modules/basic.nix at main · yemou.pink/nix-configs

yemou.pink / nix-configs
Nix configurations for my homelab
nix-configs / modules / basic.nix
at main 2.3 kB view raw
  1{
  2  config,
  3  pkgs,
  4  yemou-scripts,
  5  ...
  6}:
  7{
  8  nixpkgs.overlays = [ yemou-scripts.overlays.default ];
  9
 10  sops.secrets = {
 11    "passwordHashes/root".neededForUsers = true;
 12    "passwordHashes/mou".neededForUsers = true;
 13  };
 14
 15  i18n.defaultLocale = "C.UTF-8";
 16  time.timeZone = "America/New_York";
 17
 18  environment = {
 19    loginShellInit = ''
 20      if [ -e "/etc/profiles/per-user/$USER/etc/profile.d/hm-session-vars.sh" ]
 21      then . "/etc/profiles/per-user/$USER/etc/profile.d/hm-session-vars.sh"
 22      fi
 23    '';
 24    persistence."/data/persistent" = {
 25      hideMounts = true;
 26      directories = [
 27        "/var/log"
 28        "/var/lib/nixos"
 29        "/var/lib/systemd/coredump"
 30        {
 31          directory = "/var/lib/private";
 32          mode = "0700";
 33        }
 34      ];
 35    };
 36    sessionVariables = {
 37      XDG_CACHE_HOME = "$HOME/.cache";
 38      XDG_CONFIG_HOME = "$HOME/.config";
 39      XDG_DATA_HOME = "$HOME/.local/share";
 40      XDG_STATE_HOME = "$HOME/.local/state";
 41      # FIXME: For some reason the LESSKEYIN_SYSTEM variable set by `programs.less` doesn't work?
 42      #        https://github.com/NixOS/nixpkgs/issues/354377
 43      LESS = "-R";
 44    };
 45    systemPackages = with pkgs; [
 46      htop
 47      lsof
 48      magic-wormhole-rs
 49      man-pages
 50      man-pages-posix
 51      thm
 52    ];
 53  };
 54
 55  security.polkit.enable = true;
 56
 57  services = {
 58    acpid.enable = true;
 59    resolved = {
 60      enable = true;
 61      dnssec = "true";
 62      dnsovertls = "true";
 63      domains = [ "~." ];
 64      fallbackDns = [ ];
 65    };
 66  };
 67
 68  systemd.network = {
 69    enable = true;
 70    networks."99-ethernet-default-dhcp" = {
 71      dhcpV4Config.UseDNS = false;
 72      dhcpV6Config.UseDNS = false;
 73      ipv6AcceptRAConfig.UseDNS = false;
 74    };
 75  };
 76
 77  networking = {
 78    nftables.enable = true;
 79    useNetworkd = true;
 80    nameservers = [
 81      "2620:fe::fe"
 82      "2620:fe::9"
 83      "9.9.9.9"
 84      "149.112.112.112"
 85    ];
 86  };
 87
 88  users = {
 89    groups.mou.gid = 1000;
 90    users = {
 91      root.hashedPasswordFile = config.sops.secrets."passwordHashes/root".path;
 92      mou = {
 93        isNormalUser = true;
 94        group = "mou";
 95        extraGroups = [
 96          "kvm"
 97          "users"
 98          "wheel"
 99        ];
100        shell = pkgs.loksh;
101        hashedPasswordFile = config.sops.secrets."passwordHashes/mou".path;
102      };
103    };
104  };
105}