harald/nixcfg
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

refactor and simplify

Browse source 
Signed-off-by: Harald Hoyer <harald@hoyer.xyz>
This commit is contained in:
Harald Hoyer 2024-03-06 15:36:02 +01:00
parent d0ad237493
commit 9a36e90cd4
6 changed files with 210 additions and 286 deletions
Download patch file Download diff file Expand all files Collapse all files

147
systems/x86_64-linux/x1/default.nix
View file

@ -2,11 +2,17 @@
with lib;
with lib.plusultra;
{
imports =
[
# Include the results of the hardware scan.
./hardware-configuration.nix
];
imports = [ ./hardware-configuration.nix ];
plusultra = {
base.enable = true;
gui.enable = true;
nix-ld.enable = true;
nix.enable = true;
nix.extra-substituters."https://nixsgx.cachix.org".key = "nixsgx.cachix.org-1:tGi36DlY2joNsIXOlGnSgWW0+E094V6hW0umQRo/KoE=";
podman.enable = true;
secureboot.enable = true;
};
system.autoUpgrade = {
enable = true;
@ -21,136 +27,5 @@ with lib.plusultra;
flake = "git+https://git.hoyer.xyz/harald/nixcfg#x1";
};
plusultra = {
gui.enable = true;
nix-ld.enable = true;
nix.enable = true;
nix.extra-substituters = {
"https://nixsgx.cachix.org".key = "nixsgx.cachix.org-1:tGi36DlY2joNsIXOlGnSgWW0+E094V6hW0umQRo/KoE=";
};
};
boot = {
lanzaboote = {
enable = true;
pkiBundle = "/etc/secureboot";
};
tmp.cleanOnBoot = true;
loader = {
systemd-boot.enable = false;
efi.canTouchEfiVariables = true;
timeout = 2;
};
initrd.systemd.enable = true;
kernelPackages = lib.mkOverride 0 pkgs.linuxPackages_latest;
};
# Configure console keymap
console.keyMap = "us";
i18n.extraLocaleSettings = {
LC_MESSAGES = "en_US.UTF-8";
LC_TIME = "de_DE.UTF-8";
};
environment = {
sessionVariables = { PATH = "$HOME/bin:$HOME/.cargo/bin"; };
systemPackages = with pkgs; [
age
bash
cachix
cifs-utils
clevis
delta
efibootmgr
git
git-delete-merged-branches
home-manager
htop
mosh
nixpkgs-fmt
openssl
restic
rrsync
sbctl
sops
strace
tmux
tpm2-pkcs11
tpm2-pkcs11.out
tpm2-tools
vim
virt-manager
wget
];
shells = [ pkgs.fish pkgs.bash ];
};
hardware = {
cpu = {
amd.updateMicrocode = lib.mkDefault true;
intel.updateMicrocode = lib.mkDefault true;
};
enableRedistributableFirmware = lib.mkDefault true;
enableAllFirmware = true;
};
programs = {
dconf.enable = true;
bash = {
## shellInit = ''
interactiveShellInit = ''
bind '"\e[A": history-search-backward'
bind '"\e[B": history-search-forward'
'';
};
starship.enable = true;
mosh.enable = true;
vim.defaultEditor = true;
fish.enable = true;
};
# powerManagement.cpuFreqGovernor = "ondemand";
services = {
dbus.implementation = "broker";
dbus.packages = [ pkgs.gcr ];
fwupd.enable = true;
openssh = {
enable = true;
settings.PermitRootLogin = "prohibit-password";
settings.X11Forwarding = true;
};
};
security = {
tpm2.enable = lib.mkDefault true;
tpm2.abrmd.enable = lib.mkDefault true;
sudo = {
enable = true;
wheelNeedsPassword = false;
};
};
system.stateVersion = "23.11";
time.timeZone = "Europe/Berlin";
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMNsmP15vH8BVKo7bdvIiiEjiQboPGcRPqJK0+bH4jKD harald@lenovo.fritz.box"
"sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBACLgT81iB1iWWVuXq6PdQ5GAAGhaZhSKnveQCvcNnAOZ5WKH80bZShKHyAYzrzbp8IGwLWJcZQ7TqRK+qZdfagAAAAEc3NoOg== harald@hoyer.xyz"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIDsb/Tr69YN5MQLweWPuJaRGm+h2kOyxfD6sqKEDTIwoAAAABHNzaDo= harald@fedora.fritz.box"
];
virtualisation = {
podman = {
enable = true;
# Create a `docker` alias for podman, to use it as a drop-in replacement
dockerCompat = true;
# For Nixos version > 22.11
defaultNetwork.settings = { dns_enabled = true; };
};
};
}