Pim Kunis
17db8c152e
disable gnome keyring enable ssh agent encrypt keepassxc config because it contains secret agent keys now remove alacritty config
144 lines
2.9 KiB
Nix
144 lines
2.9 KiB
Nix
{ pkgs, config, lib, ... }: {
|
|
imports = [
|
|
./hardware-configuration.nix
|
|
];
|
|
|
|
boot = {
|
|
loader.systemd-boot.enable = true;
|
|
};
|
|
|
|
time.timeZone = "Europe/Amsterdam";
|
|
i18n.defaultLocale = "en_US.UTF-8";
|
|
|
|
services.gnome.gnome-keyring.enable = lib.mkForce false;
|
|
|
|
services = {
|
|
xserver = {
|
|
enable = true;
|
|
displayManager.gdm = {
|
|
enable = true;
|
|
};
|
|
desktopManager.gnome.enable = true;
|
|
excludePackages = with pkgs; [ xterm ];
|
|
};
|
|
|
|
printing = {
|
|
enable = true;
|
|
drivers = [ pkgs.hplip pkgs.gutenprint ];
|
|
};
|
|
|
|
fprintd = {
|
|
enable = true;
|
|
|
|
tod = {
|
|
enable = true;
|
|
driver = pkgs.libfprint-2-tod1-vfs0090;
|
|
};
|
|
};
|
|
};
|
|
|
|
users = {
|
|
users.pim = {
|
|
isNormalUser = true;
|
|
extraGroups = [ "wheel" "docker" "input" ];
|
|
};
|
|
};
|
|
|
|
environment = {
|
|
systemPackages = with pkgs; [
|
|
wget
|
|
curl
|
|
git
|
|
btop
|
|
ripgrep
|
|
vim
|
|
dogdns
|
|
tree
|
|
];
|
|
gnome.excludePackages = with pkgs; [
|
|
gnome.totem
|
|
gnome-tour
|
|
gnome.epiphany
|
|
gnome.geary
|
|
gnome-console
|
|
gnome.gnome-music
|
|
];
|
|
};
|
|
|
|
system.stateVersion = "23.05";
|
|
|
|
programs.ssh = {
|
|
startAgent = true;
|
|
|
|
knownHosts = {
|
|
dmz = {
|
|
hostNames = ["*.dmz"];
|
|
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAX2IhgHNxC6JTvLu9cej+iWuG+uJFMXn4AiRro9533x";
|
|
certAuthority = true;
|
|
};
|
|
|
|
hypervisors = {
|
|
hostNames = ["*.hyp"];
|
|
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFzRkH3d/KVJQouswY/DMpenWbDFVOnI3Vut0xR0e1tb";
|
|
certAuthority = true;
|
|
};
|
|
};
|
|
};
|
|
|
|
security.sudo.extraConfig = ''
|
|
Defaults timestamp_timeout=30
|
|
'';
|
|
|
|
nix = {
|
|
package = pkgs.nixFlakes;
|
|
extraOptions = ''
|
|
experimental-features = nix-command flakes
|
|
'';
|
|
|
|
gc = {
|
|
automatic = true;
|
|
persistent = true;
|
|
dates = "weekly";
|
|
options = "--delete-older-than 30d";
|
|
};
|
|
};
|
|
|
|
age = {
|
|
identityPaths = [ "/home/pim/.ssh/age_ed25519" ];
|
|
|
|
secrets = {
|
|
wg-quick-home-privkey.file = ../secrets/wg-quick-home-privkey.age;
|
|
wg-quick-home-preshared-key.file = ../secrets/wg-quick-home-preshared-key.age;
|
|
};
|
|
};
|
|
|
|
networking = {
|
|
hostName = "x260";
|
|
|
|
wg-quick.interfaces.home = {
|
|
privateKeyFile = config.age.secrets.wg-quick-home-privkey.path;
|
|
address = [
|
|
"10.225.191.4/24"
|
|
"fd11:5ee:bad:c0de::4/64"
|
|
];
|
|
dns = [ "192.168.30.8" ];
|
|
peers = [{
|
|
presharedKeyFile = config.age.secrets.wg-quick-home-preshared-key.path;
|
|
endpoint = "84.245.14.149:51820";
|
|
publicKey = "fa3mQ7ximJbH7cu2ZbWidto5xBGxEEfWvCCiUDk00Hg=";
|
|
allowedIPs = [
|
|
"0.0.0.0/0"
|
|
"::0/0"
|
|
];
|
|
}];
|
|
};
|
|
};
|
|
|
|
virtualisation.docker = {
|
|
enable = true;
|
|
rootless = {
|
|
enable = true;
|
|
setSocketVariable = true;
|
|
};
|
|
};
|
|
}
|