base/linux.nix at master · khuedoan.com/nix-setup

khuedoan.com / nix-setup
fork
this repo has no description
fork
nix-setup / base / linux.nix
at master 152 lines 3.2 kB view raw
wrap content
Khue Doan refactor: move trusted SSH keys to per host config 2d ago
d29c65e5
  1{ config, pkgs, ... }:
  2
  3let
  4  username = config.primaryUser.username;
  5  authorizedKeys = config.primaryUser.authorizedKeys;
  6in
  7
  8{
  9  disko.devices = {
 10    disk = {
 11      main = {
 12        type = "disk";
 13        content = {
 14          type = "gpt";
 15          partitions = {
 16            boot = {
 17              size = "1M";
 18              type = "EF02"; # for grub MBR
 19            };
 20            ESP = {
 21              size = "1G";
 22              type = "EF00";
 23              content = {
 24                type = "filesystem";
 25                format = "vfat";
 26                mountpoint = "/boot";
 27                mountOptions = [ "umask=0077" ];
 28              };
 29            };
 30            root = {
 31              size = "100%";
 32              content = {
 33                type = "filesystem";
 34                format = "ext4";
 35                mountpoint = "/";
 36              };
 37            };
 38          };
 39        };
 40      };
 41    };
 42  };
 43
 44  boot = {
 45    loader = {
 46      systemd-boot.enable = true;
 47      efi.canTouchEfiVariables = true;
 48    };
 49    binfmt.emulatedSystems = [ "aarch64-linux" ];
 50  };
 51
 52  hardware = {
 53    enableAllHardware = true;
 54    bluetooth.enable = true;
 55  };
 56
 57  networking = {
 58    networkmanager = {
 59      enable = true;
 60    };
 61    firewall = {
 62      checkReversePath = "loose";
 63    };
 64  };
 65
 66  systemd = {
 67    services = {
 68      NetworkManager-wait-online = {
 69        enable = false;
 70      };
 71    };
 72  };
 73
 74  time.timeZone = "Asia/Ho_Chi_Minh";
 75
 76  i18n = {
 77    defaultLocale = "en_US.UTF-8";
 78  };
 79
 80  nix = {
 81    gc = {
 82      automatic = true;
 83      dates = "weekly";
 84      options = "--delete-older-than 30d";
 85    };
 86  };
 87
 88  services = {
 89    openssh = {
 90      enable = true;
 91      settings = {
 92        PasswordAuthentication = false;
 93      };
 94    };
 95    dbus.enable = true;
 96    blueman.enable = true;
 97    tailscale.enable = true;
 98    gvfs.enable = true;
 99    ratbagd.enable = true;
100  };
101
102  security = {
103    polkit.enable = true;
104    rtkit.enable = true;
105  };
106
107  virtualisation = {
108    docker = {
109      enable = true;
110      enableOnBoot = false;
111      autoPrune = {
112        enable = true;
113        flags = [
114          "--all"
115          "--volumes"
116        ];
117      };
118    };
119  };
120
121  # This value determines the NixOS release from which the default
122  # settings for stateful data, like file locations and database versions
123  # on your system were taken. It‘s perfectly fine and recommended to leave
124  # this value at the release version of the first install of this system.
125  # Before changing this value read the documentation for this option
126  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
127  system.stateVersion = "23.05"; # Did you read the comment?
128
129  users.users.${username} = {
130    isNormalUser = true;
131    extraGroups = [
132      "docker"
133      "libvirtd"
134      "networkmanager"
135      "tss"
136      "video"
137      "wheel"
138    ];
139    openssh.authorizedKeys.keys = authorizedKeys;
140    shell = pkgs.zsh;
141  };
142
143  home-manager.users.${username}.home.stateVersion = "23.05";
144
145  virtualisation.vmVariant = {
146    virtualisation.qemu.options = [
147      "-device virtio-vga-gl"
148      "-display gtk,gl=on"
149    ];
150    users.users.${username}.password = "testvm";
151  };
152}
Configure Feed

Configure Feed
