This repository has been archived on 2023-08-08. You can view files and clone it, but cannot push or open issues or pull requests.
nil/configuration.nix

80 lines
1.8 KiB
Nix
Raw Normal View History

2021-11-28 01:10:36 +00:00
{ config, pkgs, ... }:
let
publicKey = pkgs.fetchurl {
url = "https://github.com/jamesepatrick.keys";
2021-11-28 22:20:38 +00:00
sha256 = "sha256-Btjo+v/xA26CwwFauNmSdJOauIq/yZoBV1Com39nu6E=";
2021-11-28 01:10:36 +00:00
};
2021-11-28 22:20:10 +00:00
in {
2021-11-28 01:10:36 +00:00
# Allow Cleanup, nix, & flakes
nix = {
autoOptimiseStore = true;
allowedUsers = [ "@wheel" ];
gc = {
automatic = true;
dates = "daily";
};
package = pkgs.nixUnstable;
extraOptions = ''
2021-11-28 22:20:10 +00:00
experimental-features = nix-command flakes
'';
2021-11-28 01:10:36 +00:00
};
# Enable bootloader & clear /tmp on boot.
boot = {
cleanTmpDir = true;
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
};
# Locale
time.timeZone = "America/New_York";
i18n.defaultLocale = "en_US.UTF-8";
console = {
font = "Lat2-Terminus16";
keyMap = "us";
};
# Define a user account. Don't forget to set a password with passwd.
2021-11-28 22:20:10 +00:00
users.users = {
2021-11-28 01:10:36 +00:00
root.initialPassword = "nixos";
james = {
description = "James Patrick";
extraGroups = [ "wheel" ];
initialPassword = "nixos";
isNormalUser = true;
openssh.authorizedKeys.keyFiles = [ publicKey ];
shell = pkgs.zsh;
};
};
# These are the most basic tools I need.
2021-11-28 22:20:10 +00:00
environment.systemPackages = with pkgs; [ nixfmt git gnumake vim zsh ];
2021-11-28 01:10:36 +00:00
networking = {
firewall = {
enable = true;
allowedTCPPorts = [ 443 80 ];
allowedUDPPorts = [ 443 80 ];
allowPing = false;
};
};
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
programs.mtr.enable = true;
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
# Openssh settings for security
services.openssh = {
enable = true;
permitRootLogin = "no";
passwordAuthentication = false;
};
}