mirror of
https://github.com/genebean/dots.git
synced 2026-03-27 01:17:42 -04:00
Gene Liverman
9b3c078319
Infrastructure: - Add deadnix, nixfmt, and statix to flake inputs - Add formatter output to flake for nix fmt support - Add deadnix, nixfmt, statix to Home Manager packages - Add GitHub Actions workflow for CI validation - Add .pre-commit-config.yaml with hooks for nixfmt, deadnix, and statix - Support x86_64-darwin in formatter Statix fixes (W10/W20 warnings): - Remove unused lambda argument from nixpkgs-settings.nix - Merge repeated keys in hardware-configuration.nix files (boot.initrd, boot, fileSystems) - Merge repeated keys in nixnuc/default.nix (services, virtualisation) - Merge repeated keys in rainbow-planet/default.nix (desktopManager) - Merge repeated keys in home/general/default.nix (home) Deadnix fixes (unused declarations): - Remove unused pkgs/lib/username/http_port arguments from various files - Fix unused final parameter in overlay functions (final -> _final) CI/pre-commit fixes: - Fix pre-commit statix config: add pass_filenames: false - Fix CI workflow: use nix run nixpkgs# prefix and --ci flag for nixfmt
73 lines
1.4 KiB
Nix
73 lines
1.4 KiB
Nix
{
|
|
inputs,
|
|
pkgs,
|
|
username,
|
|
...
|
|
}:
|
|
{
|
|
imports = [
|
|
../../../shared/nixos/nixroutes.nix
|
|
./disk-config.nix
|
|
./hardware-configuration.nix
|
|
./post-install
|
|
inputs.private-flake.nixosModules.private.hetznix02
|
|
];
|
|
|
|
system.stateVersion = "24.05";
|
|
|
|
boot = {
|
|
loader.grub = {
|
|
# no need to set devices, disko will add all devices that have a
|
|
# EF02 partition to the list already
|
|
# devices = [ ];
|
|
efiSupport = true;
|
|
efiInstallAsRemovable = true;
|
|
device = "nodev";
|
|
};
|
|
tmp.cleanOnBoot = true;
|
|
};
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
# podman-tui # status of containers in the terminal
|
|
# podman-compose
|
|
];
|
|
|
|
networking = {
|
|
# Open ports in the firewall.
|
|
firewall.allowedTCPPorts = [
|
|
22 # ssh
|
|
80 # Nginx
|
|
443 # Nginx
|
|
];
|
|
# firewall.allowedUDPPorts = [ ... ];
|
|
# Or disable the firewall altogether.
|
|
# firewall.enable = false;
|
|
|
|
hostId = "89bbb3e6"; # head -c4 /dev/urandom | od -A none -t x4
|
|
|
|
networkmanager.enable = false;
|
|
useNetworkd = true;
|
|
};
|
|
|
|
programs.mtr.enable = true;
|
|
|
|
services = {
|
|
fail2ban.enable = true;
|
|
logrotate.enable = true;
|
|
udev.extraRules = ''
|
|
ATTR{address}=="96:00:03:ae:45:aa", NAME="eth0"
|
|
'';
|
|
};
|
|
|
|
users.users.${username} = {
|
|
isNormalUser = true;
|
|
description = "Gene Liverman";
|
|
extraGroups = [
|
|
"networkmanager"
|
|
"wheel"
|
|
];
|
|
linger = true;
|
|
};
|
|
|
|
zramSwap.enable = true;
|
|
}
|