57 lines
1.1 KiB
Nix
57 lines
1.1 KiB
Nix
# Fireweed configuration.nix
|
|
{ config, lib, pkgs, inputs, user, ... }:
|
|
let
|
|
hostname="fireweed";
|
|
in
|
|
{
|
|
imports = [
|
|
./hardware-configuration.nix
|
|
];
|
|
boot = {
|
|
loader = {
|
|
systemd-boot = {
|
|
enable = true;
|
|
configurationLimit = 10;
|
|
};
|
|
efi.canTouchEfiVariables = true;
|
|
efi.efiSysMountPoint = "/boot/efi";
|
|
timeout = 2;
|
|
};
|
|
|
|
# Hardware-configuration edits
|
|
kernel.sysctl."net.ipv4.ip_forward" = 1;
|
|
|
|
# Clean /tmp at boot
|
|
tmp.cleanOnBoot = true;
|
|
};
|
|
networking = {
|
|
hostName = "${hostname}"; # Define your hostname.
|
|
firewall = {
|
|
# To disable the firewall altogether:
|
|
# enable = false;
|
|
allowedTCPPorts = [ 445 139 ];
|
|
allowedUDPPorts = [ 137 138 ];
|
|
};
|
|
};
|
|
users.users.${user.name} = {
|
|
extraGroups = [ "davfs2" ];
|
|
packages = with pkgs; [
|
|
];
|
|
};
|
|
services = {
|
|
davfs2 = {
|
|
enable = true;
|
|
};
|
|
mullvad-vpn = {
|
|
enable = true;
|
|
package = pkgs.mullvad-vpn;
|
|
};
|
|
cage = {
|
|
enable = true;
|
|
program = "${pkgs.foot}/bin/foot";
|
|
user = "${user.name}";
|
|
};
|
|
};
|
|
getty.autologinUser = "${user.name}";
|
|
}
|