diff options
Diffstat (limited to 'kj-laptop01/configuration.nix')
| -rw-r--r-- | kj-laptop01/configuration.nix | 86 |
1 files changed, 86 insertions, 0 deletions
diff --git a/kj-laptop01/configuration.nix b/kj-laptop01/configuration.nix new file mode 100644 index 0000000..2ad9ebd --- /dev/null +++ b/kj-laptop01/configuration.nix @@ -0,0 +1,86 @@ +{ + modulesPath, + lib, + pkgs, + sops, + config, + ... +}@args: +{ + imports = [ + ./disk-config.nix + ]; + boot.loader.systemd-boot.enable = true; + system.stateVersion = "25.05"; + networking.hostName = "kj-laptop01"; + networking.networkmanager.enable = true; + + + sops = { + defaultSopsFile = ./secrets.yaml; + age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; + age.generateKey = false; + + secrets = { + luks_passphrase = { }; + kj_hashed_password = { + neededForUsers = true; + }; + ssh_host_key_ed25519 = { }; + ssh_host_key_rsa = { }; + }; + }; + + security.sudo.enable = true; + users.mutableUsers = false; + users.groups.kjtsanaktsidis = {}; + users.users = { + kjtsanaktsidis = { + createHome = true; + isNormalUser = true; + description = "KJ Tsanaktsidis"; + group = "kjtsanaktsidis"; + extraGroups = [ "wheel" ]; + hashedPasswordFile = config.sops.secrets.kj_hashed_password.path; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAC/BtvW1c1RbBI8eeGo7oOH2y9byBaxWVDHsErgaE+s kjtsanaktsidis@KJMacbookGroq.local" + ]; + }; + }; + + services.openssh = { + enable = true; + hostKeys = [ + { + type = "ed25519"; + path = config.sops.secrets.ssh_host_key_ed25519.path; + } + { + type = "rsa"; + path = config.sops.secrets.ssh_host_key_rsa.path; + } + ]; + }; + + nix = { + extraOptions = '' + experimental-features = ca-derivations nix-command flakes + ''; + settings = { + substituters = [ + "https://cache.nixos.org" + "https://cache.ngi0.nixos.org/" + ]; + trusted-public-keys = [ + "cache.ngi0.nixos.org-1:KqH5CBLNSyX184S9BKZJo1LxrxJ9ltnY2uAs5c/f1MA=" + ]; + }; + }; + + swapDevices = [ + { + device = "/swap/swapfile"; + size = 32768; + } + ]; +} |