rilla
/
nix-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
nix-config/modules/nixos/common/default.nix

112 lines
2.4 KiB
Nix
Raw Blame History

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

# common
{ inputs, outputs, lib, config, pkgs, ... }:
{
nix = {
package = pkgs.nixFlakes;
extraOptions = ''
experimental-features = nix-command flakes
'';
optimise.automatic = true;
gc = {
automatic = true;
options = "--delete-older-than 30d";
};
};
nixpkgs = {
overlays = [
outputs.overlays.additions
outputs.overlays.modifications
];
config.allowUnfree = true;
};
time.timeZone = "Europe/Madrid";
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
console = {
font = "Lat2-Terminus16";
keyMap = "us";
};
security = {
doas = {
enable = true;
extraRules = [{
groups = [ "wheel" ];
keepEnv = true;
noPass = true;
}];
};
sudo.enable = false;
};
environment.systemPackages = with pkgs; [ git vim wget just ripgrep deploy-rs ];
environment.etc = {
user-ca-pub = {
target = "/etc/ssh/user_ca.pub";
source = ./user_ca.pub;
};
};
services.openssh = {
enable = true;
settings = {
PermitRootLogin = "no";
PasswordAuthentication = false;
};
hostKeys = [{
path = "/etc/ssh/ssh_host_ed25519_key";
type = "ed25519";
}];
knownHosts = {
"*.monotremata.xyz,10.*,narwhal,suricata,pikvm,caladan,fugu,lb,cuina,trantor,capibara,axolotl" =
{
certAuthority = true;
publicKey =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHperHwojXZeo3QWAu1f3kiCKeaHHSqBXJM6ZZEefxdd host_ca";
};
};
extraConfig = ''
HostCertificate /etc/ssh/ssh_host_ed25519_key-cert.pub
TrustedUserCAKeys /etc/ssh/user_ca.pub
'';
};
users.mutableUsers = false;
users.groups = {
dags.gid = 506;
};
users.users = {
root = {
initialHashedPassword = "$6$tzMk5I1KZlx7byaO$BvlSz7Cgo1g09e4RpxAjrZEuCptzjibF8nDWDfnOImTbz61Py/qzATDAa7HwAC3JyiZxb.2slTb.vA.f25ypd1";
};
rilla = {
uid = 1000;
isNormalUser = true;
extraGroups = [ "wheel" ]; # Enable sudo for the user.
initialHashedPassword = "$6$tzMk5I1KZlx7byaO$BvlSz7Cgo1g09e4RpxAjrZEuCptzjibF8nDWDfnOImTbz61Py/qzATDAa7HwAC3JyiZxb.2slTb.vA.f25ypd1";
};
dags = {
uid = 506;
group = "dags";
extraGroups = [ "wheel" ];
createHome = false;
isSystemUser = true;
password = "*";
useDefaultShell = true;
};
};
}
Reference in New Issue View Git Blame Copy Permalink