193 lines
3.8 KiB
Nix
193 lines
3.8 KiB
Nix
{ config, pkgs, ... }:
|
|
|
|
let
|
|
my-python-packages = python-packages: with python-packages; [
|
|
pip
|
|
pipx
|
|
python-dateutil
|
|
setuptools
|
|
requests
|
|
];
|
|
python-with-my-packages = pkgs.python3Full.withPackages my-python-packages;
|
|
in
|
|
{
|
|
nix = {
|
|
settings = {
|
|
experimental-features = [ "nix-command" "flakes" ];
|
|
warn-dirty = false;
|
|
auto-optimise-store = true;
|
|
trusted-users = [ "root" "don" ];
|
|
};
|
|
gc = {
|
|
automatic = true;
|
|
dates = "weekly";
|
|
options = "--delete-older-than 7d";
|
|
};
|
|
};
|
|
imports =
|
|
[
|
|
./systemd.nix
|
|
./tailscale.nix
|
|
./upgrade-diff.nix
|
|
];
|
|
|
|
networking.networkmanager.enable = true;
|
|
networking.enableIPv6 = true;
|
|
networking.useDHCP = false;
|
|
|
|
time = {
|
|
timeZone = "America/Chicago";
|
|
hardwareClockInLocalTime = false;
|
|
};
|
|
|
|
i18n.defaultLocale = "en_US.utf8";
|
|
|
|
boot = {
|
|
kernelParams = [ "consoleblank=60" ];
|
|
loader = {
|
|
systemd-boot = {
|
|
enable = true;
|
|
};
|
|
efi = {
|
|
canTouchEfiVariables = true;
|
|
efiSysMountPoint = "/boot";
|
|
};
|
|
};
|
|
plymouth = {
|
|
enable = true;
|
|
theme = "breeze";
|
|
};
|
|
kernel = {
|
|
sysctl = { "vm.swappiness" = 10;};
|
|
};
|
|
};
|
|
|
|
security = {
|
|
sudo.enable = false;
|
|
doas = {
|
|
enable = true;
|
|
extraRules = [{
|
|
users = [ "don" ];
|
|
keepEnv = true;
|
|
noPass = true;
|
|
}];
|
|
};
|
|
};
|
|
|
|
services = {
|
|
pcscd = {
|
|
enable = true;
|
|
};
|
|
udisks2 = {
|
|
enable = true;
|
|
};
|
|
nscd = {
|
|
enableNsncd = true;
|
|
};
|
|
tailscale = {
|
|
enable = true;
|
|
};
|
|
locate = {
|
|
enable = true;
|
|
package = pkgs.mlocate;
|
|
localuser = null;
|
|
};
|
|
openssh = {
|
|
enable = true;
|
|
settings = {
|
|
PasswordAuthentication = false;
|
|
KbdInteractiveAuthentication = false;
|
|
PermitRootLogin = "yes";
|
|
};
|
|
};
|
|
};
|
|
|
|
security.rtkit.enable = true;
|
|
|
|
users.users = {
|
|
don = {
|
|
isNormalUser = true;
|
|
initialPassword = "changeme";
|
|
description = "Don Harper";
|
|
extraGroups = [ "networkmanager" "wheel" "scanner" "lp" "video" "mlocate" "disk" ];
|
|
openssh.authorizedKeys.keys = [
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINd8AdVbQQ/Fmw+b9mI8EMYqIoRkwmSwAOtmlte3incL don@loki"
|
|
];
|
|
};
|
|
root = {
|
|
initialPassword = "changeme";
|
|
openssh.authorizedKeys.keys = [
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINd8AdVbQQ/Fmw+b9mI8EMYqIoRkwmSwAOtmlte3incL don@loki"
|
|
];
|
|
};
|
|
};
|
|
|
|
#nixpkgs.config.allowUnfree = true;
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
python-with-my-packages
|
|
aspell
|
|
aspellDicts.en
|
|
bash-completion
|
|
nix-bash-completions
|
|
btop
|
|
git-crypt
|
|
gitFull
|
|
home-manager
|
|
hunspell
|
|
hunspellDicts.en_US
|
|
isync
|
|
lsb-release
|
|
pkg-config
|
|
poppler_utils
|
|
ruby
|
|
udiskie
|
|
];
|
|
|
|
programs = {
|
|
dconf = {
|
|
enable = true;
|
|
};
|
|
mtr = {
|
|
enable = true;
|
|
};
|
|
gnupg = {
|
|
agent = {
|
|
enable = true;
|
|
pinentryPackage = pkgs.pinentry-curses;
|
|
enableSSHSupport = true;
|
|
};
|
|
};
|
|
};
|
|
|
|
|
|
nixpkgs.overlays = [
|
|
(final: super:{ khal = super.khal.overridePythonAttrs (_: { doCheck = false; }); })
|
|
];
|
|
|
|
# Open ports in the firewall.
|
|
networking.firewall = {
|
|
enable = false;
|
|
trustedInterfaces = [ "tailscale0" ];
|
|
checkReversePath = "loose";
|
|
allowedUDPPorts = [ config.services.tailscale.port ];
|
|
allowedTCPPorts = [ 22 ];
|
|
};
|
|
|
|
|
|
system.stateVersion = "23.11";
|
|
programs.msmtp = {
|
|
enable = true;
|
|
accounts = {
|
|
default = {
|
|
auth = true;
|
|
tls = true;
|
|
port = 587;
|
|
from = "duck@duckland.org";
|
|
host = "smtp.gmail.com";
|
|
user = "duckunix@gmail.com";
|
|
passwordeval = "cat /home/don/.smtp_password.txt";
|
|
};
|
|
};
|
|
};
|
|
}
|