Refactor the Nix config management.

2026-02-06 21:31:22 +01:00 · 2026-02-06 21:31:22 +01:00 · aca053b4e1
commit aca053b4e1
parent 55fe63bcdb
23 changed files with 954 additions and 1764 deletions
--- a/nix-system-configs/modules/lix-default.nix
+++ b/nix-system-configs/modules/lix-default.nix
@ -0,0 +1,111 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}: {
+  # Make Lix the default package manager and expose the overlay
+  nixpkgs.overlays = [
+    (final: prev: {
+      inherit
+        (prev.lixPackageSets.stable)
+        nixpkgs-review
+        nix-eval-jobs
+        nix-fast-build
+        colmena
+        ;
+    })
+  ];
+  nix.package = pkgs.lixPackageSets.stable.lix;
+
+  # Always Enable RSync
+  services.rsync.enable = true;
+
+  # Enable SSH
+  services.openssh = {
+    enable = true;
+    ports = [22];
+    settings = {
+      PasswordAuthentication = false;
+      AllowUsers = null;
+      PermitRootLogin = "no";
+    };
+  };
+
+  # Enable Hardware Key Passwordless Sudo
+  security.pam.u2f.enable = true;
+  security.pam.u2f.settings = {
+    authfile = "/etc/u2f_keys";
+    authpending_file = "";
+    pinverification = 0;
+    userpresence = 1;
+  };
+
+  # Enable SSH Passwordless Sudo
+  security.pam.enableSSHAgentAuth = true;
+  security.pam.sshAgentAuth = {
+    enable = true;
+    authorizedKeysFiles = [
+      "/etc/ssh/authorized_keys.d/${user}.keys"
+    ];
+  };
+
+  # Set your time zone.
+  time.timeZone = "Europe/Copenhagen";
+
+  # Select internationalisation properties.
+  i18n.defaultLocale = "en_AU.UTF-8";
+
+  i18n.extraLocaleSettings = {
+    LC_ADDRESS = "et_EE.UTF-8";
+    LC_IDENTIFICATION = "et_EE.UTF-8";
+    LC_MEASUREMENT = "et_EE.UTF-8";
+    LC_MONETARY = "et_EE.UTF-8";
+    LC_NAME = "et_EE.UTF-8";
+    LC_NUMERIC = "et_EE.UTF-8";
+    LC_PAPER = "et_EE.UTF-8";
+    LC_TELEPHONE = "et_EE.UTF-8";
+    LC_TIME = "et_EE.UTF-8";
+  };
+
+  # Configure keymap in X11
+  services.xserver.xkb = {
+    layout = "us";
+    variant = "";
+  };
+
+  # Enable zram swap
+  zramSwap = {
+    enable = true;
+    memoryPercent = 50;
+  };
+
+  # Allow unfree packages
+  nixpkgs.config.allowUnfree = true;
+
+  # Automatic upgrades
+  system.autoUpgrade = {
+    enable = true; # Set to true for automatic updates
+    dates = "daily";
+    allowReboot = false;
+  };
+
+  # Add common networking/debugging tools to all systems by default
+  environment.systemPackages = with pkgs; [
+    bind
+    wget
+    curl
+    dnsutils
+    dig
+    arp-scan
+    tcpdump
+    iproute2
+    ethtool
+    btop
+    iotop
+    micro
+    helix
+    fastfetch
+    git
+  ];
+}