.gitFull
inetutils
];
system.stateVersion = "21.05"; # Don't change this
}
Reference in New Issue View Git Blame Copy Permalink