confix/nixos/base.nix
2024-01-14 22:07:28 -08:00

127 lines
2.7 KiB
Nix
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Base configuration.nix
{ config, lib, pkgs, inputs, user, ... }:
{
nix = {
settings.auto-optimise-store = true;
settings.allowed-users = [ "@wheel" ];
gc = {
automatic = true;
dates = "weekly";
persistent = true;
options = "--delete-older-than 30d";
};
package = pkgs.nixFlakes;
registry.nixpkgs.flake = inputs.nixpkgs;
extraOptions = ''
experimental-features = nix-command flakes
keep-outputs = true
keep-derivations = true
'';
};
nixpkgs.config.allowUnfree = true;
networking.networkmanager.enable = true;
time.timeZone = "America/Los_Angeles";
i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8";
};
services = {
cron = {
enable = true;
systemCronJobs = [
# Clean logs older than 2d
"0 20 * * * root journalctl --vacuum-time=2d"
];
};
openssh = {
enable = true;
settings = {
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
PermitRootLogin = "no";
};
allowSFTP = false; # Don't set this if you need sftp
extraConfig = ''
AllowTcpForwarding yes
X11Forwarding no
AllowAgentForwarding no
AllowStreamLocalForwarding no
AuthenticationMethods publickey
'';
};
};
# Define a user account. Don't forget to set a password with passwd
users.users.${user.name} = {
isNormalUser = true;
extraGroups = [ "networkmanager" "wheel" ];
initialPassword = "hunter2";
packages = with pkgs; [
eva
gotop
links2
nix-du
nmap
ranger
];
};
programs = {
mtr.enable = true;
gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
git = {
enable = true;
};
neovim = {
enable = true;
defaultEditor = true;
viAlias = true;
vimAlias = true;
};
tmux = {
enable = true;
};
};
# List packages installed in system profile. To search, run:
# $ nix search wget
environment = {
defaultPackages = with pkgs; [
perl
rsync
strace
];
systemPackages = with pkgs; [
curl
wget
];
};
system = {
autoUpgrade = {
enable = true;
allowReboot = false;
flake = "https://git.sdf.org/${user.long}/confix.git";
flags = [
"--update-input"
"nixpkgs"
"--commit-lockfile"
];
};
stateVersion = "22.11";
};
}