{ config , lib , pkgs , inputs , system , ... }: { nixpkgs.hostPlatform = lib.mkDefault system; nix = { gc = { automatic = true; dates = "weekly"; options = "--delete-older-than 2w"; randomizedDelaySec = "45min"; }; settings.auto-optimise-store = true; package = pkgs.nixFlakes; extraOptions = '' experimental-features = nix-command flakes ''; }; home-manager.backupFileExtension = "bak"; # locale time.timeZone = "Europe/Berlin"; i18n = { defaultLocale = "en_US.UTF-8"; extraLocaleSettings = { LANG = "en_US.UTF-8"; LC_ADDRESS = "de_DE.UTF-8"; LC_COLLATE = "de_DE.UTF-8"; LC_CTYPE = "en_US.UTF-8"; LC_IDENTIFICATION = "de_DE.UTF-8"; LC_MEASUREMENT = "de_DE.UTF-8"; LC_MESSAGES = "en_US.UTF-8"; LC_MONETARY = "de_DE.UTF-8"; LC_NAME = "de_DE.UTF-8"; LC_NUMERIC = "de_DE.UTF-8"; LC_PAPER = "de_DE.UTF-8"; LC_TELEPHONE = "de_DE.UTF-8"; LC_TIME = "de_DE.UTF-8"; }; }; #################### security = { pki.certificates = [ (lib.readFile ../../ext/internal-ca.crt) ]; rtkit.enable = true; sudo.enable = false; sudo-rs = { enable = true; wheelNeedsPassword = false; execWheelOnly = true; }; }; environment.sessionVariables = { EDITOR = "nvim"; }; environment.systemPackages = with pkgs; [ fclones curl fish figlet neovim # editor nix-alien veracrypt git vim # fallback ed wget ## MONITORING TOOLS ## btop # for CPU, RAM, and Disk monitoring iotop # for disk I/O monitoring iftop # for network I/O monitoring ]; fileSystems."/etc/nixos" = { device = lib.mkDefault "/home/tristand/nix"; fsType = "none"; options = [ "bind" ]; }; programs = { rust-motd = { enable = true; enableMotdInSSHD = true; settings = { banner = { color = "green"; command = '' ${pkgs.inetutils}/bin/hostname | ${pkgs.figlet}/bin/figlet -f slant ''; }; uptime = { prefix = "Up"; }; global = { progress_full_character = "="; progress_empty_character = "-"; progress_prefix = "["; progress_suffix = "]"; }; filesystems = { root = "/"; home = "/home"; }; memory.swap_pos = "beside"; last_login = builtins.listToAttrs (map (user: { name = user; value = 2; }) (builtins.attrNames config.home-manager.users)); }; order = [ "global" "banner" "uptime" "memory" "filesystems" "last_login" ]; }; nix-ld.enable = true; nix-ld.package = pkgs.nix-ld-rs; command-not-found.enable = false; nix-index-database.comma.enable = true; fish.enable = true; gnupg.agent = { enable = true; # enableSSHSupport = true; # breaks gitea foo pinentryPackage = lib.mkForce pkgs.pinentry-qt; }; }; services = { fwupd.enable = true; # envfs.enable = true; # not needed due to flake timesyncd.enable = false; ntp.enable = false; ntpd-rs.enable = true; openssh = { enable = true; settings = { PasswordAuthentication = false; KbdInteractiveAuthentication = false; PubKeyAuthentication = true; }; extraConfig = '' AllowTcpForwarding yes X11Forwarding no AllowAgentForwarding no AllowStreamLocalForwarding yes AuthenticationMethods publickey ''; }; gvfs.enable = true; avahi.enable = true; avahi.nssmdns4 = true; }; networking.firewall = { extraCommands = ''iptables -t raw -A OUTPUT -p udp -m udp --dport 137 -j CT --helper netbios-ns''; allowedTCPPortRanges = [ { from = 22; to = 22; } # ssh ]; }; }