infra/nixos/hosts/eidola/configuration.nix

76 lines
1.5 KiB
Nix
Raw Normal View History

2024-10-13 15:16:39 -05:00
{
config,
pkgs,
...
}: {
imports = [
./hardware.nix
./disk-config.nix
./mounts.nix
./secrets.nix
2024-10-15 16:02:42 -05:00
./nebula.nix
2024-10-13 15:16:39 -05:00
];
networking.hostName = "eidola"; # Define your hostname.
time.timeZone = "America/New_York"; # Set your time zone.
# Allow unfree packages (firmware)
nixpkgs.config.allowUnfree = true;
# Basic networking
networking.networkmanager.enable = true;
networking.firewall.enable = true;
# Locales
i18n.defaultLocale = "en_US.UTF-8";
console = {
keyMap = "us";
};
# Users - eidola & root
users.users = {
root.hashedPasswordFile = config.sops.secrets."root-pw".path;
eidola = {
isNormalUser = true;
extraGroups = ["networkmanager" "wheel"];
hashedPasswordFile = config.sops.secrets."user-pw".path;
openssh.authorizedKeys.keys = import ../../keys/ssh.nix;
};
};
# Packages
environment.systemPackages = with pkgs; [
rsync
git
vim
fastfetch
htop
];
environment.variables.EDITOR = "vim";
# Enable ssh server
services.openssh = {
enable = true;
settings.PasswordAuthentication = false;
settings.KbdInteractiveAuthentication = false;
2024-10-16 21:38:44 -05:00
listenAddresses = [
{
addr = "10.13.1.1";
port = 22;
}
];
2024-10-13 15:16:39 -05:00
};
# My modules
gen.system.hardening.disableSack = true;
gen.system.bootloader.luksSsh = {
enable = true;
port = 48722;
hostKeys = ["/persist/etc/secrets/initrd/ssh_host_ed25519_key"];
};
system.stateVersion = "24.05";
}