mirror of
https://github.com/sstent/vmimages.git
synced 2025-12-06 06:01:51 +00:00
107 lines
2.7 KiB
Nix
107 lines
2.7 KiB
Nix
# This file (and the global directory) holds config that i use on all hosts
|
|
{
|
|
lib,
|
|
inputs,
|
|
outputs,
|
|
pkgs,
|
|
config,
|
|
...
|
|
}: {
|
|
imports =
|
|
[
|
|
inputs.home-manager.nixosModules.home-manager
|
|
inputs.sops-nix.nixosModules.sops
|
|
]
|
|
++ (builtins.attrValues outputs.nixosModules);
|
|
|
|
###dotfiles path variable
|
|
options._dotfiles = lib.mkOption {
|
|
type = lib.types.str;
|
|
default = "${inputs.self}/home-manager/dotfiles";
|
|
description = "Path to the dotfiles in this repository";
|
|
};
|
|
|
|
###secrets path variable
|
|
options._secrets = lib.mkOption {
|
|
type = lib.types.str;
|
|
default = "/run/user/1000/secrets";
|
|
description = "Path to the Secrets runtime";
|
|
};
|
|
|
|
###secretstore path variable
|
|
options._secretstore = lib.mkOption {
|
|
type = lib.types.str;
|
|
default = "${inputs.self}/secrets";
|
|
description = "Path to the Secrets storage";
|
|
};
|
|
|
|
config = {
|
|
system.stateVersion = "23.05";
|
|
|
|
sops = {
|
|
defaultSopsFile = "${config._secretstore}/host-secrets.yaml";
|
|
age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
|
|
};
|
|
|
|
home-manager = {
|
|
useUserPackages = true;
|
|
extraSpecialArgs = {inherit inputs outputs;};
|
|
sharedModules = [
|
|
inputs.sops-nix.homeManagerModules.sops
|
|
];
|
|
};
|
|
|
|
programs.fuse.userAllowOther = true;
|
|
security.sudo.wheelNeedsPassword = false;
|
|
virtualisation.docker.enable = true;
|
|
|
|
# Enable nix flakes
|
|
nix.package = pkgs.nixVersions.stable;
|
|
nix.extraOptions = ''
|
|
experimental-features = nix-command flakes
|
|
'';
|
|
nix.nixPath = ["nixpkgs=${inputs.nixpkgs}"];
|
|
|
|
# Enable networking
|
|
networking.networkmanager.enable = true;
|
|
networking.search = ["node.dc1.consul" "service.dc1.consul"];
|
|
networking.nameservers = ["192.168.4.1" "192.168.4.250" "1.1.1.1"];
|
|
|
|
# Select internationalisation properties.
|
|
i18n.defaultLocale = "en_US.UTF-8";
|
|
|
|
i18n.extraLocaleSettings = {
|
|
LC_ADDRESS = "en_US.UTF-8";
|
|
LC_IDENTIFICATION = "en_US.UTF-8";
|
|
LC_MEASUREMENT = "en_US.UTF-8";
|
|
LC_MONETARY = "en_US.UTF-8";
|
|
LC_NAME = "en_US.UTF-8";
|
|
LC_PAPER = "en_US.UTF-8";
|
|
LC_TELEPHONE = "en_US.UTF-8";
|
|
};
|
|
|
|
#services.envfs.enable = true;
|
|
environment.systemPackages = [
|
|
pkgs.git
|
|
pkgs.home-manager
|
|
pkgs.sops
|
|
pkgs.ssh-to-age
|
|
pkgs.age
|
|
pkgs.bitwarden-cli
|
|
# pkgs.unstable.nano
|
|
# pkgs.python3Packages.pydub
|
|
(pkgs.python3.withPackages (ps: with ps; [
|
|
numpy
|
|
aubio
|
|
pydub
|
|
]))
|
|
];
|
|
|
|
nix.gc = {
|
|
automatic = true; # Enable the automatic garbage collector
|
|
dates = "03:15"; # When to run the garbage collector
|
|
options = "--delete-older-than 10"; # Arguments to pass to nix-collect-garbage
|
|
};
|
|
};
|
|
}
|