111 lines
2.2 KiB
Nix
111 lines
2.2 KiB
Nix
{
|
|
config,
|
|
pkgs,
|
|
lib,
|
|
...
|
|
}: {
|
|
# Make Lix the default package manager and expose the overlay
|
|
nixpkgs.overlays = [
|
|
(final: prev: {
|
|
inherit
|
|
(prev.lixPackageSets.stable)
|
|
nixpkgs-review
|
|
nix-eval-jobs
|
|
nix-fast-build
|
|
colmena
|
|
;
|
|
})
|
|
];
|
|
nix.package = pkgs.lixPackageSets.stable.lix;
|
|
|
|
# Always Enable RSync
|
|
services.rsync.enable = true;
|
|
|
|
# Enable SSH
|
|
services.openssh = {
|
|
enable = true;
|
|
ports = [22];
|
|
settings = {
|
|
PasswordAuthentication = false;
|
|
AllowUsers = null;
|
|
PermitRootLogin = "no";
|
|
};
|
|
};
|
|
|
|
# Enable Hardware Key Passwordless Sudo
|
|
security.pam.u2f.enable = true;
|
|
security.pam.u2f.settings = {
|
|
authfile = "/etc/u2f_keys";
|
|
authpending_file = "";
|
|
pinverification = 0;
|
|
userpresence = 1;
|
|
};
|
|
|
|
# Enable SSH Passwordless Sudo
|
|
security.pam.enableSSHAgentAuth = true;
|
|
security.pam.sshAgentAuth = {
|
|
enable = true;
|
|
authorizedKeysFiles = [
|
|
"/etc/ssh/authorized_keys.d/${config.local.username}.keys"
|
|
];
|
|
};
|
|
|
|
# Set your time zone.
|
|
time.timeZone = "Europe/Copenhagen";
|
|
|
|
# Select internationalisation properties.
|
|
i18n.defaultLocale = "en_AU.UTF-8";
|
|
|
|
i18n.extraLocaleSettings = {
|
|
LC_ADDRESS = "et_EE.UTF-8";
|
|
LC_IDENTIFICATION = "et_EE.UTF-8";
|
|
LC_MEASUREMENT = "et_EE.UTF-8";
|
|
LC_MONETARY = "et_EE.UTF-8";
|
|
LC_NAME = "et_EE.UTF-8";
|
|
LC_NUMERIC = "et_EE.UTF-8";
|
|
LC_PAPER = "et_EE.UTF-8";
|
|
LC_TELEPHONE = "et_EE.UTF-8";
|
|
LC_TIME = "et_EE.UTF-8";
|
|
};
|
|
|
|
# Configure keymap in X11
|
|
services.xserver.xkb = {
|
|
layout = "us";
|
|
variant = "";
|
|
};
|
|
|
|
# Enable zram swap
|
|
zramSwap = {
|
|
enable = true;
|
|
memoryPercent = 50;
|
|
};
|
|
|
|
# Allow unfree packages
|
|
nixpkgs.config.allowUnfree = true;
|
|
|
|
# Automatic upgrades
|
|
system.autoUpgrade = {
|
|
enable = true; # Set to true for automatic updates
|
|
dates = "daily";
|
|
allowReboot = false;
|
|
};
|
|
|
|
# Add common networking/debugging tools to all systems by default
|
|
environment.systemPackages = with pkgs; [
|
|
bind
|
|
wget
|
|
curl
|
|
dnsutils
|
|
dig
|
|
arp-scan
|
|
tcpdump
|
|
iproute2
|
|
ethtool
|
|
btop
|
|
iotop
|
|
micro
|
|
helix
|
|
fastfetch
|
|
git
|
|
];
|
|
}
|