modules/basic.nix at main · yemou.pink/nix-configs

Nix configurations for my homelab
nix-configs / modules / basic.nix
at main 2.5 kB View raw
yemou Disable bluetooth at boot and persist rfkill state 6w ago
  1{
  2  config,
  3  pkgs,
  4  yemou-scripts,
  5  ...
  6}:
  7{
  8  nixpkgs.overlays = [ yemou-scripts.overlays.default ];
  9
 10  sops.secrets = {
 11    "passwordHashes/root".neededForUsers = true;
 12    "passwordHashes/mou".neededForUsers = true;
 13  };
 14
 15  i18n.defaultLocale = "C.UTF-8";
 16  time.timeZone = "America/New_York";
 17
 18  environment = {
 19    loginShellInit = ''
 20      if [ -e "/etc/profiles/per-user/$USER/etc/profile.d/hm-session-vars.sh" ]
 21      then . "/etc/profiles/per-user/$USER/etc/profile.d/hm-session-vars.sh"
 22      fi
 23    '';
 24    persistence."/data/persistent" = {
 25      hideMounts = true;
 26      directories = [
 27        "/var/log"
 28        "/var/lib/nixos"
 29        "/var/lib/systemd/coredump"
 30        "/var/lib/systemd/rfkill"
 31        {
 32          directory = "/var/lib/private";
 33          mode = "0700";
 34        }
 35      ];
 36    };
 37    sessionVariables = {
 38      XDG_CACHE_HOME = "$HOME/.cache";
 39      XDG_CONFIG_HOME = "$HOME/.config";
 40      XDG_DATA_HOME = "$HOME/.local/share";
 41      XDG_STATE_HOME = "$HOME/.local/state";
 42      # FIXME: For some reason the LESSKEYIN_SYSTEM variable set by `programs.less` doesn't work?
 43      #        https://github.com/NixOS/nixpkgs/issues/354377
 44      LESS = "-R";
 45    };
 46    systemPackages = with pkgs; [
 47      htop
 48      lsof
 49      magic-wormhole-rs
 50      man-pages
 51      man-pages-posix
 52      thm
 53    ];
 54  };
 55
 56  security.polkit.enable = true;
 57
 58  services = {
 59    acpid.enable = true;
 60    resolved = {
 61      enable = true;
 62      settings.Resolve = {
 63        # DNSSEC = true; # This is usually disabled by default and is considered experimental
 64        DNSOverTLS = true;
 65        Domains = [ "~." ];
 66        FallbackDNS = [ ];
 67      };
 68    };
 69  };
 70
 71  systemd.network = {
 72    enable = true;
 73    networks."99-ethernet-default-dhcp" = {
 74      dhcpV4Config.UseDNS = false;
 75      dhcpV6Config.UseDNS = false;
 76      ipv6AcceptRAConfig.UseDNS = false;
 77    };
 78  };
 79
 80  networking = {
 81    nftables.enable = true;
 82    useNetworkd = true;
 83    nameservers = [
 84      "2620:fe::fe"
 85      "2620:fe::9"
 86      "9.9.9.9"
 87      "149.112.112.112"
 88    ];
 89  };
 90
 91  users = {
 92    groups.mou.gid = 1000;
 93    users = {
 94      root.hashedPasswordFile = config.sops.secrets."passwordHashes/root".path;
 95      mou = {
 96        isNormalUser = true;
 97        group = "mou";
 98        extraGroups = [
 99          "kvm"
100          "users"
101          "wheel"
102        ];
103        shell = pkgs.loksh;
104        hashedPasswordFile = config.sops.secrets."passwordHashes/mou".path;
105      };
106    };
107  };
108}
Configure Feed

Configure Feed
