76 lines
1.5 KiB
Nix
76 lines
1.5 KiB
Nix
{
|
|
config,
|
|
pkgs,
|
|
...
|
|
}: {
|
|
imports = [
|
|
./hardware.nix
|
|
./disk-config.nix
|
|
./mounts.nix
|
|
./secrets.nix
|
|
./nebula.nix
|
|
];
|
|
|
|
networking.hostName = "eidola"; # Define your hostname.
|
|
time.timeZone = "America/New_York"; # Set your time zone.
|
|
|
|
# Allow unfree packages (firmware)
|
|
nixpkgs.config.allowUnfree = true;
|
|
|
|
# Basic networking
|
|
networking.networkmanager.enable = true;
|
|
networking.firewall.enable = true;
|
|
|
|
# Locales
|
|
i18n.defaultLocale = "en_US.UTF-8";
|
|
console = {
|
|
keyMap = "us";
|
|
};
|
|
|
|
# Users - eidola & root
|
|
users.users = {
|
|
root.hashedPasswordFile = config.sops.secrets."root-pw".path;
|
|
|
|
eidola = {
|
|
isNormalUser = true;
|
|
extraGroups = ["networkmanager" "wheel"];
|
|
hashedPasswordFile = config.sops.secrets."user-pw".path;
|
|
openssh.authorizedKeys.keys = import ../../keys/ssh.nix;
|
|
};
|
|
};
|
|
|
|
# Packages
|
|
environment.systemPackages = with pkgs; [
|
|
rsync
|
|
git
|
|
vim
|
|
fastfetch
|
|
htop
|
|
];
|
|
environment.variables.EDITOR = "vim";
|
|
|
|
# Enable ssh server
|
|
services.openssh = {
|
|
enable = true;
|
|
settings.PasswordAuthentication = false;
|
|
settings.KbdInteractiveAuthentication = false;
|
|
|
|
listenAddresses = [
|
|
{
|
|
addr = "10.13.1.1";
|
|
port = 22;
|
|
}
|
|
];
|
|
};
|
|
|
|
# My modules
|
|
gen.system.hardening.disableSack = true;
|
|
gen.system.bootloader.luksSsh = {
|
|
enable = true;
|
|
port = 48722;
|
|
hostKeys = ["/persist/etc/secrets/initrd/ssh_host_ed25519_key"];
|
|
};
|
|
|
|
system.stateVersion = "24.05";
|
|
}
|