2024-12-20 22:37:44 -05:00
{
config ,
lib ,
pkgs ,
pkgs-unstable ,
home-manager ,
. . .
} :
2024-12-17 15:26:10 -05:00
{
2024-12-20 22:37:44 -05:00
imports = [
./roles/reset
2024-12-21 10:18:28 -05:00
./roles/iso
2024-12-20 22:37:44 -05:00
./hosts/odo
" ${
builtins . fetchTarball {
url = " h t t p s : / / g i t h u b . c o m / n i x - c o m m u n i t y / d i s k o / a r c h i v e / r e f s / t a g s / v 1 . 9 . 0 . t a r . g z " ;
sha256 = " 0 j 7 6 a r 4 q z 3 2 0 f a k d i i 4 6 5 9 w 5 l w w 8 w i z 6 y b 7 g 4 7 n p y w q v f 2 l b p 3 8 8 " ;
}
} /module.nix "
./boot.nix
./zfs.nix
./network.nix
./roles/firewall
2024-12-23 11:14:18 -05:00
./roles/zsh
2024-12-20 22:37:44 -05:00
./roles/graphics
./roles/sound
./roles/sway
./roles/alacritty
./roles/firefox
2024-12-22 00:48:57 -05:00
./roles/chromium
2024-12-20 22:37:44 -05:00
./roles/emacs
./roles/git
./roles/fonts
./roles/gpg
2024-12-21 10:18:28 -05:00
./roles/waybar
./roles/qemu
2024-12-20 22:37:44 -05:00
] ;
2024-12-17 15:26:10 -05:00
2024-12-20 22:37:44 -05:00
nix . settings . experimental-features = [
" n i x - c o m m a n d "
" f l a k e s "
] ;
2024-12-19 18:09:48 -05:00
nix . settings . trusted-users = [ " @ w h e e l " ] ;
2024-12-17 15:26:10 -05:00
2024-12-23 10:00:01 -05:00
# boot.kernelPackages = pkgs.linuxPackages_6_11;
2024-12-19 19:52:27 -05:00
hardware . enableRedistributableFirmware = true ;
2024-12-19 19:36:10 -05:00
2024-12-21 17:15:54 -05:00
services . getty = {
autologinUser = " t a l e x a n d e r " ; # I use full disk encryption so the user password is irrelevant.
autologinOnce = true ;
} ;
2024-12-17 15:26:10 -05:00
users . mutableUsers = false ;
users . users . talexander = {
isNormalUser = true ;
createHome = true ; # https://github.com/NixOS/nixpkgs/issues/6481
2024-12-20 15:22:46 -05:00
group = " t a l e x a n d e r " ;
2024-12-17 15:26:10 -05:00
extraGroups = [ " w h e e l " ] ;
2024-12-20 15:22:46 -05:00
uid = 11235 ;
2024-12-17 15:26:10 -05:00
packages = with pkgs ; [
tree
] ;
# Generate with `mkpasswd -m scrypt`
hashedPassword = " $ 7 $ C U . . . . / . . . . V X v N Q 8 z a 3 w S G p d z G X N T 5 0 / $ H c F t n / y v w P M C w 4 8 8 8 B e l p i A P L A x e / z U 8 7 f D . d / N 6 U 4 8 " ;
openssh . authorizedKeys . keys = [
" s s h - e d 2 5 5 1 9 A A A A C 3 N z a C 1 l Z D I 1 N T E 5 A A A A I G u + k 5 l r i r o k d W 5 z V d R V B O q E O A v A P l I k G / M d J N c 9 g 5 k y "
" s k - s s h - e d 2 5 5 1 9 @ o p e n s s h . c o m A A A A G n N r L X N z a C 1 l Z D I 1 N T E 5 Q G 9 w Z W 5 z c 2 g u Y 2 9 t A A A A I E I 6 m u 6 I 5 J p + I b 0 v J x a p G H b E S h Z j y v z V 8 j z 5 D n z D r I 3 9 A A A A B H N z a D o = "
" s k - s s h - e d 2 5 5 1 9 @ o p e n s s h . c o m A A A A G n N r L X N z a C 1 l Z D I 1 N T E 5 Q G 9 w Z W 5 z c 2 g u Y 2 9 t A A A A I A F N c S X w v y + b r Y T O G o 5 6 G 9 3 P t u q 2 M m Z s j v R W A f M q b m M L A A A A B H N z a D o = "
] ;
} ;
2024-12-20 15:22:46 -05:00
users . groups . talexander . gid = 11235 ;
2024-12-20 22:37:44 -05:00
home-manager . users . talexander =
{ pkgs , . . . }:
{
home . packages = [
pkgs . atool
pkgs . httpie
] ;
programs . bash . enable = true ;
# The state version is required and should stay at the version you
# originally installed.
home . stateVersion = " 2 4 . 1 1 " ;
} ;
2024-12-17 15:26:10 -05:00
# Automatic garbage collection
nix . gc = {
# Runs nix-collect-garbage --delete-older-than 5d
automatic = true ;
randomizedDelaySec = " 1 4 m " ;
options = " - - d e l e t e - o l d e r - t h a n 5 d " ;
} ;
# Use doas instead of sudo
security . doas . enable = true ;
security . doas . wheelNeedsPassword = false ;
security . sudo . enable = false ;
2024-12-20 22:37:44 -05:00
security . doas . extraRules = [
{
# Retain environment (for example NIX_PATH)
keepEnv = true ;
persist = true ; # Only ask for a password the first time.
}
] ;
2024-12-17 15:26:10 -05:00
# Do not use default packages (nixos includes some defaults like nano)
2024-12-20 22:37:44 -05:00
environment . defaultPackages = lib . mkForce [ ] ;
2024-12-17 15:26:10 -05:00
environment . systemPackages = with pkgs ; [
wget
mg
rsync
libinput
htop
tmux
file
usbutils # for lsusb
pciutils # for lspci
2024-12-20 16:07:12 -05:00
mesa-demos # for glxgears TODO move to better role
vulkan-tools # for vkcube TODO move to better role
xorg . xeyes # to test which windows are using x11 TODO move to better role
2024-12-20 17:06:02 -05:00
ripgrep
2024-12-20 21:06:04 -05:00
strace
tcpdump
2024-12-26 21:28:31 -05:00
git-crypt
2024-12-17 15:26:10 -05:00
] ;
services . openssh = {
enable = true ;
settings = {
PasswordAuthentication = false ;
KbdInteractiveAuthentication = false ;
} ;
hostKeys = [
{
path = " / p e r s i s t / s s h / s s h _ h o s t _ e d 2 5 5 1 9 _ k e y " ;
type = " e d 2 5 5 1 9 " ;
}
{
path = " / p e r s i s t / s s h / s s h _ h o s t _ r s a _ k e y " ;
type = " r s a " ;
bits = 4096 ;
}
] ;
} ;
2024-12-21 10:18:28 -05:00
environment . persistence . " / p e r s i s t " = lib . mkIf ( ! config . me . buildingIso ) {
2024-12-17 15:26:10 -05:00
hideMounts = true ;
directories = [
" / v a r / l i b / i w d " # Wifi settings
" / v a r / l i b / n i x o s " # Contains user information (uids/gids)
2024-12-21 10:18:28 -05:00
" / v a r / l i b / s y s t e m d " # Systemd state directory for random seed, persistent timers, core dumps, persist hardware state like backlight and rfkill
" / v a r / l o g / j o u r n a l " # Logs, alternatively set `services.journald.storage = "volatile";` to write to /run/log/journal
" / e t c / z f s / z p o o l . c a c h e " # Which zpools to import, the root zpool is already imported and does not need this cache file but this captures additional pools. TODO consider setting cachefile=none on main pool.
2024-12-17 15:26:10 -05:00
] ;
files = [
2024-12-21 10:18:28 -05:00
" / e t c / m a c h i n e - i d " # Systemd unique machine id "otherwise, the system journal may fail to list earlier boots, etc"
2024-12-17 15:26:10 -05:00
" / e t c / s s h / s s h _ h o s t _ r s a _ k e y "
" / e t c / s s h / s s h _ h o s t _ r s a _ k e y . p u b "
" / e t c / s s h / s s h _ h o s t _ e d 2 5 5 1 9 _ k e y "
" / e t c / s s h / s s h _ h o s t _ e d 2 5 5 1 9 _ k e y . p u b "
] ;
# users.talexander = {
# directories = [];
# files = [];
# };
} ;
# Write a list of the currently installed packages to /etc/current-system-packages
environment . etc . " c u r r e n t - s y s t e m - p a c k a g e s " . text =
let
packages = builtins . map ( p : " ${ p . name } " ) config . environment . systemPackages ;
sortedUnique = builtins . sort builtins . lessThan ( lib . unique packages ) ;
formatted = builtins . concatStringsSep " \n " sortedUnique ;
in
2024-12-20 22:37:44 -05:00
formatted ;
2024-12-17 15:26:10 -05:00
# nixpkgs.overlays = [
# (final: prev: {
# nix = pkgs-unstable.nix;
# })
# ];
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
# This option defines the first version of NixOS you have installed on this particular machine,
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
#
# Most users should NEVER change this value after the initial install, for any reason,
# even if you've upgraded your system to a new NixOS release.
#
# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
# so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
# to actually do that.
#
# This value being lower than the current NixOS release does NOT mean your system is
# out of date, out of support, or vulnerable.
#
# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
# and migrated your data accordingly.
#
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system . stateVersion = " 2 4 . 1 1 " ; # Did you read the comment?
}
