mirror of
https://github.com/genebean/dots.git
synced 2026-03-27 09:27:44 -04:00
Gene Liverman
5047d93b86
- Rename modules/hosts/common to modules/shared - Split shared into home/general, home/linux, and nixos subdirectories - Update all import paths in lib/ and modules/hosts/ - Fix hardcoded /Users/ path to use config.home.homeDirectory - Update .sops.yaml path for secrets
64 lines
1.4 KiB
Nix
64 lines
1.4 KiB
Nix
{ inputs, pkgs, username, ... }: {
|
|
imports = [
|
|
../../../shared/nixos/nixroutes.nix
|
|
./disk-config.nix
|
|
./hardware-configuration.nix
|
|
./post-install
|
|
inputs.private-flake.nixosModules.private.hetznix02
|
|
];
|
|
|
|
system.stateVersion = "24.05";
|
|
|
|
boot = {
|
|
loader.grub = {
|
|
# no need to set devices, disko will add all devices that have a
|
|
# EF02 partition to the list already
|
|
# devices = [ ];
|
|
efiSupport = true;
|
|
efiInstallAsRemovable = true;
|
|
device = "nodev";
|
|
};
|
|
tmp.cleanOnBoot = true;
|
|
};
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
# podman-tui # status of containers in the terminal
|
|
# podman-compose
|
|
];
|
|
|
|
networking = {
|
|
# Open ports in the firewall.
|
|
firewall.allowedTCPPorts = [
|
|
22 # ssh
|
|
80 # Nginx
|
|
443 # Nginx
|
|
];
|
|
# firewall.allowedUDPPorts = [ ... ];
|
|
# Or disable the firewall altogether.
|
|
# firewall.enable = false;
|
|
|
|
hostId = "89bbb3e6"; # head -c4 /dev/urandom | od -A none -t x4
|
|
|
|
networkmanager.enable = false;
|
|
useNetworkd = true;
|
|
};
|
|
|
|
programs.mtr.enable = true;
|
|
|
|
services = {
|
|
fail2ban.enable = true;
|
|
logrotate.enable = true;
|
|
udev.extraRules = ''
|
|
ATTR{address}=="96:00:03:ae:45:aa", NAME="eth0"
|
|
'';
|
|
};
|
|
|
|
users.users.${username} = {
|
|
isNormalUser = true;
|
|
description = "Gene Liverman";
|
|
extraGroups = [ "networkmanager" "wheel" ];
|
|
linger = true;
|
|
};
|
|
|
|
zramSwap.enable = true;
|
|
}
|