130 lines
3.1 KiB
Nix
130 lines
3.1 KiB
Nix
{
|
|
config,
|
|
lib,
|
|
pkgs,
|
|
...
|
|
}:
|
|
|
|
let
|
|
users = {
|
|
fhauser = {
|
|
uid = 1000;
|
|
isNormalUser = true;
|
|
description = "Fabian Hauser";
|
|
group = "fhauser";
|
|
extraGroups = [
|
|
"wheel"
|
|
"video"
|
|
"docker"
|
|
"networkmanager"
|
|
"libvirtd"
|
|
"adbusers"
|
|
];
|
|
hashedPassword = "$6$rounds=20000$TYZ8CojfBLwejcwn$smEJe6/anL9NGf.Ytfny14nBfhr4TRPv2XK1lgHz7yg.zQow1HACePirEjsjxzFC6vTHGaT8t2NxobUsHbWLg1";
|
|
openssh.authorizedKeys.keys = [
|
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDIPF8ZV7vhpbVvLxiKq8ANVusNUHMbtii5MuvjxCbVz7vSNVPo9OOLvYyDqhbRAWMTdQeGZVAaALBufKKmprDTRFMpnA7Ut4TFrdz/5DTaR2KEjJ7P75moH+0xooR/GsbzFGsNBSQSXK3u1igndPYEC/PqCHN++32kDo2wLqTB4VLrEovU3iq8BMckn329Bu1fGbXKTgDpEvUEEwFO2brQZLMmzILGF/v4B9ImEGtinAUNgDSfEpgPN23sdWQH9rwEClGv95JmWNf05tuVomhZzOBtCFoAno3XB1nj16avjsqJ3aGFY2CCcfsNrwKzhIotmm82bcI4BJuJIVRIKbZ1 cardno:000603507108"
|
|
];
|
|
};
|
|
|
|
empty0 = {
|
|
uid = 1003;
|
|
isNormalUser = true;
|
|
description = "Testuser empty0";
|
|
group = "empty0";
|
|
extraGroups = [ "video" ];
|
|
hashedPassword = "$6$mlI7Au.EzmrL9uJj$vz8ujechSkx83tsFcRA8D04vh5.3ZwPlPmE.wsf2CTKvLio48a1eXtRxUHkkDfPlLAjqyJ55bSSw2lLazH9Ip/";
|
|
};
|
|
};
|
|
in
|
|
{
|
|
imports = [
|
|
../../modules
|
|
./unfree.nix
|
|
./applications.nix
|
|
./overlays.nix
|
|
];
|
|
|
|
boot.loader.timeout = 2;
|
|
boot.tmp.useTmpfs = true;
|
|
boot.kernelPackages = pkgs.linuxPackages_latest;
|
|
|
|
catppuccin.flavor = "mocha";
|
|
|
|
console.keyMap = "de_CH-latin1";
|
|
console.catppuccin.enable = true;
|
|
i18n.defaultLocale = "en_US.UTF-8";
|
|
|
|
users.mutableUsers = false;
|
|
users.groups = {
|
|
fhauser.gid = 1000;
|
|
empty0.gid = 1003;
|
|
};
|
|
users.users = users // {
|
|
root.openssh.authorizedKeys.keys =
|
|
with lib;
|
|
concatLists (
|
|
mapAttrsToList (
|
|
name: user: if elem "wheel" user.extraGroups then user.openssh.authorizedKeys.keys else [ ]
|
|
) users
|
|
);
|
|
};
|
|
|
|
# Package management
|
|
nix = {
|
|
settings.trusted-users = [
|
|
"root"
|
|
"@wheel"
|
|
];
|
|
optimise.automatic = true;
|
|
gc = {
|
|
automatic = true;
|
|
dates = "weekly";
|
|
options = "--delete-older-than 60d";
|
|
};
|
|
package = pkgs.nixFlakes;
|
|
extraOptions = ''
|
|
experimental-features = nix-command flakes
|
|
'';
|
|
registry = {
|
|
system.to = {
|
|
type = "path";
|
|
path = pkgs.path;
|
|
};
|
|
};
|
|
};
|
|
|
|
system.autoUpgrade.enable = true;
|
|
system.autoUpgrade.allowReboot = false;
|
|
|
|
# System Services
|
|
services.btrfs.autoScrub.enable = true;
|
|
services.fwupd.enable = true;
|
|
|
|
# Network services
|
|
networking.networkmanager.enable = true;
|
|
networking.firewall = {
|
|
allowPing = true;
|
|
allowedTCPPorts = [ 22 ];
|
|
};
|
|
|
|
services.openssh = {
|
|
enable = true;
|
|
settings.PasswordAuthentication = false;
|
|
};
|
|
|
|
security.acme = {
|
|
acceptTerms = true;
|
|
defaults.email = "sysadmin@qo.is";
|
|
};
|
|
|
|
# Default Settings
|
|
environment.etc = {
|
|
gitconfig.source = ./etc/gitconfig;
|
|
vimrc.source = ./etc/vimrc;
|
|
};
|
|
|
|
programs.autojump.enable = true;
|
|
programs.vim.defaultEditor = true;
|
|
|
|
services.dbus.implementation = "broker";
|
|
}
|