100 lines
2.0 KiB
Nix
100 lines
2.0 KiB
Nix
{
|
|
pkgs,
|
|
inputs,
|
|
lib,
|
|
config,
|
|
...
|
|
}:
|
|
let
|
|
inherit (inputs) disko agenix home-manager;
|
|
in
|
|
{
|
|
imports = [
|
|
disko.nixosModules.disko
|
|
agenix.nixosModules.default
|
|
home-manager.nixosModules.home-manager
|
|
./disko-config.nix
|
|
./hardware-configuration.nix
|
|
];
|
|
config = {
|
|
|
|
my_users.enable = true;
|
|
my_nix.enable = true;
|
|
|
|
networking.hostName = "penguin";
|
|
|
|
boot = {
|
|
tmp.cleanOnBoot = true;
|
|
loader = {
|
|
systemd-boot.enable = true;
|
|
efi.canTouchEfiVariables = true;
|
|
};
|
|
|
|
initrd.network = {
|
|
enable = true;
|
|
ssh = {
|
|
enable = true;
|
|
hostKeys = [ "/etc/secrets/initrd/ssh_host_ed25519_key" ];
|
|
authorizedKeys = lib.concatLists (
|
|
lib.mapAttrsToList (
|
|
name: user: if lib.elem "wheel" user.extraGroups then user.openssh.authorizedKeys.keys else [ ]
|
|
) config.users.users
|
|
);
|
|
};
|
|
};
|
|
};
|
|
|
|
time.timeZone = "Asia/Singapore";
|
|
|
|
networking = {
|
|
networkmanager.enable = true;
|
|
nftables.enable = true;
|
|
firewall = {
|
|
enable = true;
|
|
allowedTCPPorts = [
|
|
22
|
|
3000
|
|
3001
|
|
];
|
|
trustedInterfaces = [ "tailscale0" ];
|
|
};
|
|
};
|
|
|
|
services.openssh = {
|
|
enable = true;
|
|
settings.PasswordAuthentication = false;
|
|
};
|
|
|
|
users.users.cs3223 = lib.snowfall.mkUser {
|
|
shell = pkgs.nushell;
|
|
isNormalUser = true;
|
|
extraGroups = [ "wheel" ];
|
|
};
|
|
|
|
services.tailscale.enable = true;
|
|
nixpkgs.config = {
|
|
cudaSupport = true;
|
|
};
|
|
|
|
programs._1password.enable = true;
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
git
|
|
neovim
|
|
];
|
|
|
|
virtualisation.podman = {
|
|
enable = true;
|
|
dockerCompat = true;
|
|
defaultNetwork.settings.dns_enabled = true;
|
|
};
|
|
|
|
hardware.graphics.enable = true;
|
|
services.xserver.videoDrivers = [ "nvidia" ];
|
|
hardware.nvidia.open = true;
|
|
|
|
system.stateVersion = "25.11";
|
|
|
|
};
|
|
}
|