chase/nix-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
bb55528d609969513fd22ee87b29ad9fe452a5a5
nix-config/nixos/base.nix

239 lines
4.6 KiB
Nix
Raw Blame History

{
config,
pkgs,
lib,
inputs,
...
}: {
# Bootloader.
boot.loader = {
efi.canTouchEfiVariables = true;
systemd-boot = {
enable = true;
configurationLimit = 10;
};
};
# Garbage collection
nix = {
gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 1w";
};
nixPath = ["nixpkgs=${inputs.nixpkgs}"];
settings = {
auto-optimise-store = true;
download-buffer-size = 524288000;
experimental-features = ["nix-command" "flakes"];
};
};
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
# Set your time zone.
time.timeZone = "America/New_York";
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "C.UTF-8";
};
# Configure keymap
console.keyMap = lib.mkDefault "jp106";
services.xserver.xkb = {
layout = lib.mkDefault "jp";
model = lib.mkDefault "jp106";
};
# Allow power management
powerManagement.enable = true;
# Enable networking
networking.networkmanager.enable = true;
# Catppuccin
catppuccin = {
enable = true;
flavor = "mocha";
};
# Android debug tools
programs.adb.enable = true;
# Bash config
programs.bash = {
blesh.enable = true;
};
# zsh config
programs.zsh = {
enable = true;
enableCompletion = true;
enableBashCompletion = true;
autosuggestions.enable = true;
syntaxHighlighting.enable = true;
};
# Define a user account
users.users.chase = {
isNormalUser = true;
description = "Chase";
extraGroups = [
"adbusers"
"audio"
"cdrom"
"dialout"
"kvm"
"networkmanager"
"tss"
"video"
"wheel"
];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFSQX+s8Krl312DcnUtoEWOA2silcUnt5URtyVZz8Yek"
];
shell = pkgs.zsh;
};
# Install git and enable cache
programs.git = {
enable = true;
config = {
init = {
defaultBranch = "main";
};
credential = {
helper = "cache --timeout 21600";
};
};
};
# Install Neovim
programs.neovim = {
enable = true;
defaultEditor = true;
configure = {
customRC = ''
set autoindent
set number relativenumber
set tabstop=4
colorscheme catppuccin-mocha
'';
packages.myVimPackage = with pkgs.vimPlugins; {
start = [catppuccin-nvim];
};
};
viAlias = true;
vimAlias = true;
};
# ssh agent
programs.gnupg.agent.enable = true;
programs.ssh = {
enableAskPassword = false;
};
sops = {
defaultSopsFile = ../secrets.yaml;
validateSopsFiles = false;
age = {
sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
keyFile = "/var/lib/sops-nix/key.txt";
generateKey = true;
};
secrets = {
"smb-username" = {};
"smb-password" = {};
};
templates = {
"smb-credentials".content = ''
username=${config.sops.placeholder.smb-username}
password=${config.sops.placeholder.smb-password}
'';
};
};
# List packages installed in system profile.
environment.systemPackages = with pkgs; [
alejandra
bitwarden-cli
cifs-utils
flashrom
gcc
nixd
pam_u2f
pciutils
python3
qemu
rustup
sbctl
sops
usbutils
wget
yubikey-manager
];
security.pam = lib.optionalAttrs pkgs.stdenv.isLinux {
sshAgentAuth.enable = true;
u2f = {
enable = true;
settings = {
cue = false;
authFile = "~/.config/Yubico/u2f_keys";
};
};
services = {
login.u2fAuth = true;
sudo = {
u2fAuth = true;
};
};
};
security.tpm2 = {
enable = true;
pkcs11.enable = true;
tctiEnvironment.enable = true;
};
services.fstrim.enable = lib.mkDefault true;
# Firmware updates
services.fwupd.enable = true;
# Enable the OpenSSH daemon.
services.openssh = {
enable = true;
settings = {
PermitRootLogin = "no";
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
};
};
services.pcscd.enable = true;
# Enable CUPS to print documents.
services.printing.enable = true;
services.udev.packages = with pkgs; [
yubikey-personalization
];
services.yubikey-agent.enable = true;
}
Reference in New Issue View Git Blame Copy Permalink