hetzner/default.nix at 930d78240ea1431838cde5efdcffec2d6a5f2bcf · pci.express/dotfiles

pci.express / dotfiles

My NixOS dotfiles

dotfiles / hetzner / default.nix

at 930d78240ea1431838cde5efdcffec2d6a5f2bcf 1.3 kB view raw

 1{ pkgs, ... }:
 2{
 3  imports = [ ./hardware.nix ];
 4
 5  # Running Services
 6  services = {
 7    openssh.enable = true;
 8    openssh.settings.PasswordAuthentication = false;
 9  };
10
11  # Base Packages
12  environment.systemPackages = with pkgs; [
13    ghostty.terminfo
14    tmux
15    arch-install-scripts
16    tcpdump
17    dig
18  ];
19
20  # Network Setup
21  networking = {
22    hostName = "hetzner";
23    nameservers = [
24      "9.9.9.9"
25      "149.112.112.112"
26    ];
27    useDHCP = true; # Switch this to a static setup later
28    firewall.enable = false;
29    nftables = {
30      enable = true;
31      ruleset = builtins.readFile ./nftables.conf;
32    };
33  };
34
35  # User Account
36  users.users.sydney = {
37    description = "Sydney Angelia";
38    isNormalUser = true;
39    extraGroups = [ "wheel" ];
40    shell = pkgs.zsh;
41    openssh.authorizedKeys.keys = [
42      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGRJWbyvyeo8ykLovPOR+EuwqmjOsSrBBckpicVWhULl mac"
43    ];
44  };
45
46  # Boot/Firmware stuff
47  boot = {
48    loader.systemd-boot.enable = true;
49    loader.efi.canTouchEfiVariables = true;
50    kernelPackages = pkgs.linuxPackages_latest;
51    kernel.sysctl = {
52      "net.ipv4.conf.all.forwarding" = true;
53      "net.ipv6.conf.all.forwarding" = true;
54    };
55  };
56
57  # Miscellaneous settings
58  system.stateVersion = "24.05";
59  nix.settings.trusted-users = [
60    "@wheel"
61  ];
62
63}