2024-12-13 16:47:09 -06:00
|
|
|
{
|
|
|
|
|
inputs,
|
|
|
|
|
pkgs,
|
|
|
|
|
...
|
|
|
|
|
}: {
|
2024-10-17 17:32:14 -05:00
|
|
|
imports = [
|
2024-12-13 16:47:09 -06:00
|
|
|
./boot
|
|
|
|
|
|
|
|
|
|
./hardening.nix
|
|
|
|
|
./limits.nix
|
|
|
|
|
./networking.nix
|
2024-10-17 17:32:14 -05:00
|
|
|
];
|
2024-12-13 16:47:09 -06:00
|
|
|
|
|
|
|
|
# Ensure root login is available on every machine (if ssh is enabled)
|
|
|
|
|
users.users.root.openssh.authorizedKeys.keys = import ../keys/ssh.nix;
|
|
|
|
|
|
|
|
|
|
# Speed up the build a little bit, these aren't really needed
|
|
|
|
|
documentation = {
|
|
|
|
|
enable = false;
|
|
|
|
|
info.enable = false;
|
|
|
|
|
man.enable = false;
|
|
|
|
|
doc.enable = false;
|
|
|
|
|
nixos.enable = false;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
# Immutable users
|
|
|
|
|
users.mutableUsers = false;
|
|
|
|
|
|
|
|
|
|
### Nix settings ###
|
|
|
|
|
nix = {
|
|
|
|
|
# Make sure flakes are enabled
|
|
|
|
|
settings.experimental-features = ["nix-command" "flakes"];
|
|
|
|
|
extraOptions = ''
|
|
|
|
|
keep-outputs = true
|
|
|
|
|
keep-derivations = true
|
|
|
|
|
|
|
|
|
|
flake-registry = ${builtins.toFile "flake-registry" (builtins.toJSON {
|
|
|
|
|
version = 2;
|
|
|
|
|
flakes = [];
|
|
|
|
|
})}
|
|
|
|
|
'';
|
|
|
|
|
nixPath = ["nixpkgs=${pkgs.path}"];
|
|
|
|
|
registry = {
|
|
|
|
|
self.flake = inputs.self;
|
|
|
|
|
nixpkgs.flake = inputs.nixpkgs;
|
|
|
|
|
};
|
|
|
|
|
};
|
2024-10-17 17:32:14 -05:00
|
|
|
}
|
