This repository has been archived on 2023-08-08. You can view files and clone it, but cannot push or open issues or pull requests.
nil/configuration.nix
2021-11-28 17:20:38 -05:00

80 lines
1.8 KiB
Nix
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{ config, pkgs, ... }:
let
publicKey = pkgs.fetchurl {
url = "https://github.com/jamesepatrick.keys";
sha256 = "sha256-Btjo+v/xA26CwwFauNmSdJOauIq/yZoBV1Com39nu6E=";
};
in {
# Allow Cleanup, nix, & flakes
nix = {
autoOptimiseStore = true;
allowedUsers = [ "@wheel" ];
gc = {
automatic = true;
dates = "daily";
};
package = pkgs.nixUnstable;
extraOptions = ''
experimental-features = nix-command flakes
'';
};
# Enable bootloader & clear /tmp on boot.
boot = {
cleanTmpDir = true;
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
};
# Locale
time.timeZone = "America/New_York";
i18n.defaultLocale = "en_US.UTF-8";
console = {
font = "Lat2-Terminus16";
keyMap = "us";
};
# Define a user account. Don't forget to set a password with passwd.
users.users = {
root.initialPassword = "nixos";
james = {
description = "James Patrick";
extraGroups = [ "wheel" ];
initialPassword = "nixos";
isNormalUser = true;
openssh.authorizedKeys.keyFiles = [ publicKey ];
shell = pkgs.zsh;
};
};
# These are the most basic tools I need.
environment.systemPackages = with pkgs; [ nixfmt git gnumake vim zsh ];
networking = {
firewall = {
enable = true;
allowedTCPPorts = [ 443 80 ];
allowedUDPPorts = [ 443 80 ];
allowPing = false;
};
};
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
programs.mtr.enable = true;
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
# Openssh settings for security
services.openssh = {
enable = true;
permitRootLogin = "no";
passwordAuthentication = false;
};
}