harald/nixcfg
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
nixcfg/systems/x86_64-linux/x1/default.nix
Harald Hoyer b4768eef70 x1 
Signed-off-by: Harald Hoyer <harald@hoyer.xyz>
2024-03-04 20:38:37 +01:00

174 lines
4.3 KiB
Nix
Raw Blame History

{ pkgs, lib, ... }:
with lib;
with lib.plusultra;
{
imports =
[
# Include the results of the hardware scan.
./hardware-configuration.nix
];
plusultra.gui.enable = true;
boot = {
tmp.cleanOnBoot = true;
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
timeout = 2;
};
initrd.systemd.enable = true;
};
# Configure console keymap
console.keyMap = "us";
i18n.extraLocaleSettings = {
LC_MESSAGES = "en_US.UTF-8";
LC_TIME = "de_DE.UTF-8";
};
environment = {
systemPackages = with pkgs; [
age
appimage-run
cifs-utils
clevis
delta
efibootmgr
git
git-delete-merged-branches
home-manager
htop
mdadm
mosh
nixpkgs-fmt
openssl
restic
rrsync
sops
strace
tmux
tpm2-pkcs11
tpm2-pkcs11.out
tpm2-tools
vim
wget
];
shells = [ pkgs.fish pkgs.bash ];
};
hardware = {
cpu = {
amd.updateMicrocode = lib.mkDefault true;
intel.updateMicrocode = lib.mkDefault true;
};
enableRedistributableFirmware = lib.mkDefault true;
enableAllFirmware = true;
};
programs = {
dconf.enable = true;
bash = {
## shellInit = ''
interactiveShellInit = ''
bind '"\e[A": history-search-backward'
bind '"\e[B": history-search-forward'
'';
};
starship.enable = true;
mosh.enable = true;
vim.defaultEditor = true;
fish.enable = true;
};
# powerManagement.cpuFreqGovernor = "ondemand";
services = {
dbus.implementation = "broker";
dbus.packages = [ pkgs.gcr ];
fail2ban.enable = true;
fwupd.enable = true;
openssh = {
enable = true;
settings.PermitRootLogin = "prohibit-password";
settings.X11Forwarding = true;
};
};
security = {
tpm2.enable = lib.mkDefault true;
tpm2.abrmd.enable = lib.mkDefault true;
sudo = {
enable = true;
wheelNeedsPassword = false;
};
};
# Auto system update
# https://search.nixos.org/options?channel=23.11&show=system.autoUpgrade
#system.autoUpgrade = {
#enable = true;
#operation = "boot";
#flags = [ "--update-input" "nixpkgs" "--commit-lock-file" ]
# flake = "??";
# };
system.stateVersion = "23.11";
time.timeZone = "Europe/Berlin";
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMNsmP15vH8BVKo7bdvIiiEjiQboPGcRPqJK0+bH4jKD harald@lenovo.fritz.box"
"sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBACLgT81iB1iWWVuXq6PdQ5GAAGhaZhSKnveQCvcNnAOZ5WKH80bZShKHyAYzrzbp8IGwLWJcZQ7TqRK+qZdfagAAAAEc3NoOg== harald@hoyer.xyz"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIDsb/Tr69YN5MQLweWPuJaRGm+h2kOyxfD6sqKEDTIwoAAAABHNzaDo= harald@fedora.fritz.box"
];
# users.users.harald = {
# shell = pkgs.fish;
# isNormalUser = true;
# description = "harald";
# extraGroups = [ "networkmanager" "wheel" "sgx" "libvirtd" "tss" "rspamd" ];
# openssh.authorizedKeys.keys = [
# "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIDsb/Tr69YN5MQLweWPuJaRGm+h2kOyxfD6sqKEDTIwoAAAABHNzaDo= harald@fedora.fritz.box"
# "sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBACLgT81iB1iWWVuXq6PdQ5GAAGhaZhSKnveQCvcNnAOZ5WKH80bZShKHyAYzrzbp8IGwLWJcZQ7TqRK+qZdfagAAAAEc3NoOg== harald@hoyer.xyz"
# "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAYbUTKpy4QR3s944/hjJ1UK05asFEs/SmWeUbtS0cdA660sT4xHnRfals73FicOoz+uIucJCwn/SCM804j+wtM="
# "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMNsmP15vH8BVKo7bdvIiiEjiQboPGcRPqJK0+bH4jKD harald@lenovo.fritz.box"
# ];
# };
#
virtualisation = {
podman = {
enable = true;
# Create a `docker` alias for podman, to use it as a drop-in replacement
dockerCompat = true;
# For Nixos version > 22.11
defaultNetwork.settings = { dns_enabled = true; };
};
};
programs.nix-ld.enable = true;
# Sets up all the libraries to load
programs.nix-ld.libraries = with pkgs; [
appimage-run
stdenv.cc.cc
libclang.lib
zlib
fuse3
fuse
icu
nss
curl
expat
freetype
glib
openssl
# ...
];
}
Reference in a new issue View git blame Copy permalink