128 lines
2.8 KiB
Nix
128 lines
2.8 KiB
Nix
# Base configuration.nix
|
||
{ config, lib, pkgs, inputs, user, ... }:
|
||
{
|
||
nix = {
|
||
settings.auto-optimise-store = true;
|
||
settings.allowed-users = [ "@wheel" ];
|
||
gc = {
|
||
automatic = true;
|
||
dates = "weekly";
|
||
persistent = true;
|
||
options = "--delete-older-than 30d";
|
||
};
|
||
package = pkgs.nixFlakes;
|
||
registry.nixpkgs.flake = inputs.nixpkgs;
|
||
extraOptions = ''
|
||
experimental-features = nix-command flakes
|
||
keep-outputs = true
|
||
keep-derivations = true
|
||
'';
|
||
};
|
||
boot = {
|
||
tmp.cleanOnBoot = true;
|
||
};
|
||
nixpkgs.config.allowUnfree = true;
|
||
networking.networkmanager.enable = true;
|
||
time.timeZone = "America/Los_Angeles";
|
||
i18n.defaultLocale = "en_US.UTF-8";
|
||
i18n.extraLocaleSettings = {
|
||
LC_ADDRESS = "en_US.UTF-8";
|
||
LC_IDENTIFICATION = "en_US.UTF-8";
|
||
LC_MEASUREMENT = "en_US.UTF-8";
|
||
LC_MONETARY = "en_US.UTF-8";
|
||
LC_NAME = "en_US.UTF-8";
|
||
LC_NUMERIC = "en_US.UTF-8";
|
||
LC_PAPER = "en_US.UTF-8";
|
||
LC_TELEPHONE = "en_US.UTF-8";
|
||
LC_TIME = "en_US.UTF-8";
|
||
};
|
||
|
||
services = {
|
||
cron = {
|
||
enable = true;
|
||
systemCronJobs = [
|
||
# Clean logs older than 2d
|
||
"0 20 * * * root journalctl --vacuum-time=2d"
|
||
];
|
||
};
|
||
openssh = {
|
||
enable = true;
|
||
settings = {
|
||
PasswordAuthentication = false;
|
||
KbdInteractiveAuthentication = false;
|
||
PermitRootLogin = "no";
|
||
};
|
||
allowSFTP = false; # Don't set this if you need sftp
|
||
extraConfig = ''
|
||
AllowTcpForwarding yes
|
||
X11Forwarding no
|
||
AllowAgentForwarding no
|
||
AllowStreamLocalForwarding no
|
||
AuthenticationMethods publickey
|
||
'';
|
||
};
|
||
};
|
||
|
||
# Define a user account. Don't forget to set a password with ‘passwd’
|
||
users.users.${user.name} = {
|
||
isNormalUser = true;
|
||
extraGroups = [ "networkmanager" "wheel" ];
|
||
initialPassword = "hunter2";
|
||
packages = with pkgs; [
|
||
eva
|
||
gotop
|
||
links2
|
||
nix-du
|
||
nmap
|
||
ranger
|
||
];
|
||
};
|
||
|
||
programs = {
|
||
mtr.enable = true;
|
||
gnupg.agent = {
|
||
enable = true;
|
||
enableSSHSupport = true;
|
||
};
|
||
git = {
|
||
enable = true;
|
||
};
|
||
neovim = {
|
||
enable = true;
|
||
defaultEditor = true;
|
||
viAlias = true;
|
||
vimAlias = true;
|
||
};
|
||
tmux = {
|
||
enable = true;
|
||
};
|
||
};
|
||
|
||
# List packages installed in system profile. To search, run:
|
||
# $ nix search wget
|
||
environment = {
|
||
defaultPackages = with pkgs; [
|
||
perl
|
||
rsync
|
||
strace
|
||
];
|
||
systemPackages = with pkgs; [
|
||
curl
|
||
wget
|
||
];
|
||
};
|
||
system = {
|
||
autoUpgrade = {
|
||
enable = true;
|
||
allowReboot = false;
|
||
flake = "https://git.sdf.org/${user.long}/confix.git";
|
||
flags = [
|
||
"--update-input"
|
||
"nixpkgs"
|
||
"--commit-lockfile"
|
||
];
|
||
};
|
||
stateVersion = "22.11";
|
||
};
|
||
}
|