modules/basic.nix at 7ea1db13d330895e5050cd638d0c7a4d8ee23038 · yemou.pink/nix-configs

Nix configurations for my homelab
nix-configs / modules / basic.nix
at 7ea1db13d330895e5050cd638d0c7a4d8ee23038 2.4 kB View raw
yemou Disable DNSSEC 3mo ago
  1{
  2  config,
  3  pkgs,
  4  yemou-scripts,
  5  ...
  6}:
  7{
  8  nixpkgs.overlays = [ yemou-scripts.overlays.default ];
  9
 10  sops.secrets = {
 11    "passwordHashes/root".neededForUsers = true;
 12    "passwordHashes/mou".neededForUsers = true;
 13  };
 14
 15  i18n.defaultLocale = "C.UTF-8";
 16  time.timeZone = "America/New_York";
 17
 18  environment = {
 19    loginShellInit = ''
 20      if [ -e "/etc/profiles/per-user/$USER/etc/profile.d/hm-session-vars.sh" ]
 21      then . "/etc/profiles/per-user/$USER/etc/profile.d/hm-session-vars.sh"
 22      fi
 23    '';
 24    persistence."/data/persistent" = {
 25      hideMounts = true;
 26      directories = [
 27        "/var/log"
 28        "/var/lib/nixos"
 29        "/var/lib/systemd/coredump"
 30        {
 31          directory = "/var/lib/private";
 32          mode = "0700";
 33        }
 34      ];
 35    };
 36    sessionVariables = {
 37      XDG_CACHE_HOME = "$HOME/.cache";
 38      XDG_CONFIG_HOME = "$HOME/.config";
 39      XDG_DATA_HOME = "$HOME/.local/share";
 40      XDG_STATE_HOME = "$HOME/.local/state";
 41      # FIXME: For some reason the LESSKEYIN_SYSTEM variable set by `programs.less` doesn't work?
 42      #        https://github.com/NixOS/nixpkgs/issues/354377
 43      LESS = "-R";
 44    };
 45    systemPackages = with pkgs; [
 46      htop
 47      lsof
 48      magic-wormhole-rs
 49      man-pages
 50      man-pages-posix
 51      thm
 52    ];
 53  };
 54
 55  security.polkit.enable = true;
 56
 57  services = {
 58    acpid.enable = true;
 59    resolved = {
 60      enable = true;
 61      settings.Resolve = {
 62        # DNSSEC = true; # This is usually disabled by default and is considered experimental
 63        DNSOverTLS = true;
 64        Domains = [ "~." ];
 65        FallbackDNS = [ ];
 66      };
 67    };
 68  };
 69
 70  systemd.network = {
 71    enable = true;
 72    networks."99-ethernet-default-dhcp" = {
 73      dhcpV4Config.UseDNS = false;
 74      dhcpV6Config.UseDNS = false;
 75      ipv6AcceptRAConfig.UseDNS = false;
 76    };
 77  };
 78
 79  networking = {
 80    nftables.enable = true;
 81    useNetworkd = true;
 82    nameservers = [
 83      "2620:fe::fe"
 84      "2620:fe::9"
 85      "9.9.9.9"
 86      "149.112.112.112"
 87    ];
 88  };
 89
 90  users = {
 91    groups.mou.gid = 1000;
 92    users = {
 93      root.hashedPasswordFile = config.sops.secrets."passwordHashes/root".path;
 94      mou = {
 95        isNormalUser = true;
 96        group = "mou";
 97        extraGroups = [
 98          "kvm"
 99          "users"
100          "wheel"
101        ];
102        shell = pkgs.loksh;
103        hashedPasswordFile = config.sops.secrets."passwordHashes/mou".path;
104      };
105    };
106  };
107}
Configure Feed

Configure Feed
