205 lines
3.7 KiB
Nix
205 lines
3.7 KiB
Nix
{ config, lib, inputs, system, ... }:
|
|
let
|
|
overlay = final: prev: {
|
|
helix = prev.helix // inputs.helix.packages.${system}.helix;
|
|
rtx = prev.rtx // inputs.rtx.packages.${system}.rtx;
|
|
};
|
|
pkgs = inputs.nixpkgs.legacyPackages.${system}.extend overlay;
|
|
in
|
|
{
|
|
services.journald.extraConfig = "SystemMaxUse=1G";
|
|
|
|
environment = {
|
|
variables = {
|
|
EDITOR = "hx";
|
|
VISUAL = "hx";
|
|
PAGER = "less";
|
|
MANPAGER = "less";
|
|
};
|
|
|
|
systemPackages = with pkgs; [
|
|
age
|
|
bat
|
|
bind
|
|
bottom
|
|
btrfs-progs
|
|
cue
|
|
curl
|
|
dog
|
|
dua
|
|
exa
|
|
fd
|
|
file
|
|
gnumake
|
|
gron
|
|
hexyl
|
|
htop
|
|
iputils
|
|
jq
|
|
killall
|
|
kitty # TODO: I really just need the terminfo on servers, though, right?
|
|
less
|
|
mosh
|
|
nmap
|
|
openssl
|
|
pciutils
|
|
pv
|
|
rclone
|
|
restic
|
|
ripgrep
|
|
rsync
|
|
sd
|
|
sops
|
|
smartmontools
|
|
sqlite
|
|
unzip
|
|
watchexec
|
|
wget
|
|
xh
|
|
zellij
|
|
zstd
|
|
] ++ [
|
|
inputs.helix.packages."x86_64-linux".helix
|
|
inputs.rtx.packages."x86_64-linux".rtx
|
|
];
|
|
};
|
|
|
|
users.users = {
|
|
daniel = {
|
|
isNormalUser = true;
|
|
home = "/home/daniel/.home";
|
|
openssh.authorizedKeys.keys = [
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAPLXOjupz3ScYjgrF+ehrbp9OvGAWQLI6fplX6w9Ijb daniel@lyte.dev"
|
|
];
|
|
group = "daniel";
|
|
extraGroups = [ "users" "wheel" "video" ];
|
|
packages = [ ];
|
|
};
|
|
|
|
root = {
|
|
openssh.authorizedKeys.keys = config.users.users.daniel.openssh.authorizedKeys.keys;
|
|
};
|
|
};
|
|
|
|
i18n = {
|
|
defaultLocale = "en_US.UTF-8";
|
|
};
|
|
|
|
services = {
|
|
xserver = {
|
|
layout = "us";
|
|
xkbOptions = "ctrl:nocaps";
|
|
};
|
|
|
|
openssh = {
|
|
enable = true;
|
|
|
|
settings = {
|
|
PasswordAuthentication = false;
|
|
};
|
|
|
|
# TODO: tailscale can handle this I think...?
|
|
openFirewall = lib.mkDefault true;
|
|
|
|
# listenAddresses = [
|
|
# { addr = "0.0.0.0"; port = 22; }
|
|
# ];
|
|
};
|
|
|
|
tailscale = {
|
|
enable = true;
|
|
useRoutingFeatures = lib.mkDefault "client";
|
|
};
|
|
|
|
fwupd.enable = true;
|
|
smartd.enable = true;
|
|
};
|
|
|
|
console = {
|
|
font = "Lat2-Terminus16";
|
|
useXkbConfig = true;
|
|
earlySetup = true;
|
|
|
|
# colors = [
|
|
# "111111"
|
|
# "f92672"
|
|
# "a6e22e"
|
|
# "f4bf75"
|
|
# "66d9ef"
|
|
# "ae81ff"
|
|
# "a1efe4"
|
|
# "f8f8f2"
|
|
# "75715e"
|
|
# "f92672"
|
|
# "a6e22e"
|
|
# "f4bf75"
|
|
# "66d9ef"
|
|
# "ae81ff"
|
|
# "a1efe4"
|
|
# "f9f8f5"
|
|
# ];
|
|
};
|
|
|
|
networking = {
|
|
useDHCP = lib.mkDefault true;
|
|
|
|
firewall = {
|
|
enable = lib.mkDefault true;
|
|
allowPing = lib.mkDefault true;
|
|
allowedTCPPorts = lib.mkDefault [ ];
|
|
allowedUDPPorts = lib.mkDefault [ ];
|
|
};
|
|
};
|
|
|
|
nix = {
|
|
settings = {
|
|
experimental-features = lib.mkDefault [ "nix-command" "flakes" ];
|
|
substituters = [
|
|
"https://nix.h.lyte.dev"
|
|
"https://nix-community.cachix.org"
|
|
"https://cache.nixos.org/"
|
|
];
|
|
trusted-public-keys = [
|
|
"h.lyte.dev:HeVWtne31ZG8iMf+c15VY3/Mky/4ufXlfTpT8+4Xbs0="
|
|
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
|
|
];
|
|
};
|
|
};
|
|
|
|
nixpkgs = {
|
|
config = {
|
|
allowUnfree = true;
|
|
};
|
|
hostPlatform = lib.mkDefault "x86_64-linux";
|
|
};
|
|
|
|
programs = {
|
|
fish = {
|
|
enable = true;
|
|
};
|
|
|
|
tmux = {
|
|
enable = true;
|
|
clock24 = true;
|
|
};
|
|
|
|
traceroute.enable = true;
|
|
|
|
git = {
|
|
enable = true;
|
|
|
|
lfs = {
|
|
enable = true;
|
|
};
|
|
};
|
|
};
|
|
|
|
time = {
|
|
timeZone = "America/Chicago";
|
|
};
|
|
|
|
users = {
|
|
defaultUserShell = pkgs.fish;
|
|
};
|
|
}
|