tristan/nix
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity
nix/os-mods/common/default.nix

177 lines
3.6 KiB
Nix
Raw Blame History

{ config
, lib
, pkgs
, inputs
, system
, ...
}: {
nixpkgs.hostPlatform = lib.mkDefault system;
nix = {
gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 2w";
};
settings.auto-optimise-store = true;
package = pkgs.nixFlakes;
extraOptions = ''
experimental-features = nix-command flakes
'';
};
home-manager.backupFileExtension = "bak";
# locale
time.timeZone = "Europe/Berlin";
i18n = {
defaultLocale = "en_US.UTF-8";
extraLocaleSettings = {
LANG = "en_US.UTF-8";
LC_ADDRESS = "de_DE.UTF-8";
LC_COLLATE = "de_DE.UTF-8";
LC_CTYPE = "en_US.UTF-8";
LC_IDENTIFICATION = "de_DE.UTF-8";
LC_MEASUREMENT = "de_DE.UTF-8";
LC_MESSAGES = "en_US.UTF-8";
LC_MONETARY = "de_DE.UTF-8";
LC_NAME = "de_DE.UTF-8";
LC_NUMERIC = "de_DE.UTF-8";
LC_PAPER = "de_DE.UTF-8";
LC_TELEPHONE = "de_DE.UTF-8";
LC_TIME = "de_DE.UTF-8";
};
};
####################
security = {
pki.certificates = [
(lib.readFile ../../ext/internal-ca.crt)
];
rtkit.enable = true;
sudo.enable = false;
sudo-rs = {
enable = true;
wheelNeedsPassword = false;
execWheelOnly = true;
};
};
environment.sessionVariables = {
EDITOR = "nvim";
};
environment.systemPackages = with pkgs; [
curl
fish
figlet
neovim # editor
nix-alien
veracrypt
git
vim # fallback ed
wget
];
fileSystems."/etc/nixos" = {
device = lib.mkDefault "/home/tristand/nix";
fsType = "none";
options = [ "bind" ];
};
programs = {
rust-motd = {
enable = true;
enableMotdInSSHD = true;
settings = {
banner = {
color = "green";
command = ''
${pkgs.inetutils}/bin/hostname | ${pkgs.figlet}/bin/figlet -f slant
'';
};
uptime = {
prefix = "Up";
};
global = {
progress_full_character = "=";
progress_empty_character = "-";
progress_prefix = "[";
progress_suffix = "]";
};
filesystems = {
root = "/";
home = "/home";
};
memory.swap_pos = "beside";
last_login = builtins.listToAttrs (map
(user: {
name = user;
value = 2;
})
(builtins.attrNames config.home-manager.users));
};
order = [
"global"
"banner"
"uptime"
"memory"
"filesystems"
"last_login"
];
};
nix-ld.enable = true;
nix-ld.package = pkgs.nix-ld-rs;
command-not-found.enable = false;
nix-index-database.comma.enable = true;
fish.enable = true;
gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
};
services = {
fwupd.enable = true;
envfs.enable = true;
openssh = {
enable = true;
settings = {
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
PubKeyAuthentication = true;
};
extraConfig = ''
AllowTcpForwarding yes
X11Forwarding no
AllowAgentForwarding no
AllowStreamLocalForwarding no
AuthenticationMethods publickey
'';
};
gvfs.enable = true;
avahi.enable = true;
avahi.nssmdns4 = true;
};
networking.firewall = {
extraCommands = ''iptables -t raw -A OUTPUT -p udp -m udp --dport 137 -j CT --helper netbios-ns'';
allowedTCPPortRanges = [
{
from = 22;
to = 22;
} # ssh
];
};
}
Reference in a new issue View git blame Copy permalink