123 lines
2.5 KiB
Nix
123 lines
2.5 KiB
Nix
|
{ inputs, outputs, lib, pkgs, config, ... }:
|
||
|
{
|
||
|
imports = [
|
||
|
(import ./disko.nix { inherit inputs outputs; })
|
||
|
inputs.agenix.nixosModules.default
|
||
|
./network.nix
|
||
|
];
|
||
|
|
||
|
nixpkgs = {
|
||
|
hostPlatform = "x86_64-linux";
|
||
|
config = {
|
||
|
allowUnfree = true;
|
||
|
};
|
||
|
overlays = [
|
||
|
];
|
||
|
};
|
||
|
|
||
|
networking.hostName = "jeeves";
|
||
|
|
||
|
boot = {
|
||
|
loader.systemd-boot.enable = true;
|
||
|
kernelPackages = pkgs.linuxPackages_latest;
|
||
|
initrd.availableKernelModules = [
|
||
|
"nvme"
|
||
|
];
|
||
|
};
|
||
|
|
||
|
hardware.enableRedistributableFirmware = true;
|
||
|
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||
|
|
||
|
nix = {
|
||
|
registry =
|
||
|
lib.mapAttrs
|
||
|
(_: value: {
|
||
|
flake = value;
|
||
|
})
|
||
|
inputs;
|
||
|
|
||
|
nixPath =
|
||
|
lib.mapAttrsToList
|
||
|
(key: value:
|
||
|
"${key}=${value.to.path}")
|
||
|
config.nix.registry;
|
||
|
|
||
|
settings = {
|
||
|
experimental-features = "nix-command flakes";
|
||
|
auto-optimise-store = true;
|
||
|
};
|
||
|
};
|
||
|
|
||
|
programs.zsh.enable = true;
|
||
|
|
||
|
environment.systemPackages = with pkgs; [
|
||
|
git
|
||
|
neovim
|
||
|
];
|
||
|
|
||
|
# NOTE: made with `mkpasswd -m sha-516`
|
||
|
age.secrets."home/jeeves_password".file = ../../../../secrets/home/jeeves_password.age;
|
||
|
users = {
|
||
|
mutableUsers = true;
|
||
|
users = {
|
||
|
jeeves = {
|
||
|
isNormalUser = true;
|
||
|
shell = pkgs.zsh;
|
||
|
passwordFile = config.age.secrets."home/jeeves_password".path;
|
||
|
openssh.authorizedKeys.keys = [
|
||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBj8ZGcvI80WrJWV+dNy1a3L973ydSNqtwcVHzurDUaW (none)"
|
||
|
];
|
||
|
extraGroups = [
|
||
|
"wheel"
|
||
|
"networkmanager"
|
||
|
"audio"
|
||
|
"docker"
|
||
|
];
|
||
|
};
|
||
|
};
|
||
|
};
|
||
|
|
||
|
# reo101.jellyfin = {
|
||
|
# enable = true;
|
||
|
# image = "docker.io/jellyfin/jellyfin:latest";
|
||
|
# volumes = [
|
||
|
# "/var/cache/jellyfin/config:/config"
|
||
|
# "/var/cache/jellyfin/cache:/cache"
|
||
|
# "/var/log/jellyfin:/log"
|
||
|
# "/data/media/jellyfin:/media:ro"
|
||
|
# ];
|
||
|
# ports = [
|
||
|
# "8096:8096"
|
||
|
# ];
|
||
|
# };
|
||
|
|
||
|
security.sudo.extraRules= [
|
||
|
{
|
||
|
users = [
|
||
|
"jeeves"
|
||
|
];
|
||
|
commands = [
|
||
|
{
|
||
|
command = "ALL" ;
|
||
|
options= [ "NOPASSWD" ]; # "SETENV" # Adding the following could be a good idea
|
||
|
}
|
||
|
];
|
||
|
}
|
||
|
];
|
||
|
|
||
|
services.openssh = {
|
||
|
enable = true;
|
||
|
settings = {
|
||
|
PermitRootLogin = "no";
|
||
|
PasswordAuthentication = false;
|
||
|
};
|
||
|
};
|
||
|
|
||
|
boot.plymouth = {
|
||
|
enable = true;
|
||
|
};
|
||
|
|
||
|
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
|
||
|
system.stateVersion = "23.05";
|
||
|
}
|