{ config, pkgs, yemou-scripts, ... }: { nixpkgs.overlays = [ yemou-scripts.overlays.default ]; sops.secrets = { "passwordHashes/root".neededForUsers = true; "passwordHashes/mou".neededForUsers = true; }; i18n.defaultLocale = "C.UTF-8"; time.timeZone = "America/New_York"; environment = { loginShellInit = '' if [ -e "/etc/profiles/per-user/$USER/etc/profile.d/hm-session-vars.sh" ] then . "/etc/profiles/per-user/$USER/etc/profile.d/hm-session-vars.sh" fi ''; persistence."/data/persistent" = { hideMounts = true; directories = [ "/var/log" "/var/lib/nixos" "/var/lib/systemd/coredump" { directory = "/var/lib/private"; mode = "0700"; } ]; }; sessionVariables = { XDG_CACHE_HOME = "$HOME/.cache"; XDG_CONFIG_HOME = "$HOME/.config"; XDG_DATA_HOME = "$HOME/.local/share"; XDG_STATE_HOME = "$HOME/.local/state"; # FIXME: For some reason the LESSKEYIN_SYSTEM variable set by `programs.less` doesn't work? # https://github.com/NixOS/nixpkgs/issues/354377 LESS = "-R"; }; systemPackages = with pkgs; [ htop lsof magic-wormhole-rs man-pages man-pages-posix thm ]; }; security.polkit.enable = true; services = { acpid.enable = true; resolved = { enable = true; dnssec = "true"; dnsovertls = "true"; domains = [ "~." ]; fallbackDns = [ ]; }; }; systemd.network = { enable = true; networks."99-ethernet-default-dhcp" = { dhcpV4Config.UseDNS = false; dhcpV6Config.UseDNS = false; ipv6AcceptRAConfig.UseDNS = false; }; }; networking = { nftables.enable = true; useNetworkd = true; nameservers = [ "2620:fe::fe" "2620:fe::9" "9.9.9.9" "149.112.112.112" ]; }; users = { groups.mou.gid = 1000; users = { root.hashedPasswordFile = config.sops.secrets."passwordHashes/root".path; mou = { isNormalUser = true; group = "mou"; extraGroups = [ "kvm" "users" "wheel" ]; shell = pkgs.loksh; hashedPasswordFile = config.sops.secrets."passwordHashes/mou".path; }; }; }; }