{
options,
config,
lib,
pkgs,
...
}:
with lib;
with lib.metacfg;
let
cfg = config.metacfg.base;
gitconfig = pkgs.writeText "gitconfig" ''
[filter "rot8000"]
smudge = ${pkgs.metacfg.rot8000}/bin/rot8000
clean = ${pkgs.metacfg.rot8000}/bin/rot8000
'';
in
{
options.metacfg.base = with types; {
enable = mkBoolOpt false "Whether or not to enable the base config.";
};
config = mkIf cfg.enable {
# Configure console keymap
console.keyMap = lib.mkDefault "us";
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "de_DE.UTF-8";
LC_IDENTIFICATION = "de_DE.UTF-8";
LC_MEASUREMENT = "de_DE.UTF-8";
LC_MESSAGES = "en_US.UTF-8";
LC_MONETARY = "de_DE.UTF-8";
LC_NAME = "de_DE.UTF-8";
LC_NUMERIC = "de_DE.UTF-8";
LC_TELEPHONE = "de_DE.UTF-8";
LC_TIME = "de_DE.UTF-8";
};
environment = {
sessionVariables = {
PATH = "$HOME/bin";
};
systemPackages = with pkgs; [
age
bash
cifs-utils
clevis
delta
efibootmgr
git
git-crypt
git-delete-merged-branches
home-manager
htop
mosh
nixpkgs-fmt
openssl
restic
rrsync
sbctl
sops
strace
tmux
tpm2-pkcs11
tpm2-pkcs11.out
tpm2-tools
vim
virt-manager
wget
(pkgs.writeShellScriptBin "qemu-system-x86_64-uefi" ''
qemu-system-x86_64 \
-bios ${pkgs.OVMF.fd}/FV/OVMF.fd \
"$@"
'')
];
shells = [
pkgs.fish
pkgs.bash
];
};
hardware = {
cpu = {
amd.updateMicrocode = lib.mkDefault true;
intel.updateMicrocode = lib.mkDefault true;
};
enableRedistributableFirmware = lib.mkDefault true;
enableAllFirmware = true;
};
programs = {
dconf.enable = true;
bash = {
## shellInit = ''
interactiveShellInit = ''
bind '"\e[A": history-search-backward'
bind '"\e[B": history-search-forward'
'';
};
starship.enable = true;
mosh.enable = true;
vim.defaultEditor = true;
fish.enable = true;
};
# powerManagement.cpuFreqGovernor = "ondemand";
services = {
dbus.implementation = "broker";
dbus.packages = [ pkgs.gcr ];
fwupd.enable = true;
openssh = {
enable = true;
settings.PermitRootLogin = "prohibit-password";
settings.X11Forwarding = true;
};
};
security = {
tpm2.enable = lib.mkDefault true;
tpm2.abrmd.enable = lib.mkDefault true;
sudo = {
enable = true;
wheelNeedsPassword = lib.mkDefault true;
};
};
time.timeZone = "Europe/Berlin";
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMNsmP15vH8BVKo7bdvIiiEjiQboPGcRPqJK0+bH4jKD harald@lenovo.fritz.box"
"sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBACLgT81iB1iWWVuXq6PdQ5GAAGhaZhSKnveQCvcNnAOZ5WKH80bZShKHyAYzrzbp8IGwLWJcZQ7TqRK+qZdfagAAAAEc3NoOg== harald@hoyer.xyz"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIDsb/Tr69YN5MQLweWPuJaRGm+h2kOyxfD6sqKEDTIwoAAAABHNzaDo= harald@fedora.fritz.box"
];
boot = {
tmp.cleanOnBoot = true;
loader = {
systemd-boot.enable = lib.mkDefault true;
efi.canTouchEfiVariables = true;
timeout = 2;
};
initrd.systemd.enable = true;
};
system.autoUpgrade = {
flags = [
"--update-input"
"nixpkgs"
"--update-input"
"unstable"
"--update-input"
"nixsgx-flake"
"--update-input"
"home-manager"
"--no-write-lock-file"
"-L"
];
flake = lib.mkDefault "git+https://git.hoyer.xyz/harald/nixcfg";
};
systemd.services.nixos-upgrade = {
path = [ pkgs.metacfg.rot8000 ];
environment.GIT_CONFIG_GLOBAL = toString gitconfig;
};
programs.git.enable = true;
virtualisation.libvirtd.enable = true;
boot.tmp.useTmpfs = true;
systemd.services.nix-daemon.environment.TMPDIR = "/var/tmp";
services.fstrim.enable = true;
};
}