blob: f542ba492d8cebd8041cbf73bf9a5e95f95d886a (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
|
{ config, lib, pkgs, inputs, ... }:
{
imports = [
./hardware.nix
../../core
../../roles
];
nix.settings.experimental-features = [ "nix-command" "flakes" ];
environment.persistence."/persist/system" = {
hideMounts = true;
directories = [
"/etc/nixos"
"/var/log"
"/var/lib/nixos"
"/var/lib/systemd/coredump"
];
files = [
"/etc/machine-id"
];
};
programs.fuse.userAllowOther = true;
networking = {
hostName = "phoenix";
hostId = "d62900ff";
networkmanager.enable = true;
};
time.timeZone = "America/Los_Angeles";
users.users = {
root.hashedPasswordFile = "/secrets/passwords/root";
"c" = {
isNormalUser = true;
hashedPasswordFile = "/secrets/passwords/c";
extraGroups = [ "wheel" ];
openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIDO8JxqS7B2n3YlNtlVMZGARi+GG/z7wLiiyl52qSZc caroline@larimo.re" ];
};
};
home-manager = {
extraSpecialArgs = { inherit inputs; };
users = {
"c" = import ./home.nix;
};
};
roles = {
desktop.enable = true;
};
programs = {
gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
dconf.enable = true;
};
services = {
pcscd.enable = true;
openssh = {
enable = true;
settings = {
PermitRootLogin = "no";
PasswordAuthentication = false;
};
};
};
environment.systemPackages = with pkgs; [
(writeShellScriptBin "rb" "sudo nixos-rebuild switch --flake /etc/nixos")
(writeShellScriptBin "rbf" "sudo nixos-rebuild switch --flake path:/etc/nixos")
ffmpeg
];
system.stateVersion = "24.05";
}
|