infra/nixos/hosts/eidola/configuration.nix

{
  config,
  pkgs,
  ...
}: {
  imports = [
    ./hardware.nix
    ./disk-config.nix
    ./mounts.nix
    ./secrets.nix
  ];

  networking.hostName = "eidola"; # Define your hostname.
  time.timeZone = "America/New_York"; # Set your time zone.

  # Allow unfree packages (firmware)
  nixpkgs.config.allowUnfree = true;

  # Basic networking
  networking.networkmanager.enable = true;
  networking.firewall.enable = true;

  # Locales
  i18n.defaultLocale = "en_US.UTF-8";
  console = {
    keyMap = "us";
  };

  # Users - eidola & root
  users.users = {
    root.hashedPasswordFile = config.sops.secrets."root-pw".path;

    eidola = {
      isNormalUser = true;
      extraGroups = ["networkmanager" "wheel"];
      hashedPasswordFile = config.sops.secrets."user-pw".path;
      openssh.authorizedKeys.keys = import ../../keys/ssh.nix;
    };
  };

  # Packages
  environment.systemPackages = with pkgs; [
    rsync
    git
    vim
    fastfetch
    htop
  ];
  environment.variables.EDITOR = "vim";

  # Enable ssh server
  services.openssh = {
    enable = true;
    settings.PasswordAuthentication = false;
    settings.KbdInteractiveAuthentication = false;
  };

  # My modules
  gen.system.hardening.disableSack = true;
  gen.system.bootloader.luksSsh = {
    enable = true;
    port = 48722;
    hostKeys = ["/persist/etc/secrets/initrd/ssh_host_ed25519_key"];
  };

  system.stateVersion = "24.05";
}
Initial commit 2024-10-13 15:16:39 -05:00			`{`
			`config,`
			`pkgs,`
			`...`
			`}: {`
			`imports = [`
			`./hardware.nix`
			`./disk-config.nix`
			`./mounts.nix`
			`./secrets.nix`
			`];`

			`networking.hostName = "eidola"; # Define your hostname.`
			`time.timeZone = "America/New_York"; # Set your time zone.`

			`# Allow unfree packages (firmware)`
			`nixpkgs.config.allowUnfree = true;`

			`# Basic networking`
			`networking.networkmanager.enable = true;`
			`networking.firewall.enable = true;`

			`# Locales`
			`i18n.defaultLocale = "en_US.UTF-8";`
			`console = {`
			`keyMap = "us";`
			`};`

			`# Users - eidola & root`
			`users.users = {`
			`root.hashedPasswordFile = config.sops.secrets."root-pw".path;`

			`eidola = {`
			`isNormalUser = true;`
			`extraGroups = ["networkmanager" "wheel"];`
			`hashedPasswordFile = config.sops.secrets."user-pw".path;`
			`openssh.authorizedKeys.keys = import ../../keys/ssh.nix;`
			`};`
			`};`

			`# Packages`
			`environment.systemPackages = with pkgs; [`
			`rsync`
			`git`
			`vim`
			`fastfetch`
			`htop`
			`];`
			`environment.variables.EDITOR = "vim";`

			`# Enable ssh server`
			`services.openssh = {`
			`enable = true;`
			`settings.PasswordAuthentication = false;`
			`settings.KbdInteractiveAuthentication = false;`
			`};`

			`# My modules`
			`gen.system.hardening.disableSack = true;`
			`gen.system.bootloader.luksSsh = {`
			`enable = true;`
			`port = 48722;`
			`hostKeys = ["/persist/etc/secrets/initrd/ssh_host_ed25519_key"];`
			`};`

			`system.stateVersion = "24.05";`
			`}`