127 lines
2.6 KiB
Nix
127 lines
2.6 KiB
Nix
{
|
|
config,
|
|
inputs,
|
|
pkgs,
|
|
agenix,
|
|
hostname,
|
|
user,
|
|
...
|
|
}: let
|
|
keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOk8iAnIaa1deoc7jw8YACPNVka1ZFJxhnU4G74TmS+p"];
|
|
in {
|
|
imports = [
|
|
../../../profiles/base
|
|
../../../profiles/nixos
|
|
agenix.nixosModules.default
|
|
];
|
|
|
|
boot = {
|
|
loader = {
|
|
systemd-boot = {
|
|
enable = true;
|
|
configurationLimit = 42;
|
|
};
|
|
efi.canTouchEfiVariables = true;
|
|
};
|
|
initrd.availableKernelModules = [
|
|
"xhci_pci"
|
|
"ahci"
|
|
"nvme"
|
|
"usbhid"
|
|
"usb_storage"
|
|
"sd_mod"
|
|
];
|
|
kernelPackages = pkgs.linuxPackages_latest;
|
|
};
|
|
|
|
time.timeZone = "UTC";
|
|
|
|
networking = {
|
|
hostName = hostname;
|
|
useDHCP = false;
|
|
interfaces."%INTERFACE%".useDHCP = true;
|
|
};
|
|
|
|
nix.nixPath = ["nixos-config=/home/${user}/.local/share/src/nixos-config:/etc/nixos"];
|
|
|
|
programs = {
|
|
gnupg.agent.enable = true;
|
|
fish.enable = true;
|
|
};
|
|
|
|
services = {
|
|
openssh = {
|
|
enable = true;
|
|
settings = {
|
|
PermitRootLogin = "yes";
|
|
PasswordAuthentication = false;
|
|
};
|
|
};
|
|
syncthing = {
|
|
enable = true;
|
|
openDefaultPorts = true;
|
|
dataDir = "/home/${user}/.local/share/syncthing";
|
|
configDir = "/home/${user}/.config/syncthing";
|
|
user = "${user}";
|
|
group = "users";
|
|
guiAddress = "127.0.0.1:8384";
|
|
overrideFolders = true;
|
|
overrideDevices = true;
|
|
|
|
settings = {
|
|
devices = {};
|
|
options.globalAnnounceEnabled = false; # Only sync on LAN
|
|
};
|
|
};
|
|
};
|
|
|
|
# Enable CUPS to print documents
|
|
# services.printing.enable = true;
|
|
# services.printing.drivers = [ pkgs.brlaser ]; # Brother printer driver
|
|
|
|
# Crypto wallet support
|
|
hardware.ledger.enable = true;
|
|
|
|
# Add docker daemon
|
|
virtualisation.docker.enable = true;
|
|
virtualisation.docker.logDriver = "json-file";
|
|
|
|
# Additional user config beyond what's in profiles/nixos
|
|
users.users = {
|
|
${user} = {
|
|
extraGroups = [
|
|
"docker"
|
|
];
|
|
openssh.authorizedKeys.keys = keys;
|
|
};
|
|
|
|
root = {
|
|
openssh.authorizedKeys.keys = keys;
|
|
};
|
|
};
|
|
|
|
# Don't require password for users in `wheel` group for these commands
|
|
security.sudo = {
|
|
enable = true;
|
|
extraRules = [
|
|
{
|
|
commands = [
|
|
{
|
|
command = "${pkgs.systemd}/bin/reboot";
|
|
options = ["NOPASSWD"];
|
|
}
|
|
];
|
|
groups = ["wheel"];
|
|
}
|
|
];
|
|
};
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
agenix.packages."${pkgs.system}".default # "x86_64-linux"
|
|
gitAndTools.gitFull
|
|
inetutils
|
|
];
|
|
|
|
system.stateVersion = "21.05"; # Don't change this
|
|
}
|