nixos/dafoe/configuration.nix

94 lines
2.3 KiB
Nix

# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running 'nixos-help').
{ config, pkgs, lib, inputs, ... }:
{
imports =
[
./hardware-configuration.nix
./services
./programs
];
# enable flakes
nix.settings.experimental-features = [ "nix-command" "flakes" ];
# Use the extlinux boot loader. (NixOS wants to enable GRUB by default)
boot.loader.grub.enable = true;
boot.loader.grub.device = "/dev/sda";
networking.hostName = "dafoe"; # Define your hostname.
# open ports for servers
networking.firewall.allowedTCPPorts = [ 22 80 443 631 8096 8920 ];
networking.firewall.allowedUDPPorts = [ 22 80 443 631 1900 7359 ];
# static ipv6 (hetzner cant manage ipv6 via dhcp)
networking.interfaces = {
ens3.ipv6.addresses = [{
address = "2a01:4f8:1c1e:83ae::";
prefixLength = 64;
}];
};
networking.defaultGateway6 = {
address = "fe80::1";
interface = "ens3";
};
# Set your time zone.
time.timeZone = "Europe/Berlin";
# Define a user account. Don't forget to set a password with 'passwd'.
users.users.leonv = {
isNormalUser = true;
initialPassword = "leonv";
extraGroups = [ "wheel" "nginx" ]; # Enable 'sudo' for the user.
packages = with pkgs; [
];
};
users.defaultUserShell = pkgs.zsh;
# List packages installed in system profile.
environment.systemPackages = with pkgs; [
wget
zsh
oh-my-zsh
restic
# for hugo website
hugo
go
];
environment.variables = {
EDITOR = "vim";
# bitwarden key
YUBICO_CLIENT_ID = "${../nix-secrets/dafoe/vaultwarden/yubico-id}";
YUBICO_SECRET_KEY = "${../nix-secrets/dafoe/vaultwarden/yubico-secret}";
};
environment.shells = [ pkgs.zsh ];
programs.git = {
enable = true;
lfs.enable = true;
config = {
init = {
defaultBranch = "main";
};
commit = {
gpgsign = true;
};
gpg = {
format = "ssh";
};
user = {
email = "leon.vatthauer@fau.de";
name = "Leon Vatthauer";
signingkey = "~/.ssh/git";
};
};
};
system.stateVersion = "23.11"; # Did you read the comment?
}