nix/nixos/common.nix

205 lines
3.7 KiB
Nix

{ config, lib, inputs, system, ... }:
let
overlay = final: prev: {
helix = prev.helix // inputs.helix.packages.${system}.helix;
rtx = prev.rtx // inputs.rtx.packages.${system}.rtx;
};
pkgs = inputs.nixpkgs.legacyPackages.${system}.extend overlay;
in
{
services.journald.extraConfig = "SystemMaxUse=1G";
environment = {
variables = {
EDITOR = "hx";
VISUAL = "hx";
PAGER = "less";
MANPAGER = "less";
};
systemPackages = with pkgs; [
age
bat
bind
bottom
btrfs-progs
cue
curl
dog
dua
exa
fd
file
gnumake
gron
hexyl
htop
iputils
jq
killall
kitty # TODO: I really just need the terminfo on servers, though, right?
less
mosh
nmap
openssl
pciutils
pv
rclone
restic
ripgrep
rsync
sd
sops
smartmontools
sqlite
unzip
watchexec
wget
xh
zellij
zstd
] ++ [
inputs.helix.packages."x86_64-linux".helix
inputs.rtx.packages."x86_64-linux".rtx
];
};
users.users = {
daniel = {
isNormalUser = true;
home = "/home/daniel/.home";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAPLXOjupz3ScYjgrF+ehrbp9OvGAWQLI6fplX6w9Ijb daniel@lyte.dev"
];
group = "daniel";
extraGroups = [ "users" "wheel" "video" ];
packages = [ ];
};
root = {
openssh.authorizedKeys.keys = config.users.users.daniel.openssh.authorizedKeys.keys;
};
};
i18n = {
defaultLocale = "en_US.UTF-8";
};
services = {
xserver = {
layout = "us";
xkbOptions = "ctrl:nocaps";
};
openssh = {
enable = true;
settings = {
PasswordAuthentication = false;
};
# TODO: tailscale can handle this I think...?
openFirewall = lib.mkDefault true;
# listenAddresses = [
# { addr = "0.0.0.0"; port = 22; }
# ];
};
tailscale = {
enable = true;
useRoutingFeatures = lib.mkDefault "client";
};
fwupd.enable = true;
smartd.enable = true;
};
console = {
font = "Lat2-Terminus16";
useXkbConfig = true;
earlySetup = true;
# colors = [
# "111111"
# "f92672"
# "a6e22e"
# "f4bf75"
# "66d9ef"
# "ae81ff"
# "a1efe4"
# "f8f8f2"
# "75715e"
# "f92672"
# "a6e22e"
# "f4bf75"
# "66d9ef"
# "ae81ff"
# "a1efe4"
# "f9f8f5"
# ];
};
networking = {
useDHCP = lib.mkDefault true;
firewall = {
enable = lib.mkDefault true;
allowPing = lib.mkDefault true;
allowedTCPPorts = lib.mkDefault [ ];
allowedUDPPorts = lib.mkDefault [ ];
};
};
nix = {
settings = {
experimental-features = lib.mkDefault [ "nix-command" "flakes" ];
substituters = [
"https://nix.h.lyte.dev"
"https://nix-community.cachix.org"
"https://cache.nixos.org/"
];
trusted-public-keys = [
"h.lyte.dev:HeVWtne31ZG8iMf+c15VY3/Mky/4ufXlfTpT8+4Xbs0="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
};
};
nixpkgs = {
config = {
allowUnfree = true;
};
hostPlatform = lib.mkDefault "x86_64-linux";
};
programs = {
fish = {
enable = true;
};
tmux = {
enable = true;
clock24 = true;
};
traceroute.enable = true;
git = {
enable = true;
lfs = {
enable = true;
};
};
};
time = {
timeZone = "America/Chicago";
};
users = {
defaultUserShell = pkgs.fish;
};
}