{ config, lib, pkgs, pkgs-unstable, home-manager, ... }: { imports = [ ./roles/reset ./roles/iso ./hosts/odo "${ builtins.fetchTarball { url = "https://github.com/nix-community/disko/archive/refs/tags/v1.9.0.tar.gz"; sha256 = "0j76ar4qz320fakdii4659w5lww8wiz6yb7g47npywqvf2lbp388"; } }/module.nix" ./boot.nix ./zfs.nix ./network.nix ./roles/firewall ./roles/zsh ./roles/graphics ./roles/sound ./roles/sway ./roles/alacritty ./roles/firefox ./roles/chromium ./roles/emacs ./roles/git ./roles/fonts ./roles/gpg ./roles/waybar ./roles/qemu ./roles/wireguard ]; nix.settings.experimental-features = [ "nix-command" "flakes" ]; nix.settings.trusted-users = [ "@wheel" ]; # boot.kernelPackages = pkgs.linuxPackages_6_11; hardware.enableRedistributableFirmware = true; services.getty = { autologinUser = "talexander"; # I use full disk encryption so the user password is irrelevant. autologinOnce = true; }; users.mutableUsers = false; users.users.talexander = { isNormalUser = true; createHome = true; # https://github.com/NixOS/nixpkgs/issues/6481 group = "talexander"; extraGroups = [ "wheel" ]; uid = 11235; packages = with pkgs; [ tree ]; # Generate with `mkpasswd -m scrypt` hashedPassword = "$7$CU..../....VXvNQ8za3wSGpdzGXNT50/$HcFtn/yvwPMCw4888BelpiAPLAxe/zU87fD.d/N6U48"; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGu+k5lrirokdW5zVdRVBOqEOAvAPlIkG/MdJNc9g5ky" "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEI6mu6I5Jp+Ib0vJxapGHbEShZjyvzV8jz5DnzDrI39AAAABHNzaDo=" "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIAFNcSXwvy+brYTOGo56G93Ptuq2MmZsjvRWAfMqbmMLAAAABHNzaDo=" ]; }; users.groups.talexander.gid = 11235; home-manager.users.talexander = { pkgs, ... }: { home.packages = [ pkgs.atool pkgs.httpie ]; programs.bash.enable = true; # The state version is required and should stay at the version you # originally installed. home.stateVersion = "24.11"; }; # Automatic garbage collection nix.gc = { # Runs nix-collect-garbage --delete-older-than 5d automatic = true; randomizedDelaySec = "14m"; options = "--delete-older-than 5d"; }; # Use doas instead of sudo security.doas.enable = true; security.doas.wheelNeedsPassword = false; security.sudo.enable = false; security.doas.extraRules = [ { # Retain environment (for example NIX_PATH) keepEnv = true; persist = true; # Only ask for a password the first time. } ]; # Do not use default packages (nixos includes some defaults like nano) environment.defaultPackages = lib.mkForce [ ]; environment.systemPackages = with pkgs; [ wget mg rsync libinput htop tmux file usbutils # for lsusb pciutils # for lspci mesa-demos # for glxgears TODO move to better role vulkan-tools # for vkcube TODO move to better role xorg.xeyes # to test which windows are using x11 TODO move to better role ripgrep strace tcpdump git-crypt ]; services.openssh = { enable = true; settings = { PasswordAuthentication = false; KbdInteractiveAuthentication = false; }; hostKeys = [ { path = "/persist/ssh/ssh_host_ed25519_key"; type = "ed25519"; } { path = "/persist/ssh/ssh_host_rsa_key"; type = "rsa"; bits = 4096; } ]; }; environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) { hideMounts = true; directories = [ "/var/lib/iwd" # Wifi settings "/var/lib/nixos" # Contains user information (uids/gids) "/var/lib/systemd" # Systemd state directory for random seed, persistent timers, core dumps, persist hardware state like backlight and rfkill "/var/log/journal" # Logs, alternatively set `services.journald.storage = "volatile";` to write to /run/log/journal "/etc/zfs/zpool.cache" # Which zpools to import, the root zpool is already imported and does not need this cache file but this captures additional pools. TODO consider setting cachefile=none on main pool. ]; files = [ "/etc/machine-id" # Systemd unique machine id "otherwise, the system journal may fail to list earlier boots, etc" "/etc/ssh/ssh_host_rsa_key" "/etc/ssh/ssh_host_rsa_key.pub" "/etc/ssh/ssh_host_ed25519_key" "/etc/ssh/ssh_host_ed25519_key.pub" ]; # users.talexander = { # directories = []; # files = []; # }; }; # Write a list of the currently installed packages to /etc/current-system-packages environment.etc."current-system-packages".text = let packages = builtins.map (p: "${p.name}") config.environment.systemPackages; sortedUnique = builtins.sort builtins.lessThan (lib.unique packages); formatted = builtins.concatStringsSep "\n" sortedUnique; in formatted; # nixpkgs.overlays = [ # (final: prev: { # nix = pkgs-unstable.nix; # }) # ]; # Copy the NixOS configuration file and link it from the resulting system # (/run/current-system/configuration.nix). This is useful in case you # accidentally delete configuration.nix. # system.copySystemConfiguration = true; # This option defines the first version of NixOS you have installed on this particular machine, # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. # # Most users should NEVER change this value after the initial install, for any reason, # even if you've upgraded your system to a new NixOS release. # # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how # to actually do that. # # This value being lower than the current NixOS release does NOT mean your system is # out of date, out of support, or vulnerable. # # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, # and migrated your data accordingly. # # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . system.stateVersion = "24.11"; # Did you read the comment? }