62 lines
1.9 KiB
Nix
62 lines
1.9 KiB
Nix
# Settings that most of my hosts can agree on, but
|
|
# some of these settings are overriden on a per-host basis.
|
|
|
|
{ pkgs, config, ... }:
|
|
|
|
{
|
|
imports = [ ./photoprism.nix ./7-days-to-die.nix ];
|
|
|
|
config = {
|
|
# Allow joypixels' license and unfree licenses in general
|
|
nixpkgs.config = {
|
|
allowUnfree = true;
|
|
joypixels.acceptLicense = true;
|
|
};
|
|
# This includes the firmware, oc
|
|
hardware.enableAllFirmware = true;
|
|
hardware.enableRedistributableFirmware = true;
|
|
|
|
# Make sure that I can login over the tailscale infrastructure
|
|
# while increasing security
|
|
# TODO: Restrict openssh interface, move port
|
|
services.openssh.enable = pkgs.lib.mkDefault true;
|
|
users.users.root = {
|
|
openssh.authorizedKeys.keyFiles = [ ../users/malte/yubikey.pub ];
|
|
};
|
|
# Enable mosh for some SSH superpower
|
|
programs.mosh.enable = pkgs.lib.mkDefault true;
|
|
|
|
# Basic packages
|
|
environment.systemPackages = with pkgs; [
|
|
# I might need git for rebuilding this flake on the remote machine
|
|
git
|
|
# Sops is for security
|
|
sops
|
|
# top is lacking pizzazz
|
|
htop
|
|
# An initial `tailscale up` is necessary to get the network going
|
|
tailscale
|
|
];
|
|
|
|
# Language and timezone defaults
|
|
time.timeZone = "Europe/Berlin";
|
|
i18n.defaultLocale = pkgs.lib.mkDefault "en_US.UTF-8";
|
|
|
|
# Use the latest kernel, this is altered on some hosts with zfs requirements
|
|
boot.kernelPackages = pkgs.lib.mkDefault pkgs.linuxPackages_latest;
|
|
boot.loader.timeout = pkgs.lib.mkDefault 1;
|
|
# This setting is fine, on hosts with x/wayland, I'll want to increase this
|
|
boot.loader.systemd-boot.configurationLimit = 10;
|
|
|
|
# Network configuration with tailscale
|
|
networking.useDHCP = false;
|
|
# Enable tailscale!
|
|
services.tailscale = {
|
|
enable = true;
|
|
interfaceName = "looking-glas";
|
|
};
|
|
networking.firewall.allowedUDPPorts = [ config.services.tailscale.port ];
|
|
|
|
};
|
|
}
|