2021-11-28 01:10:36 +00:00
|
|
|
|
{ config, pkgs, ... }:
|
|
|
|
|
|
|
|
|
|
let
|
|
|
|
|
publicKey = pkgs.fetchurl {
|
|
|
|
|
url = "https://github.com/jamesepatrick.keys";
|
2021-11-28 22:20:38 +00:00
|
|
|
|
sha256 = "sha256-Btjo+v/xA26CwwFauNmSdJOauIq/yZoBV1Com39nu6E=";
|
2021-11-28 01:10:36 +00:00
|
|
|
|
};
|
2021-11-28 22:20:10 +00:00
|
|
|
|
in {
|
2021-11-28 01:10:36 +00:00
|
|
|
|
# Allow Cleanup, nix, & flakes
|
|
|
|
|
nix = {
|
|
|
|
|
autoOptimiseStore = true;
|
|
|
|
|
allowedUsers = [ "@wheel" ];
|
|
|
|
|
gc = {
|
|
|
|
|
automatic = true;
|
|
|
|
|
dates = "daily";
|
|
|
|
|
};
|
|
|
|
|
package = pkgs.nixUnstable;
|
|
|
|
|
extraOptions = ''
|
2021-11-28 22:20:10 +00:00
|
|
|
|
experimental-features = nix-command flakes
|
|
|
|
|
'';
|
2021-11-28 01:10:36 +00:00
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
# Enable bootloader & clear /tmp on boot.
|
|
|
|
|
boot = {
|
|
|
|
|
cleanTmpDir = true;
|
|
|
|
|
loader = {
|
|
|
|
|
systemd-boot.enable = true;
|
|
|
|
|
efi.canTouchEfiVariables = true;
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
# Locale
|
|
|
|
|
time.timeZone = "America/New_York";
|
|
|
|
|
i18n.defaultLocale = "en_US.UTF-8";
|
|
|
|
|
console = {
|
|
|
|
|
font = "Lat2-Terminus16";
|
|
|
|
|
keyMap = "us";
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
# Define a user account. Don't forget to set a password with ‘passwd’.
|
2021-11-28 22:20:10 +00:00
|
|
|
|
users.users = {
|
2021-11-28 01:10:36 +00:00
|
|
|
|
root.initialPassword = "nixos";
|
|
|
|
|
james = {
|
|
|
|
|
description = "James Patrick";
|
|
|
|
|
extraGroups = [ "wheel" ];
|
|
|
|
|
initialPassword = "nixos";
|
|
|
|
|
isNormalUser = true;
|
|
|
|
|
openssh.authorizedKeys.keyFiles = [ publicKey ];
|
|
|
|
|
shell = pkgs.zsh;
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
# These are the most basic tools I need.
|
2021-11-28 22:20:10 +00:00
|
|
|
|
environment.systemPackages = with pkgs; [ nixfmt git gnumake vim zsh ];
|
2021-11-28 01:10:36 +00:00
|
|
|
|
|
|
|
|
|
networking = {
|
|
|
|
|
firewall = {
|
|
|
|
|
enable = true;
|
|
|
|
|
allowedTCPPorts = [ 443 80 ];
|
|
|
|
|
allowedUDPPorts = [ 443 80 ];
|
|
|
|
|
allowPing = false;
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
# Some programs need SUID wrappers, can be configured further or are
|
|
|
|
|
# started in user sessions.
|
|
|
|
|
programs.mtr.enable = true;
|
|
|
|
|
programs.gnupg.agent = {
|
|
|
|
|
enable = true;
|
|
|
|
|
enableSSHSupport = true;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
# Openssh settings for security
|
|
|
|
|
services.openssh = {
|
|
|
|
|
enable = true;
|
|
|
|
|
permitRootLogin = "no";
|
|
|
|
|
passwordAuthentication = false;
|
|
|
|
|
};
|
|
|
|
|
}
|