2022-11-04 19:35:57 +01:00
|
|
|
|
{ custom }: { pkgs, ... }:
|
2021-11-23 22:17:41 +01:00
|
|
|
|
{
|
|
|
|
|
|
imports = [
|
2022-11-04 19:35:57 +01:00
|
|
|
|
"${custom.inputs.self}/modules/cli"
|
2021-11-23 22:17:41 +01:00
|
|
|
|
];
|
|
|
|
|
|
|
2021-11-27 16:53:22 +01:00
|
|
|
|
# The rough location
|
|
|
|
|
|
location = {
|
|
|
|
|
|
latitude = 46.948;
|
|
|
|
|
|
longitude = 7.447;
|
|
|
|
|
|
};
|
|
|
|
|
|
|
2021-11-23 22:17:41 +01:00
|
|
|
|
# Set your time zone.
|
|
|
|
|
|
time.timeZone = "Europe/Zurich";
|
2022-11-12 16:30:41 +01:00
|
|
|
|
services.timesyncd.enable = true;
|
2021-11-23 22:17:41 +01:00
|
|
|
|
|
|
|
|
|
|
networking = {
|
2022-03-27 16:14:54 +02:00
|
|
|
|
domain = "2li.local";
|
2022-01-16 17:44:05 +01:00
|
|
|
|
enableIPv6 = false;
|
2022-09-17 19:25:57 +02:00
|
|
|
|
firewall = {
|
|
|
|
|
|
allowPing = true;
|
|
|
|
|
|
allowedTCPPorts = [ 22 ];
|
|
|
|
|
|
};
|
2022-11-12 16:30:41 +01:00
|
|
|
|
timeServers = [
|
|
|
|
|
|
"10.7.89.1"
|
|
|
|
|
|
"ch.pool.ntp.org"
|
|
|
|
|
|
];
|
|
|
|
|
|
|
2021-11-23 22:17:41 +01:00
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
hardware = {
|
|
|
|
|
|
enableRedistributableFirmware = true;
|
|
|
|
|
|
};
|
|
|
|
|
|
|
2021-11-24 20:39:18 +01:00
|
|
|
|
programs.mosh.enable = true;
|
2022-08-15 14:55:47 +02:00
|
|
|
|
services.openssh = {
|
|
|
|
|
|
enable = true;
|
|
|
|
|
|
permitRootLogin = "no";
|
|
|
|
|
|
passwordAuthentication = false;
|
|
|
|
|
|
kbdInteractiveAuthentication = false;
|
|
|
|
|
|
extraConfig = ''
|
|
|
|
|
|
AllowTcpForwarding yes
|
|
|
|
|
|
X11Forwarding no
|
|
|
|
|
|
AllowAgentForwarding no
|
|
|
|
|
|
AllowStreamLocalForwarding no
|
|
|
|
|
|
AuthenticationMethods publickey
|
|
|
|
|
|
'';
|
2021-11-23 22:17:41 +01:00
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
# Select internationalisation properties.
|
|
|
|
|
|
i18n.defaultLocale = "en_US.UTF-8";
|
|
|
|
|
|
console = {
|
|
|
|
|
|
font = "Lat2-Terminus16";
|
|
|
|
|
|
keyMap = "us";
|
|
|
|
|
|
};
|
|
|
|
|
|
|
2022-01-12 22:08:22 +01:00
|
|
|
|
# Disable the root user
|
|
|
|
|
|
users.users.root.hashedPassword = "!";
|
2021-11-23 22:17:41 +01:00
|
|
|
|
# Define a user account. Don't forget to set a password with ‘passwd’.
|
2022-02-21 11:36:12 +01:00
|
|
|
|
users.users.${custom.username} = {
|
2021-11-23 22:17:41 +01:00
|
|
|
|
isNormalUser = true;
|
|
|
|
|
|
initialPassword = "password";
|
|
|
|
|
|
extraGroups = [
|
|
|
|
|
|
"wheel"
|
|
|
|
|
|
"networkmanager"
|
|
|
|
|
|
];
|
2022-01-10 21:57:50 +01:00
|
|
|
|
openssh.authorizedKeys.keys = [
|
|
|
|
|
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCR+JXNHSAEQamn2QiaKV0vejCPy6OmzOePXoaQF6CEknXyvBO4j7+qpgZ5RAhe7ups8xZrEpBKdtxRMf7OdQQEXg1PLlfWZSJTC8EGu1TbMltbwwHizgsK/15LkDhJ0Gk/GFz9O9GvGqjizik8Kvvqz8XWY0tEtYs5Riq8bB5D5Ctwl10iultqnIQkdaX0bNa/2X57XKeutWdbqhuSC/C7awC1aVDIdfy1BNT3weHhQhFVAeAlH7Fy4rx3gYPclICfzu27lulLeXKJj9F+NdeY84zEy7E8IkE7eqdo1zfdJJpXSIh3FqekWen5njzWJsXqZCa2Ynk1poK/Rv/ti+ySE+4XicyXp0VJM8fDz6iUI0S/pjumHwzpoN9CeNe5PDK3Y7iQzSlO9REvkj/+v7r2s6XKslk9B7hTKunvH5JgHlIeYymzXb4r2LggNrP/1KUgNk1Ztu+s1c5onXYfBNul1iQOFU3+kgTk8Oh/UFK3FA0dYeWrOLA02TdH2S7U6yE= andreas@gwyn"
|
|
|
|
|
|
|
|
|
|
|
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDxBun0BYQaz/WjiP+g5+Hs9/JZnWAuLTpTVYgx/9shJwKS5Zu9K3I115DYOro/lpu0AMeeJca5We2AICcxYcM0lIZvsJqfOnFOHFjgmHxHc6IuzrUPM7msoLneF5lxfJ8ko2/LcFq8EtGlzjkllRpFpp2FtxDviD1lr4mJda4cOuQES4ujH3HP5Shpwa96oqnDENWCL+XPFe+Ur+88tuKTQ2MIX5Iqhs2sMIwsMI1o8HjBi4sMd+kd7qb232XcwWTlP3iIWvq/0D3OxZ6J6uSNyC4UCl781lupLOKrC6ml58RUrYP8nrF0a53+i0hgLuDiCWhj0vkY7W9nJW1no425 andreas@python"
|
2022-02-21 11:39:17 +01:00
|
|
|
|
|
|
|
|
|
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDg03JFE6TzMT3mZw0OJtcBwUHCB+3AHwtS981jEd/6wFQPoFrmR48yu5RWh2ikjy8axIIVRz8pX50GNRXzGLuqI8nS9Kb5CSKs4uPE7OxSbZqO+qeTiuZ00QXudUosu5w5mJ+mRYlBZw6nrLOIZjgXbfMOsRtZFWVHWr011DO/ROXYQrG5xCG8wVJgE08R4njPlwb9EiYJD9CATttX3ryejhzYEloLg+ucbfcvs85hyyuCryIB7bIyCPim4ys6/GaTr2O2jAUXsE3Vvdiybg0UAuV0t94OQvtyHAs+yvIawt4LV7WBPYFkNuZ1ahG23hZb2IcU2YX9XvAQc2NOMEDJy76WBoXHlFa4LUaRFeVkv71xvRnWBlE2zSTiA/G+1qqkD7SN6I/MV4fMxF2mpbsfoGODhqrrmpvLNQoqxgWS1kvA4g94zLFXU+8I2Oy/kRIi9rGIDESHpuImdjXfYdpRfLyLRcDhxK2BIawerDJJ4iTFRHOSXWRlEiLdWDm2WFpRQWKkJ/lMu16n78hJfc1Ga/s/70yJi2GOcQN/nvETjrNG82gyxohNAOoMMkZP2AeC0mrPRi3dEqzc4ZUq4lcPAS/WjpQC9qNDxhQJXHmreSHG+qdEJaSQLlzFEwtVPYTFh8C/l/goVI3/moRlG3Cv+FQjAulVx/xck680PHN/GQ== flunder@blink"
|
2022-01-10 21:57:50 +01:00
|
|
|
|
];
|
2021-11-23 22:17:41 +01:00
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
# allow non-free packages
|
|
|
|
|
|
nixpkgs.config.allowUnfree = true;
|
|
|
|
|
|
|
2021-11-30 20:25:33 +01:00
|
|
|
|
nix = {
|
2022-11-04 19:35:57 +01:00
|
|
|
|
nixPath = [ "nixpkgs=${custom.inputs.nixpkgs}" ];
|
2022-02-16 22:19:13 +01:00
|
|
|
|
registry = {
|
2022-11-04 19:35:57 +01:00
|
|
|
|
nixpkgs.flake = custom.inputs.nixpkgs;
|
|
|
|
|
|
nix-config.flake = custom.inputs.self;
|
2022-02-15 20:54:21 +01:00
|
|
|
|
};
|
|
|
|
|
|
|
2021-11-30 20:25:33 +01:00
|
|
|
|
autoOptimiseStore = true;
|
2022-05-31 09:13:36 +02:00
|
|
|
|
package = pkgs.nixFlakes;
|
|
|
|
|
|
extraOptions = ''
|
|
|
|
|
|
experimental-features = nix-command flakes
|
|
|
|
|
|
warn-dirty = false
|
|
|
|
|
|
'';
|
2021-11-30 20:25:33 +01:00
|
|
|
|
# enable garbage collection
|
|
|
|
|
|
gc = {
|
|
|
|
|
|
automatic = true;
|
2021-12-08 08:31:37 +01:00
|
|
|
|
dates = "daily";
|
2022-06-08 10:39:25 +02:00
|
|
|
|
options = "--delete-older-than 30d";
|
2021-11-30 20:25:33 +01:00
|
|
|
|
};
|
2022-01-21 13:12:08 +01:00
|
|
|
|
trustedUsers = [ "root" "@wheel" ];
|
2021-11-23 22:17:41 +01:00
|
|
|
|
};
|
2021-11-30 20:25:33 +01:00
|
|
|
|
|
2021-11-23 22:17:41 +01:00
|
|
|
|
environment.variables = {
|
|
|
|
|
|
EDITOR = "vim";
|
|
|
|
|
|
HIGHLIGHT_STYLE = "solarized-light";
|
2022-08-07 15:52:38 +02:00
|
|
|
|
NIXPKGS_ALLOW_UNFREE = "1";
|
2021-11-23 22:17:41 +01:00
|
|
|
|
};
|
|
|
|
|
|
|
2022-01-16 17:20:10 +01:00
|
|
|
|
security.sudo = {
|
|
|
|
|
|
extraRules = [
|
|
|
|
|
|
{
|
|
|
|
|
|
users = [ "andreas" ];
|
|
|
|
|
|
commands = [
|
|
|
|
|
|
{
|
2022-01-16 17:56:21 +01:00
|
|
|
|
command = "${pkgs.nixos-rebuild}/bin/nixos-rebuild -j auto switch";
|
|
|
|
|
|
options = [ "NOPASSWD" ];
|
2022-01-16 17:20:10 +01:00
|
|
|
|
}
|
2022-01-16 17:59:39 +01:00
|
|
|
|
{
|
|
|
|
|
|
command = "/run/current-system/sw/bin/nixos-rebuild";
|
|
|
|
|
|
options = [ "NOPASSWD" ];
|
|
|
|
|
|
}
|
2022-03-04 18:28:49 +01:00
|
|
|
|
{
|
2022-11-15 15:20:01 +01:00
|
|
|
|
command = "/run/current-system/sw/bin/nix-env";
|
|
|
|
|
|
options = [ "NOPASSWD" ];
|
2022-03-04 18:28:49 +01:00
|
|
|
|
}
|
2022-01-16 17:20:10 +01:00
|
|
|
|
];
|
|
|
|
|
|
}
|
|
|
|
|
|
];
|
|
|
|
|
|
};
|
|
|
|
|
|
|
2021-11-23 22:17:41 +01:00
|
|
|
|
# This value determines the NixOS release from which the default
|
|
|
|
|
|
# settings for stateful data, like file locations and database versions
|
|
|
|
|
|
# on your system were taken. It‘s perfectly fine and recommended to leave
|
|
|
|
|
|
# this value at the release version of the first install of this system.
|
|
|
|
|
|
# Before changing this value read the documentation for this option
|
|
|
|
|
|
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
2022-02-23 10:43:04 +01:00
|
|
|
|
system.stateVersion = custom.version;
|
2021-11-23 22:17:41 +01:00
|
|
|
|
}
|
|
|
|
|
|
|
