100 lines
2.0 KiB
Nix
100 lines
2.0 KiB
Nix
|
{
|
||
|
config,
|
||
|
pkgs,
|
||
|
...
|
||
|
}: let
|
||
|
net = {
|
||
|
address = "107.152.41.67";
|
||
|
prefixLength = 24;
|
||
|
subnet = "255.255.255.0";
|
||
|
gateway = "107.152.41.1";
|
||
|
interface = "eth0";
|
||
|
};
|
||
|
in {
|
||
|
imports = [
|
||
|
./hardware.nix
|
||
|
./disk-config.nix
|
||
|
./mounts.nix
|
||
|
./secrets.nix
|
||
|
./services
|
||
|
];
|
||
|
|
||
|
networking.hostName = "silver"; # Define your hostname.
|
||
|
time.timeZone = "America/Chicago"; # Set your time zone.
|
||
|
|
||
|
# Allow unfree packages (firmware)
|
||
|
nixpkgs.config.allowUnfree = true;
|
||
|
|
||
|
# Basic networking
|
||
|
networking.networkmanager.enable = true;
|
||
|
networking.firewall.enable = true;
|
||
|
|
||
|
# Networking - IP configuration
|
||
|
networking = {
|
||
|
enableIPv6 = false;
|
||
|
|
||
|
defaultGateway = {
|
||
|
address = net.gateway;
|
||
|
inherit (net) interface;
|
||
|
};
|
||
|
|
||
|
interfaces.${net.interface} = {
|
||
|
useDHCP = false;
|
||
|
ipv4.addresses = [
|
||
|
{inherit (net) address prefixLength;}
|
||
|
];
|
||
|
};
|
||
|
};
|
||
|
boot.kernelParams = [
|
||
|
# Manual IP configuration for initrd
|
||
|
"ip=${net.address}::${net.gateway}:${net.subnet}::${net.interface}:off"
|
||
|
];
|
||
|
|
||
|
# Locales
|
||
|
i18n.defaultLocale = "en_US.UTF-8";
|
||
|
console = {
|
||
|
keyMap = "us";
|
||
|
};
|
||
|
|
||
|
# Users - silver & root
|
||
|
users.users = {
|
||
|
root.hashedPasswordFile = config.sops.secrets."root-pw".path;
|
||
|
|
||
|
silver = {
|
||
|
isNormalUser = true;
|
||
|
extraGroups = ["networkmanager" "wheel"];
|
||
|
hashedPasswordFile = config.sops.secrets."user-pw".path;
|
||
|
openssh.authorizedKeys.keys = import ../../keys/ssh.nix;
|
||
|
};
|
||
|
};
|
||
|
|
||
|
# Packages
|
||
|
environment.systemPackages = with pkgs; [
|
||
|
rsync
|
||
|
git
|
||
|
vim
|
||
|
fastfetch
|
||
|
htop
|
||
|
speedtest-cli
|
||
|
];
|
||
|
environment.variables.EDITOR = "vim";
|
||
|
|
||
|
# Enable ssh server
|
||
|
services.openssh = {
|
||
|
enable = true;
|
||
|
settings.PasswordAuthentication = false;
|
||
|
settings.KbdInteractiveAuthentication = false;
|
||
|
ports = [12208];
|
||
|
};
|
||
|
|
||
|
# My modules
|
||
|
gen.system.hardening.disableSack = true;
|
||
|
gen.system.bootloader.luksSsh = {
|
||
|
enable = true;
|
||
|
port = 48722;
|
||
|
hostKeys = ["/persist/etc/secrets/initrd/ssh_host_ed25519_key"];
|
||
|
};
|
||
|
|
||
|
system.stateVersion = "24.05";
|
||
|
}
|