137 lines
3.6 KiB
Nix
137 lines
3.6 KiB
Nix
# Edit this configuration file to define what should be installed on
|
|
# your system. Help is available in the configuration.nix(5) man page, on
|
|
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
|
|
|
|
{
|
|
config,
|
|
lib,
|
|
pkgs,
|
|
specialArgs,
|
|
...
|
|
}:
|
|
|
|
{
|
|
imports = [
|
|
# Include the results of the hardware scan.
|
|
./hardware-configuration.nix
|
|
./services.nix
|
|
specialArgs.inputs.vscode-server.nixosModules.default
|
|
];
|
|
|
|
# System basics
|
|
time.timeZone = "Europe/Vienna";
|
|
|
|
# Bootloader and kernel
|
|
boot.loader.systemd-boot.enable = true;
|
|
boot.loader.efi.canTouchEfiVariables = true;
|
|
boot.kernelParams = [
|
|
"vga=791"
|
|
"nomodeset"
|
|
];
|
|
boot.kernel.sysctl = {
|
|
"net.ipv4.ip_forward" = 1;
|
|
# "net.bridge.bridge-nf-call-iptables" = 1;
|
|
# "net.bridge.bridge-nf-call-ip6tables" = 1;
|
|
};
|
|
|
|
# Console and locale
|
|
console = {
|
|
font = "Lat2-Terminus16";
|
|
keyMap = "de";
|
|
# useXkbConfig = true; # use xkb.options in tty.
|
|
};
|
|
# i18n.defaultLocale = "en_US.UTF-8";
|
|
|
|
# Networking
|
|
networking.hostName = "nixos-server";
|
|
networking.useDHCP = false;
|
|
networking.interfaces.eth0.ipv4.addresses = [
|
|
{
|
|
address = "192.168.69.69";
|
|
prefixLength = 24;
|
|
}
|
|
];
|
|
networking.defaultGateway = "192.168.69.1";
|
|
networking.nameservers = [ "1.1.1.1" ];
|
|
networking.firewall.enable = true;
|
|
networking.firewall.allowedTCPPorts = [
|
|
22
|
|
80
|
|
443
|
|
3000
|
|
9000
|
|
];
|
|
|
|
# Users
|
|
users.users.root = {
|
|
openssh.authorizedKeys.keys = [
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINGHadFhDCUU/ta3p1FQgpm7NExHkyHNrJbNJP6np5w9 kempinger@ins.jku.at"
|
|
];
|
|
};
|
|
# Service users for containers
|
|
users.users.docker-user = {
|
|
isSystemUser = true;
|
|
group = "docker-user";
|
|
extraGroups = [ "docker" ];
|
|
};
|
|
users.groups.docker-user = { };
|
|
|
|
# Security
|
|
# security.sudo.wheelNeedsPassword = false;
|
|
|
|
# Enable SSH for root
|
|
services.openssh = {
|
|
enable = true;
|
|
settings = {
|
|
PasswordAuthentication = false;
|
|
KbdInteractiveAuthentication = false;
|
|
PermitRootLogin = "prohibit-password"; # Allow root with SSH keys only
|
|
};
|
|
};
|
|
|
|
# Packages
|
|
environment.systemPackages = with pkgs; [
|
|
vim
|
|
nano
|
|
wget
|
|
curl
|
|
git
|
|
htop
|
|
docker-compose
|
|
nixd
|
|
nixfmt
|
|
];
|
|
|
|
# Nix settings
|
|
nix.settings.experimental-features = [
|
|
"nix-command"
|
|
"flakes"
|
|
];
|
|
nix.gc = {
|
|
automatic = true;
|
|
dates = "weekly";
|
|
options = "--delete-older-than 7d";
|
|
};
|
|
|
|
# Documentation for stateVersion
|
|
# This option defines the first version of NixOS you have installed on this particular machine,
|
|
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
|
|
#
|
|
# Most users should NEVER change this value after the initial install, for any reason,
|
|
# even if you've upgraded your system to a new NixOS release.
|
|
#
|
|
# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
|
|
# so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
|
|
# to actually do that.
|
|
#
|
|
# This value being lower than the current NixOS release does NOT mean your system is
|
|
# out of date, out of support, or vulnerable.
|
|
#
|
|
# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
|
|
# and migrated your data accordingly.
|
|
#
|
|
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
|
|
|
|
system.configurationRevision = lib.mkIf (specialArgs.inputs.self ? rev) specialArgs.inputs.self.rev;
|
|
system.stateVersion = "25.05"; # Did you read the comment?
|
|
}
|