81 lines
1.7 KiB
Nix
81 lines
1.7 KiB
Nix
{ config, lib, pkgs, python3Packages, ... }:
|
|
|
|
let
|
|
home-manager = builtins.fetchGit {
|
|
url = "https://github.com/nix-community/home-manager.git";
|
|
rev = "35a24648d155843a4d162de98c17b1afd5db51e4";
|
|
ref = "release-21.05";
|
|
};
|
|
in
|
|
{
|
|
# Install home-manager
|
|
imports = [
|
|
"${home-manager}/nixos"
|
|
../modules/users # For system.singleUser
|
|
];
|
|
home-manager.useGlobalPkgs = true;
|
|
|
|
time.timeZone = "Europe/Berlin";
|
|
|
|
networking = {
|
|
useDHCP = false; # Done by the network manager
|
|
networkmanager.enable = false;
|
|
};
|
|
|
|
i18n.defaultLocale = "en_GB.UTF-8";
|
|
console = {
|
|
font = "Lat2-Terminus16";
|
|
keyMap = "de";
|
|
};
|
|
|
|
users = {
|
|
mutableUsers = false;
|
|
|
|
extraUsers = {
|
|
root = {
|
|
# Disable root login
|
|
hashedPassword = "*";
|
|
};
|
|
|
|
# Users configured in vm.nix, nishimiya.nix or miku.nix
|
|
};
|
|
};
|
|
|
|
environment = {
|
|
systemPackages = with pkgs; [
|
|
htop
|
|
firejail
|
|
vim
|
|
git # Otherwise we cannot install home-manager
|
|
git-crypt
|
|
gnupg
|
|
python3
|
|
];
|
|
};
|
|
|
|
# We don't tolerate non-free software, except for Steam and Linux firmware
|
|
nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ "firmwareLinuxNonfree" "steam" "steam-original" "steam-runtime"];
|
|
|
|
services = {
|
|
connman = {
|
|
enable = true;
|
|
extraFlags = [ "--nodnsproxy" ];
|
|
};
|
|
|
|
# TODO: Is this correct? Maybe run once
|
|
timesyncd.enable = false;
|
|
|
|
printing.enable = lib.mkDefault false;
|
|
avahi.enable = false;
|
|
};
|
|
|
|
# To allow users to use firejail
|
|
programs.firejail.enable = true;
|
|
|
|
security.sudo.extraConfig = ''
|
|
Defaults env_keep += "NIXOS_CONFIG"
|
|
'';
|
|
|
|
system.stateVersion = "21.05";
|
|
}
|