# Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running ‘nixos-help’). { config, lib, pkgs, modulesPath, ... }: let unstable = import { config = { allowUnfree = true; }; }; in { imports = [ # Include the results of the hardware scan. (modulesPath + "/installer/scan/not-detected.nix") ]; boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "ehci_pci" "usbhid" "uas" "sd_mod" ]; boot.kernelModules = [ "kvm-amd" ]; fileSystems."/" = { device = "/dev/disk/by-uuid/2e2ad73a-6264-4a7b-8439-9c05295d903d"; fsType = "f2fs"; }; swapDevices = [ ]; networking.useDHCP = lib.mkDefault true; hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; # Use the GRUB 2 boot loader. boot.loader.grub.enable = true; boot.loader.grub.version = 2; # boot.loader.grub.efiSupport = true; # boot.loader.grub.efiInstallAsRemovable = true; # boot.loader.efi.efiSysMountPoint = "/boot/efi"; # Define on which hard drive you want to install Grub. boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only networking.hostName = "rascal"; # Define your hostname. # Pick only one of the below networking options. # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. # Set your time zone. time.timeZone = "America/Chicago"; # Define a user account. Don't forget to set a password with ‘passwd’. users.users.daniel = { shell = pkgs.fish; isNormalUser = true; extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. packages = with pkgs; [ ]; }; users.users.beefcake = { # used for restic backups isNormalUser = true; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAPLXOjupz3ScYjgrF+ehrbp9OvGAWQLI6fplX6w9Ijb daniel@lyte.dev" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK7HrojwoyHED+A/FzRjYmIL0hzofwBd9IYHH6yV0oPO root@beefcake" ]; }; # List packages installed in system profile. To search, run: # $ nix search wget environment.systemPackages = with pkgs; [ unstable.helix # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. unstable.zellij tmux curl wget exa sd smartmontools fd git fish ripgrep rnix-lsp wireguard-tools tailscale ]; # Some programs need SUID wrappers, can be configured further or are # started in user sessions. # programs.mtr.enable = true; # programs.gnupg.agent = { # enable = true; # enableSSHSupport = true; # }; # List services that you want to enable: services.smartd.enable = true; # Enable the OpenSSH daemon. services.openssh.enable = true; services.openssh.passwordAuthentication = false; services.tailscale.enable = true; environment.variables = { EDITOR = "hx"; FISH_START_ZELLIJ = "true"; }; # Open ports in the firewall. networking.firewall.allowedTCPPorts = [ 22 ]; networking.firewall.allowedUDPPorts = [ 51820 ]; networking.firewall.checkReversePath = "loose"; # Or disable the firewall altogether. # networking.firewall.enable = false; # Copy the NixOS configuration file and link it from the resulting system # (/run/current-system/configuration.nix). This is useful in case you # accidentally delete configuration.nix. system.copySystemConfiguration = true; # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave # this value at the release version of the first install of this system. # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "22.05"; # Did you read the comment? networking.wireguard.interfaces = { wg0 = { ips = [ "10.0.10.15/24" ]; listenPort = 51820; privateKeyFile = "/root/wg.key"; peers = [ { publicKey = "c6gERFUqFr8aTSyRF9c4IF2aah8WbUsO/Qo8QJQ2Hzk="; allowedIPs = [ "0.0.0.0/0" ]; endpoint = "vpn4.h.lyte.dev:51820"; # ToDo: route to endpoint not automatically configured https://wiki.archlinux.org/index.php/WireGuard#Loop_routing https://discourse.nixos.org/t/solved-minimal-firewall-setup-for-wireguard-client/7577 persistentKeepalive = 25; } ]; }; }; }