{ options , config , lib , pkgs , ... }: with lib; with lib.metacfg; let cfg = config.metacfg.base; gitconfig = pkgs.writeText "gitconfig" '' [filter "rot8000"] smudge = ${pkgs.metacfg.rot8000}/bin/rot8000 clean = ${pkgs.metacfg.rot8000}/bin/rot8000 ''; in { options.metacfg.base = with types; { enable = mkBoolOpt false "Whether or not to enable the base config."; }; config = mkIf cfg.enable { # Configure console keymap console.keyMap = lib.mkDefault "us"; # Select internationalisation properties. i18n.defaultLocale = "en_US.UTF-8"; i18n.extraLocaleSettings = { LC_ADDRESS = "de_DE.UTF-8"; LC_IDENTIFICATION = "de_DE.UTF-8"; LC_MEASUREMENT = "de_DE.UTF-8"; LC_MESSAGES = "en_US.UTF-8"; LC_MONETARY = "de_DE.UTF-8"; LC_NAME = "de_DE.UTF-8"; LC_NUMERIC = "de_DE.UTF-8"; LC_TELEPHONE = "de_DE.UTF-8"; LC_TIME = "de_DE.UTF-8"; }; environment = { sessionVariables = { PATH = "$HOME/bin"; }; systemPackages = with pkgs; [ age bash cifs-utils clevis delta efibootmgr git git-crypt git-delete-merged-branches home-manager htop mosh nixpkgs-fmt openssl restic rrsync sbctl sops strace tmux tpm2-pkcs11 tpm2-pkcs11.out tpm2-tools vim virt-manager wget ]; shells = [ pkgs.fish pkgs.bash ]; }; hardware = { cpu = { amd.updateMicrocode = lib.mkDefault true; intel.updateMicrocode = lib.mkDefault true; }; enableRedistributableFirmware = lib.mkDefault true; enableAllFirmware = true; opengl.extraPackages = with pkgs; [ intel-compute-runtime ]; }; programs = { dconf.enable = true; bash = { ## shellInit = '' interactiveShellInit = '' bind '"\e[A": history-search-backward' bind '"\e[B": history-search-forward' ''; }; starship.enable = true; mosh.enable = true; vim.defaultEditor = true; fish.enable = true; }; # powerManagement.cpuFreqGovernor = "ondemand"; services = { dbus.implementation = "broker"; dbus.packages = [ pkgs.gcr ]; fwupd.enable = true; openssh = { enable = true; settings.PermitRootLogin = "prohibit-password"; settings.X11Forwarding = true; }; }; security = { tpm2.enable = lib.mkDefault true; tpm2.abrmd.enable = lib.mkDefault true; sudo = { enable = true; wheelNeedsPassword = lib.mkDefault true; }; }; time.timeZone = "Europe/Berlin"; users.users.root.openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMNsmP15vH8BVKo7bdvIiiEjiQboPGcRPqJK0+bH4jKD harald@lenovo.fritz.box" "sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBACLgT81iB1iWWVuXq6PdQ5GAAGhaZhSKnveQCvcNnAOZ5WKH80bZShKHyAYzrzbp8IGwLWJcZQ7TqRK+qZdfagAAAAEc3NoOg== harald@hoyer.xyz" "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIDsb/Tr69YN5MQLweWPuJaRGm+h2kOyxfD6sqKEDTIwoAAAABHNzaDo= harald@fedora.fritz.box" ]; boot = { tmp.cleanOnBoot = true; loader = { systemd-boot.enable = lib.mkDefault true; efi.canTouchEfiVariables = true; timeout = 2; }; initrd.systemd.enable = true; }; system.autoUpgrade = { flags = [ "--update-input" "nixpkgs" "--update-input" "unstable" "--update-input" "nixsgx-flake" "--update-input" "home-manager" "--no-write-lock-file" "-L" ]; flake = lib.mkDefault "git+https://git.hoyer.xyz/harald/nixcfg"; }; systemd.services.nixos-upgrade = { path = [ pkgs.metacfg.rot8000 ]; environment.GIT_CONFIG_GLOBAL = toString gitconfig; }; programs.git.enable = true; virtualisation.libvirtd.enable = true; boot.tmp.useTmpfs = true; systemd.services.nix-daemon.environment.TMPDIR = "/var/tmp"; services.fstrim.enable = true; }; }