98 lines
2.5 KiB
Nix
Executable file
98 lines
2.5 KiB
Nix
Executable file
# Edit this configuration file to define what should be installed on
|
|
# your system. Help is available in the configuration.nix(5) man page
|
|
# and in the NixOS manual (accessible by running 'nixos-help').
|
|
|
|
{ config, pkgs, lib, inputs, ... }:
|
|
{
|
|
imports =
|
|
[
|
|
./hardware-configuration.nix
|
|
./services
|
|
./programs
|
|
];
|
|
|
|
# enable flakes
|
|
nix.settings.experimental-features = [ "nix-command" "flakes" ];
|
|
|
|
# Use the extlinux boot loader. (NixOS wants to enable GRUB by default)
|
|
boot.loader.grub.enable = true;
|
|
boot.loader.grub.device = "/dev/sda";
|
|
|
|
networking.hostName = "dafoe"; # Define your hostname.
|
|
|
|
# open ports for servers
|
|
networking.firewall.allowedTCPPorts = [ 22 80 443 631 8096 8920 ];
|
|
networking.firewall.allowedUDPPorts = [ 22 80 443 631 1900 7359 ];
|
|
|
|
# static ipv6 (hetzner cant manage ipv6 via dhcp)
|
|
networking.interfaces = {
|
|
ens3.ipv6.addresses = [{
|
|
address = "2a01:4f8:1c1e:83ae::";
|
|
prefixLength = 64;
|
|
}];
|
|
};
|
|
networking.defaultGateway6 = {
|
|
address = "fe80::1";
|
|
interface = "ens3";
|
|
};
|
|
|
|
# Set your time zone.
|
|
time.timeZone = "Europe/Berlin";
|
|
|
|
# Define a user account. Don't forget to set a password with 'passwd'.
|
|
users.users.leonv = {
|
|
isNormalUser = true;
|
|
initialPassword = "leonv";
|
|
extraGroups = [ "wheel" "nginx" ]; # Enable 'sudo' for the user.
|
|
packages = with pkgs; [
|
|
];
|
|
openssh.authorizedKeys.keys = [
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKUMTbIxSRWqpIVtDbjwZK41FFOV5eQf9eJECgm40Fj1 leonv@gunther"
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKUMTbIxSRWqpIVtDbjwZK41FFOV5eQf9eJECgm40Fj1 leonv@absol"
|
|
];
|
|
};
|
|
users.defaultUserShell = pkgs.zsh;
|
|
|
|
# List packages installed in system profile.
|
|
environment.systemPackages = with pkgs; [
|
|
wget
|
|
zsh
|
|
oh-my-zsh
|
|
restic
|
|
# for hugo website
|
|
hugo
|
|
go
|
|
];
|
|
environment.variables = {
|
|
EDITOR = "vim";
|
|
|
|
# bitwarden key
|
|
YUBICO_CLIENT_ID = "${../nix-secrets/dafoe/vaultwarden/yubico-id}";
|
|
YUBICO_SECRET_KEY = "${../nix-secrets/dafoe/vaultwarden/yubico-secret}";
|
|
};
|
|
environment.shells = [ pkgs.zsh ];
|
|
|
|
programs.git = {
|
|
enable = true;
|
|
lfs.enable = true;
|
|
config = {
|
|
init = {
|
|
defaultBranch = "main";
|
|
};
|
|
commit = {
|
|
gpgsign = true;
|
|
};
|
|
gpg = {
|
|
format = "ssh";
|
|
};
|
|
user = {
|
|
email = "leon.vatthauer@fau.de";
|
|
name = "Leon Vatthauer";
|
|
signingkey = "/git";
|
|
};
|
|
};
|
|
};
|
|
|
|
system.stateVersion = "23.11"; # Did you read the comment?
|
|
}
|
|
|