{ pkgs, lib, ... }: with lib; with lib.plusultra; { imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix ]; system.autoUpgrade = { enable = true; operation = "boot"; allowReboot = false; flags = [ "--update-input" "nixpkgs" ]; flake = "git+https://git.hoyer.xyz/harald/nixcfg#${networking.hostName}"; }; plusultra.gui.enable = true; plusultra.nix.enable = true; plusultra.nix.extra-substituters = { "https://nixsgx.cachix.org".key = "nixsgx.cachix.org-1:tGi36DlY2joNsIXOlGnSgWW0+E094V6hW0umQRo/KoE="; }; boot = { tmp.cleanOnBoot = true; loader = { systemd-boot.enable = true; efi.canTouchEfiVariables = true; timeout = 2; }; initrd.systemd.enable = true; }; # Configure console keymap console.keyMap = "us"; i18n.extraLocaleSettings = { LC_MESSAGES = "en_US.UTF-8"; LC_TIME = "de_DE.UTF-8"; }; environment = { sessionVariables = { PATH = "$HOME/bin:$HOME/.cargo/bin"; }; systemPackages = with pkgs; [ age bash cachix cifs-utils clevis delta efibootmgr git git-delete-merged-branches home-manager htop mosh nixpkgs-fmt openssl restic rrsync sops strace tmux tpm2-pkcs11 tpm2-pkcs11.out tpm2-tools vim wget ]; shells = [ pkgs.fish pkgs.bash ]; }; hardware = { cpu = { amd.updateMicrocode = lib.mkDefault true; intel.updateMicrocode = lib.mkDefault true; }; enableRedistributableFirmware = lib.mkDefault true; enableAllFirmware = true; }; programs = { dconf.enable = true; bash = { ## shellInit = '' interactiveShellInit = '' bind '"\e[A": history-search-backward' bind '"\e[B": history-search-forward' ''; }; starship.enable = true; mosh.enable = true; vim.defaultEditor = true; fish.enable = true; }; # powerManagement.cpuFreqGovernor = "ondemand"; services = { dbus.implementation = "broker"; dbus.packages = [ pkgs.gcr ]; fail2ban.enable = true; fwupd.enable = true; openssh = { enable = true; settings.PermitRootLogin = "prohibit-password"; settings.X11Forwarding = true; }; }; security = { tpm2.enable = lib.mkDefault true; tpm2.abrmd.enable = lib.mkDefault true; sudo = { enable = true; wheelNeedsPassword = false; }; }; # Auto system update # https://search.nixos.org/options?channel=23.11&show=system.autoUpgrade #system.autoUpgrade = { #enable = true; #operation = "boot"; #flags = [ "--update-input" "nixpkgs" "--commit-lock-file" ] # flake = "??"; # }; system.stateVersion = "23.11"; time.timeZone = "Europe/Berlin"; users.users.root.openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMNsmP15vH8BVKo7bdvIiiEjiQboPGcRPqJK0+bH4jKD harald@lenovo.fritz.box" "sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBACLgT81iB1iWWVuXq6PdQ5GAAGhaZhSKnveQCvcNnAOZ5WKH80bZShKHyAYzrzbp8IGwLWJcZQ7TqRK+qZdfagAAAAEc3NoOg== harald@hoyer.xyz" "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIDsb/Tr69YN5MQLweWPuJaRGm+h2kOyxfD6sqKEDTIwoAAAABHNzaDo= harald@fedora.fritz.box" ]; virtualisation = { podman = { enable = true; # Create a `docker` alias for podman, to use it as a drop-in replacement dockerCompat = true; # For Nixos version > 22.11 defaultNetwork.settings = { dns_enabled = true; }; }; }; programs.nix-ld.enable = true; # Sets up all the libraries to load programs.nix-ld.libraries = with pkgs; [ curl expat fontconfig freetype fuse fuse3 glib icu libclang.lib libdbusmenu libxcrypt-legacy libxml2 nss openssl python3 stdenv.cc.cc xorg.libX11 xorg.libXcursor xorg.libXext xorg.libXi xorg.libXinerama xorg.libXrandr xorg.libXrender xorg.libXtst xz zlib ]; }