confix/nixos/base.nix

128 lines
2.8 KiB
Nix
Raw Normal View History

# Base configuration.nix
2023-07-31 00:21:32 -04:00
{ config, lib, pkgs, inputs, user, ... }:
{
nix = {
settings.auto-optimise-store = true;
settings.allowed-users = [ "@wheel" ];
gc = {
automatic = true;
dates = "weekly";
persistent = true;
options = "--delete-older-than 30d";
};
package = pkgs.nixFlakes;
registry.nixpkgs.flake = inputs.nixpkgs;
extraOptions = ''
experimental-features = nix-command flakes
keep-outputs = true
keep-derivations = true
'';
};
2024-01-16 22:43:56 -05:00
boot = {
tmp.cleanOnBoot = true;
};
nixpkgs.config.allowUnfree = true;
2023-07-31 00:21:32 -04:00
networking.networkmanager.enable = true;
time.timeZone = "America/Los_Angeles";
i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8";
};
services = {
cron = {
enable = true;
systemCronJobs = [
# Clean logs older than 2d
"0 20 * * * root journalctl --vacuum-time=2d"
];
};
openssh = {
enable = true;
settings = {
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
PermitRootLogin = "no";
};
allowSFTP = false; # Don't set this if you need sftp
extraConfig = ''
AllowTcpForwarding yes
X11Forwarding no
AllowAgentForwarding no
AllowStreamLocalForwarding no
AuthenticationMethods publickey
'';
};
};
# Define a user account. Don't forget to set a password with passwd
2023-07-31 00:21:32 -04:00
users.users.${user.name} = {
isNormalUser = true;
extraGroups = [ "networkmanager" "wheel" ];
initialPassword = "hunter2";
packages = with pkgs; [
eva
gotop
links2
nix-du
nmap
ranger
];
2023-07-31 00:21:32 -04:00
};
programs = {
mtr.enable = true;
gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
git = {
enable = true;
};
2023-07-31 00:21:32 -04:00
neovim = {
enable = true;
defaultEditor = true;
viAlias = true;
vimAlias = true;
};
tmux = {
enable = true;
};
};
# List packages installed in system profile. To search, run:
# $ nix search wget
environment = {
defaultPackages = with pkgs; [
perl
rsync
strace
];
systemPackages = with pkgs; [
curl
wget
];
2023-07-31 00:21:32 -04:00
};
system = {
2024-01-15 01:07:28 -05:00
autoUpgrade = {
enable = true;
allowReboot = false;
flake = "https://git.sdf.org/${user.long}/confix.git";
flags = [
"--update-input"
"nixpkgs"
"--commit-lockfile"
];
};
2023-07-31 00:21:32 -04:00
stateVersion = "22.11";
};
}