crony/nix-conf
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
nix-conf/hosts/tyr/configuration.nix

171 lines
3.7 KiB
Nix
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
config,
inputs,
pkgs,
...
}: {
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
./disk-config.nix
];
# Bootloader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
# Get nicer hostname
networking.hostName = "tyr"; # Define your hostname.
# Enable flakes
nix.settings.experimental-features = ["nix-command" "flakes"];
# Setup gpu
hardware.graphics = {
enable = true;
enable32Bit = true;
};
# Set your time zone.
time.timeZone = "Europe/Zagreb";
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "hr_HR.UTF-8";
LC_IDENTIFICATION = "hr_HR.UTF-8";
LC_MEASUREMENT = "hr_HR.UTF-8";
LC_MONETARY = "hr_HR.UTF-8";
LC_NAME = "hr_HR.UTF-8";
LC_NUMERIC = "hr_HR.UTF-8";
LC_PAPER = "hr_HR.UTF-8";
LC_TELEPHONE = "hr_HR.UTF-8";
LC_TIME = "hr_HR.UTF-8";
};
# Enable seatd
services.seatd.enable = true;
# Enable sound with pipewire.
services.pulseaudio.enable = false;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
pulse.enable = true;
alsa = {
enable = true;
support32Bit = true;
};
};
# Fix not saving my state
hardware.alsa.enablePersistence = true;
# Enable polkit
security.polkit.enable = true;
# Define a user account. Don't forget to set a password with passwd.
users.users.crony = {
isNormalUser = true;
description = "Crony";
hashedPasswordFile = "${config.age.secrets.crony-passwd.path}";
extraGroups = ["networkmanager" "wheel" "video" "input" "audio" "gamemode" "seat" "realtime"];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBJLduAXHWJiglmfRfkBGKffzVWkJP6porxIzw6+Zz3W crony@cronyakatsuki.xyz"
];
};
users.users.root.hashedPasswordFile = "${config.age.secrets.root-passwd.path}";
users.mutableUsers = false;
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
# Setup community cache
nix.settings = {
substituters = [
"https://nix-community.cachix.org"
];
trusted-public-keys = [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
};
# Optimise storage
nix.optimise = {
automatic = true;
dates = ["weekly"];
};
# List packages installed in system profile
environment.systemPackages = with pkgs; [
lm_sensors
libva-utils
alsa-utils
neovim
podman-compose
podman-tui
];
services.openssh = {
enable = true;
settings = {
X11Forwarding = false;
PasswordAuthentication = false;
};
extraConfig = ''
PubkeyAuthentication yes
PermitEmptyPasswords no
AddressFamily inet
MaxAuthTries 3
'';
};
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBJLduAXHWJiglmfRfkBGKffzVWkJP6porxIzw6+Zz3W crony@cronyakatsuki.xyz"
];
services.fail2ban = {
enable = true;
};
# Enable my specific settings
crony.secrets.enable = true;
# Optimise storage
nix.optimise = {
automatic = true;
dates = "weekly";
};
nix.gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 10d";
};
# setup podman for virtualisation
virtualisation = {
podman = {
enable = true;
dockerCompat = true;
autoPrune = {
enable = true;
dates = "weekly";
flags = [
"--filter=until=24h"
"--filter=label!=important"
];
};
defaultNetwork.settings.dns.enable = true;
};
};
# Enable nixd to see nixpkgs path
nix.nixPath = ["nixpkgs=${inputs.nixpkgs}"];
# DO NOT CHANGE
system.stateVersion = "24.11";
}
Reference in a new issue View git blame Copy permalink