{ config, lib, pkgs, inputs, values, ... }:
{
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
networking = {
domain = lib.mkDefault "home.feal.no";
nameservers = lib.mkDefault [ "192.168.10.175" "192.168.10.1" "1.1.1.1" ];
useDHCP = lib.mkDefault false;
};
time.timeZone = "Europe/Oslo";
i18n.defaultLocale = "en_US.UTF-8";
console = {
font = "Lat2-Terminus16";
keyMap = lib.mkDefault "no";
};
nix = {
gc = {
automatic = true;
options = "--delete-older-than 2d";
};
settings = {
experimental-features = ["nix-command" "flakes"];
trusted-users = [ "felixalb" ];
builders-use-substitutes = true;
};
registry= {
nixpkgs.flake = inputs.nixpkgs;
};
nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
};
programs.zsh.enable = true;
environment.systemPackages = with pkgs; [
bottom
duf
eza
file
git
gnugrep
gnutar
htop
iotop
lm_sensors
nix-output-monitor
p7zip
python3
ripgrep
rsync
screen
unzip
usbutils
vim
wget
zip
];
services.openssh = {
enable = true;
openFirewall = lib.mkDefault true;
settings = {
PermitRootLogin = "no";
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
};
extraConfig = ''
AllowTcpForwarding yes
AllowAgentForwarding yes
AuthenticationMethods publickey
'';
};
programs.mosh.enable = true;
users.users.felixalb = {
isNormalUser = true;
extraGroups = [
"wheel"
"docker"
];
uid = lib.mkDefault 1000;
openssh.authorizedKeys.keys = lib.mkDefault [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBTXSL0w7OUcz1LzEt1T3I3K5RgyNV+MYz0x/1RbpDHQ felixalb@worf"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDKzPICGew7uN0cmvRmbwkwTCodTBUgEhkoftQnZuO4Q felixalbrigtsen@gmail.com"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH5M7hYl3saBNMAo6sczgfUvASEJWFHuERB7xvf4gxst nix-builder-worf"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJky33ynjqyWP+hh24gFCMFIEqe3CjIIowGM9jiPbT79 felixalb@sisko.home.feal.no"
];
shell = pkgs.zsh;
};
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
}