{ config, pkgs, lib, inputs, ... }: { # Bootloader. boot.loader.systemd-boot = { enable = true; configurationLimit = 10; }; boot.loader.efi.canTouchEfiVariables = true; # Garbage collection nix.gc = { automatic = true; dates = "weekly"; options = "--delete-older-than 1w"; }; # Optimize store nix.settings.auto-optimise-store = true; # Allow power management powerManagement.enable = true; # Firmware updates services.fwupd.enable = true; # Enable networking networking.networkmanager.enable = true; # Set your time zone. time.timeZone = "America/New_York"; # Select internationalisation properties. i18n.defaultLocale = "en_US.UTF-8"; i18n.extraLocaleSettings = { LC_ADDRESS = "en_US.UTF-8"; LC_IDENTIFICATION = "en_US.UTF-8"; LC_MEASUREMENT = "en_US.UTF-8"; LC_MONETARY = "en_US.UTF-8"; LC_NAME = "en_US.UTF-8"; LC_NUMERIC = "en_US.UTF-8"; LC_PAPER = "en_US.UTF-8"; LC_TELEPHONE = "en_US.UTF-8"; LC_TIME = "C.UTF-8"; }; # Catppuccin catppuccin = { enable = true; flavor = "mocha"; }; # Configure keymap console.keyMap = "jp106"; services.xserver.xkb = { layout = lib.mkDefault "jp"; model = "jp106"; }; # Enable CUPS to print documents. services.printing.enable = true; # Enable Flakes nix.settings.experimental-features = ["nix-command" "flakes"]; # Allow unfree packages nixpkgs.config.allowUnfree = true; # Android debug tools programs.adb.enable = true; # Bash config programs.bash = { blesh.enable = true; }; # Define a user account users.users.chase = { isNormalUser = true; description = "Chase"; extraGroups = [ "adbusers" "audio" "cdrom" "dialout" "kvm" "networkmanager" "tss" "video" "wheel" ]; }; # Install git and enable cache programs.git = { enable = true; config = { init = { defaultBranch = "main"; }; credential = { helper = "cache --timeout 21600"; }; }; }; # Install Neovim programs.neovim = { enable = true; defaultEditor = true; configure = { customRC = '' set autoindent set number relativenumber set tabstop=4 colorscheme catppuccin-mocha ''; packages.myVimPackage = with pkgs.vimPlugins; { start = [catppuccin-nvim]; }; }; viAlias = true; vimAlias = true; }; sops = { defaultSopsFile = ../secrets.yaml; validateSopsFiles = false; age = { sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"]; keyFile = "/var/lib/sops-nix/key.txt"; generateKey = true; }; secrets = { "smb-username" = {}; "smb-password" = {}; }; templates = { "smb-credentials".content = '' username=${config.sops.placeholder.smb-username} password=${config.sops.placeholder.smb-password} ''; }; }; # List packages installed in system profile. environment.systemPackages = with pkgs; [ alejandra bitwarden-cli cifs-utils flashrom gcc nixd pam_u2f pciutils python3 qemu rustup sbctl usbutils wget yubikey-manager ]; nix.nixPath = ["nixpkgs=${inputs.nixpkgs}"]; # ssh agent # programs.mtr.enable = true; programs.gnupg.agent.enable = true; programs.ssh = { enableAskPassword = false; }; services.fstrim.enable = lib.mkDefault true; # Enable the OpenSSH daemon. services.openssh = { enable = true; settings = { PermitRootLogin = "no"; PasswordAuthentication = false; KbdInteractiveAuthentication = false; }; }; services.pcscd.enable = true; services.udev.packages = with pkgs; [ yubikey-personalization ]; services.yubikey-agent.enable = true; security.pam = lib.optionalAttrs pkgs.stdenv.isLinux { sshAgentAuth.enable = true; u2f = { enable = true; settings = { cue = false; authFile = "~/.config/Yubico/u2f_keys"; }; }; services = { login.u2fAuth = true; sudo = { u2fAuth = true; }; }; }; security.tpm2 = { enable = true; pkcs11.enable = true; tctiEnvironment.enable = true; }; }