blob: 764279dd860e62b90d1ebf6ea4aeceeaaa20e453 (
plain) (
tree)
|
|
# This holds configuration common across hosts
{
inputs,
outputs,
lib,
config,
pkgs,
...
}: {
# You can import other NixOS modules here
imports = [
inputs.home-manager.nixosModules.home-manager
inputs.impermanence.nixosModules.impermanence
./sops.nix
];
#home-manager.useGlobalPkgs = true;
home-manager.backupFileExtension = "backup";
home-manager.extraSpecialArgs = {
inherit inputs outputs;
};
nixpkgs = {
# You can add overlays here
overlays = [
# Add overlays your own flake exports (from overlays and pkgs dir):
outputs.overlays.additions
# outputs.overlays.modifications
outputs.overlays.stable-packages
# You can also add overlays exported from other flakes:
# neovim-nightly-overlay.overlays.default
# Or define it inline, for example:
# (final: prev: {
# hi = final.hello.overrideAttrs (oldAttrs: {
# patches = [ ./change-hello-to-hi.patch ];
# });
# })
];
config = {
allowUnfree = true;
};
};
nix = let
flakeInputs = lib.filterAttrs (_: lib.isType "flake") inputs;
in {
settings = {
# Enable flakes and new 'nix' command
experimental-features = "nix-command flakes ca-derivations";
accept-flake-config = true;
# Opinionated: disable global registry
flake-registry = "";
# Workaround for https://github.com/NixOS/nix/issues/9574
nix-path = config.nix.nixPath;
substituters = [
"https://cache.nixos.org/"
];
trusted-substituters = [
"https://cache.nixos.org"
"https://nixpkgs-ruby.cachix.org"
];
trusted-public-keys = [
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"nixpkgs-ruby.cachix.org-1:vrcdi50fTolOxWCZZkw0jakOnUI1T19oYJ+PRYdK4SM="
];
};
gc = {
automatic = true;
dates = "daily";
options = "--delete-older-than 7d";
};
# Opinionated: disable channels
channel.enable = false;
# Opinionated: make flake registry and nix path match flake inputs
registry = lib.mapAttrs (_: flake: {inherit flake;}) flakeInputs;
nixPath = lib.mapAttrsToList (n: _: "${n}=flake:${n}") flakeInputs;
};
time.timeZone = "America/Los_Angeles";
i18n.defaultLocale = "en_US.UTF-8";
console = {
font = "Lat2-Terminus16";
keyMap = "emacs2";
};
programs = {
sway.enable = true;
zsh.enable = true;
git.enable = true;
fuse.userAllowOther = true;
};
users.mutableUsers = false;
users.users.sadbeast = {
hashedPasswordFile = config.sops.secrets.sadbeast-password.path;
isNormalUser = true;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINGpEusv/bS34Q1JQxZXikdcwnq1vToz2d+HgV+E8NRX"
];
extraGroups = ["wheel" "audio" "video" "docker"];
shell = pkgs.zsh;
packages = [pkgs.home-manager];
};
sops.secrets.sadbeast-password = {
sopsFile = ../secrets.yaml;
neededForUsers = true;
};
home-manager.users.sadbeast = import ../../../home/sadbeast/${config.networking.hostName}.nix;
services = {
avahi = {
enable = true;
nssmdns4 = true;
openFirewall = true;
};
openssh = {
enable = true;
settings = {
# Opinionated: forbid root login through SSH.
PermitRootLogin = "no";
# Opinionated: use keys only.
PasswordAuthentication = false;
X11Forwarding = true;
};
};
pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};
printing.enable = true;
};
security = {
polkit.enable = true;
# rtkit is optional but recommended
rtkit.enable = true;
sudo.wheelNeedsPassword = false;
pam.services = {
swaylock = {};
};
};
# environment.persistence."/persistent" = {
# hideMounts = true;
# directories = [
# "/var/log"
# "/var/lib/nixos"
# "/var/lib/systemd"
# ];
# files = [
# "/etc/machine-id"
# "/var/lib/sops-nix/keys.txt"
# ];
# };
# system.activationScripts.persistent-dirs.text = let
# mkHomePersist = user:
# lib.optionalString user.createHome ''
# mkdir -p /persistent/${user.home}
# chown ${user.name}:${user.group} /persistent/${user.home}
# chmod ${user.homeMode} /persistent/${user.home}
# '';
# users = lib.attrValues config.users.users;
# in
# lib.concatLines (map mkHomePersist users);
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
system.stateVersion = "24.11";
}
|
