170 lines
5.0 KiB
Nix
170 lines
5.0 KiB
Nix
{ config, inputs, lib, pkgs, ... }:
|
||
{
|
||
# The rough location
|
||
location = {
|
||
latitude = 46.948;
|
||
longitude = 7.447;
|
||
};
|
||
|
||
# Set your time zone.
|
||
time.timeZone = "Europe/Zurich";
|
||
services.timesyncd.enable = lib.mkForce true;
|
||
|
||
services.nscd.enableNsncd = true;
|
||
networking = {
|
||
domain = "2li.local";
|
||
enableIPv6 = false;
|
||
firewall = {
|
||
allowPing = true;
|
||
allowedTCPPorts = [ 22 ];
|
||
};
|
||
timeServers = [
|
||
"10.7.89.1"
|
||
"ch.pool.ntp.org"
|
||
];
|
||
|
||
};
|
||
|
||
hardware = {
|
||
enableRedistributableFirmware = true;
|
||
};
|
||
|
||
programs.mosh.enable = true;
|
||
programs.ssh.startAgent = true;
|
||
services.openssh = {
|
||
enable = true;
|
||
settings = {
|
||
PermitRootLogin = "no";
|
||
PasswordAuthentication = false;
|
||
KbdInteractiveAuthentication = false;
|
||
};
|
||
extraConfig = ''
|
||
AllowTcpForwarding yes
|
||
X11Forwarding no
|
||
AllowAgentForwarding no
|
||
AllowStreamLocalForwarding no
|
||
AuthenticationMethods publickey
|
||
'';
|
||
};
|
||
|
||
# Select internationalisation properties.
|
||
i18n = {
|
||
defaultLocale = "en_US.UTF-8";
|
||
extraLocaleSettings = {
|
||
LC_NUMERIC = "de_CH.UTF-8";
|
||
LC_TIME = "de_CH.UTF-8";
|
||
LC_MONETARY = "de_CH.UTF-8";
|
||
LC_PAPER = "de_CH.UTF-8";
|
||
LC_TELEPHONE = "de_CH.UTF-8";
|
||
LC_MEASUREMENT = "de_CH.UTF-8";
|
||
};
|
||
};
|
||
console = {
|
||
font = "Lat2-Terminus16";
|
||
keyMap = "us";
|
||
};
|
||
|
||
# Disable the root user
|
||
users.users.root.hashedPassword = "!";
|
||
# Define a user account. Don't forget to set a password with `passwd`.
|
||
users.users.${config.az-username} = {
|
||
isNormalUser = true;
|
||
initialPassword = "password";
|
||
extraGroups = [
|
||
"wheel"
|
||
"networkmanager"
|
||
];
|
||
openssh.authorizedKeys.keys = [
|
||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCR+JXNHSAEQamn2QiaKV0vejCPy6OmzOePXoaQF6CEknXyvBO4j7+qpgZ5RAhe7ups8xZrEpBKdtxRMf7OdQQEXg1PLlfWZSJTC8EGu1TbMltbwwHizgsK/15LkDhJ0Gk/GFz9O9GvGqjizik8Kvvqz8XWY0tEtYs5Riq8bB5D5Ctwl10iultqnIQkdaX0bNa/2X57XKeutWdbqhuSC/C7awC1aVDIdfy1BNT3weHhQhFVAeAlH7Fy4rx3gYPclICfzu27lulLeXKJj9F+NdeY84zEy7E8IkE7eqdo1zfdJJpXSIh3FqekWen5njzWJsXqZCa2Ynk1poK/Rv/ti+ySE+4XicyXp0VJM8fDz6iUI0S/pjumHwzpoN9CeNe5PDK3Y7iQzSlO9REvkj/+v7r2s6XKslk9B7hTKunvH5JgHlIeYymzXb4r2LggNrP/1KUgNk1Ztu+s1c5onXYfBNul1iQOFU3+kgTk8Oh/UFK3FA0dYeWrOLA02TdH2S7U6yE= andreas@gwyn"
|
||
|
||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDxBun0BYQaz/WjiP+g5+Hs9/JZnWAuLTpTVYgx/9shJwKS5Zu9K3I115DYOro/lpu0AMeeJca5We2AICcxYcM0lIZvsJqfOnFOHFjgmHxHc6IuzrUPM7msoLneF5lxfJ8ko2/LcFq8EtGlzjkllRpFpp2FtxDviD1lr4mJda4cOuQES4ujH3HP5Shpwa96oqnDENWCL+XPFe+Ur+88tuKTQ2MIX5Iqhs2sMIwsMI1o8HjBi4sMd+kd7qb232XcwWTlP3iIWvq/0D3OxZ6J6uSNyC4UCl781lupLOKrC6ml58RUrYP8nrF0a53+i0hgLuDiCWhj0vkY7W9nJW1no425 andreas@python"
|
||
|
||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPo4TJ6Fx4xWFWOi/L6WJs3luyJamISry2xvAh1hGZTM andreas@ipad"
|
||
];
|
||
};
|
||
|
||
# allow non-free packages
|
||
nixpkgs.config.allowUnfree = true;
|
||
|
||
nix = {
|
||
nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
|
||
registry = {
|
||
nixpkgs.flake = inputs.nixpkgs;
|
||
nix-config.flake = inputs.self;
|
||
};
|
||
|
||
package = pkgs.nix;
|
||
settings = {
|
||
warn-dirty = false;
|
||
auto-optimise-store = true;
|
||
experimental-features = [ "nix-command" "flakes" ];
|
||
trusted-users = [ "root" "@wheel" ];
|
||
min-free = 1000000000;
|
||
max-free = 10000000000;
|
||
connect-timeout = 5;
|
||
fallback = true;
|
||
};
|
||
# enable garbage collection
|
||
gc = {
|
||
automatic = true;
|
||
dates = "daily";
|
||
options = "--delete-older-than 30d";
|
||
};
|
||
};
|
||
|
||
security.sudo = {
|
||
extraRules =
|
||
let
|
||
storePrefix = "/nix/store/*";
|
||
systemName = "nixos-system-${config.networking.hostName}-*";
|
||
in
|
||
[
|
||
{
|
||
commands = [
|
||
{
|
||
command = "${storePrefix}-nix-*/bin/nix-env -p /nix/var/nix/profiles/system --set ${storePrefix}-${systemName}";
|
||
options = [ "NOPASSWD" ];
|
||
}
|
||
];
|
||
groups = [ "wheel" ];
|
||
}
|
||
{
|
||
commands = [
|
||
{
|
||
command = "${storePrefix}-${systemName}/bin/switch-to-configuration";
|
||
options = [ "NOPASSWD" ];
|
||
}
|
||
];
|
||
groups = [ "wheel" ];
|
||
}
|
||
{
|
||
commands = [
|
||
{
|
||
command = "/run/current-system/sw/bin/reboot";
|
||
options = [ "NOPASSWD" ];
|
||
}
|
||
];
|
||
groups = [ "wheel" ];
|
||
}
|
||
];
|
||
};
|
||
|
||
system.activationScripts.diff = {
|
||
supportsDryActivation = true;
|
||
text = ''
|
||
if [[ -e /run/current-system ]]; then
|
||
${pkgs.nix}/bin/nix store diff-closures /run/current-system "$systemConfig"
|
||
fi
|
||
'';
|
||
};
|
||
|
||
# This value determines the NixOS release from which the default
|
||
# settings for stateful data, like file locations and database versions
|
||
# on your system were taken. It‘s perfectly fine and recommended to leave
|
||
# this value at the release version of the first install of this system.
|
||
# Before changing this value read the documentation for this option
|
||
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
||
system.stateVersion = "23.05";
|
||
}
|
||
|