2024-10-13 15:16:39 -05:00
|
|
|
{
|
|
|
|
config,
|
|
|
|
pkgs,
|
|
|
|
...
|
|
|
|
}: let
|
2024-10-17 17:32:14 -05:00
|
|
|
net = { # TODO: hardcoding (this module *may* be a good place to store values like this, though)
|
2024-10-13 15:16:39 -05:00
|
|
|
address = "107.152.41.67";
|
|
|
|
prefixLength = 24;
|
|
|
|
subnet = "255.255.255.0";
|
|
|
|
gateway = "107.152.41.1";
|
|
|
|
interface = "eth0";
|
|
|
|
};
|
|
|
|
in {
|
|
|
|
imports = [
|
|
|
|
./hardware.nix
|
|
|
|
./disk-config.nix
|
|
|
|
./mounts.nix
|
|
|
|
./secrets.nix
|
|
|
|
./services
|
|
|
|
];
|
|
|
|
|
|
|
|
networking.hostName = "silver"; # Define your hostname.
|
|
|
|
time.timeZone = "America/Chicago"; # Set your time zone.
|
|
|
|
|
|
|
|
# Allow unfree packages (firmware)
|
|
|
|
nixpkgs.config.allowUnfree = true;
|
|
|
|
|
|
|
|
# Basic networking
|
|
|
|
networking.networkmanager.enable = true;
|
|
|
|
networking.firewall.enable = true;
|
|
|
|
|
|
|
|
# Networking - IP configuration
|
|
|
|
networking = {
|
|
|
|
enableIPv6 = false;
|
|
|
|
|
|
|
|
defaultGateway = {
|
|
|
|
address = net.gateway;
|
|
|
|
inherit (net) interface;
|
|
|
|
};
|
|
|
|
|
|
|
|
interfaces.${net.interface} = {
|
|
|
|
useDHCP = false;
|
|
|
|
ipv4.addresses = [
|
|
|
|
{inherit (net) address prefixLength;}
|
|
|
|
];
|
|
|
|
};
|
|
|
|
};
|
|
|
|
boot.kernelParams = [
|
|
|
|
# Manual IP configuration for initrd
|
|
|
|
"ip=${net.address}::${net.gateway}:${net.subnet}::${net.interface}:off"
|
|
|
|
];
|
|
|
|
|
|
|
|
# Locales
|
|
|
|
i18n.defaultLocale = "en_US.UTF-8";
|
|
|
|
console = {
|
|
|
|
keyMap = "us";
|
|
|
|
};
|
|
|
|
|
|
|
|
# Users - silver & root
|
|
|
|
users.users = {
|
|
|
|
root.hashedPasswordFile = config.sops.secrets."root-pw".path;
|
|
|
|
|
|
|
|
silver = {
|
|
|
|
isNormalUser = true;
|
|
|
|
extraGroups = ["networkmanager" "wheel"];
|
|
|
|
hashedPasswordFile = config.sops.secrets."user-pw".path;
|
|
|
|
openssh.authorizedKeys.keys = import ../../keys/ssh.nix;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
# Packages
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
|
|
rsync
|
|
|
|
git
|
|
|
|
vim
|
|
|
|
fastfetch
|
|
|
|
htop
|
|
|
|
speedtest-cli
|
|
|
|
];
|
|
|
|
environment.variables.EDITOR = "vim";
|
|
|
|
|
|
|
|
# Enable ssh server
|
|
|
|
services.openssh = {
|
|
|
|
enable = true;
|
|
|
|
settings.PasswordAuthentication = false;
|
|
|
|
settings.KbdInteractiveAuthentication = false;
|
|
|
|
ports = [12208];
|
|
|
|
};
|
|
|
|
|
|
|
|
# My modules
|
|
|
|
gen.system.hardening.disableSack = true;
|
|
|
|
gen.system.bootloader.luksSsh = {
|
|
|
|
enable = true;
|
|
|
|
port = 48722;
|
|
|
|
hostKeys = ["/persist/etc/secrets/initrd/ssh_host_ed25519_key"];
|
|
|
|
};
|
|
|
|
|
2024-10-17 17:32:14 -05:00
|
|
|
# Periodically optimise & collect garbage
|
|
|
|
nix = {
|
|
|
|
gc = {
|
|
|
|
automatic = true;
|
|
|
|
dates = "daily";
|
|
|
|
options = "--delete-older-than 30d";
|
|
|
|
};
|
|
|
|
optimise = {
|
|
|
|
automatic = true;
|
|
|
|
dates = ["daily"];
|
|
|
|
};
|
2024-10-13 16:28:02 -05:00
|
|
|
};
|
|
|
|
|
2024-10-13 15:16:39 -05:00
|
|
|
system.stateVersion = "24.05";
|
|
|
|
}
|