infra/nixos/hosts/silver/configuration.nix

107 lines
2.2 KiB
Nix

{
config,
pkgs,
...
}: let
net = {
address = "107.152.41.67";
prefixLength = 24;
subnet = "255.255.255.0";
gateway = "107.152.41.1";
interface = "eth0";
};
in {
imports = [
./hardware.nix
./disk-config.nix
./mounts.nix
./secrets.nix
./services
];
networking.hostName = "silver"; # Define your hostname.
time.timeZone = "America/Chicago"; # Set your time zone.
# Allow unfree packages (firmware)
nixpkgs.config.allowUnfree = true;
# Basic networking
networking.networkmanager.enable = true;
networking.firewall.enable = true;
# Networking - IP configuration
networking = {
enableIPv6 = false;
defaultGateway = {
address = net.gateway;
inherit (net) interface;
};
interfaces.${net.interface} = {
useDHCP = false;
ipv4.addresses = [
{inherit (net) address prefixLength;}
];
};
};
boot.kernelParams = [
# Manual IP configuration for initrd
"ip=${net.address}::${net.gateway}:${net.subnet}::${net.interface}:off"
];
# Locales
i18n.defaultLocale = "en_US.UTF-8";
console = {
keyMap = "us";
};
# Users - silver & root
users.users = {
root.hashedPasswordFile = config.sops.secrets."root-pw".path;
silver = {
isNormalUser = true;
extraGroups = ["networkmanager" "wheel"];
hashedPasswordFile = config.sops.secrets."user-pw".path;
openssh.authorizedKeys.keys = import ../../keys/ssh.nix;
};
};
# Packages
environment.systemPackages = with pkgs; [
rsync
git
vim
fastfetch
htop
speedtest-cli
];
environment.variables.EDITOR = "vim";
# Enable ssh server
services.openssh = {
enable = true;
settings.PasswordAuthentication = false;
settings.KbdInteractiveAuthentication = false;
ports = [12208];
};
# My modules
gen.system.hardening.disableSack = true;
gen.system.bootloader.luksSsh = {
enable = true;
port = 48722;
hostKeys = ["/persist/etc/secrets/initrd/ssh_host_ed25519_key"];
};
# Periodic nix gc
nix.gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 30d";
};
system.stateVersion = "24.05";
}