mirror of
https://git.sr.ht/~roxwize/.dotfiles
synced 2025-04-03 18:14:15 +00:00
141 lines
3.3 KiB
Nix
141 lines
3.3 KiB
Nix
{ config, pkgs, lib, modulesPath, ... }:
|
|
|
|
{
|
|
|
|
## System
|
|
|
|
imports =
|
|
[ ./hardware.nix
|
|
"${modulesPath}/profiles/headless.nix"
|
|
];
|
|
|
|
networking.hostName = "wilson";
|
|
|
|
system.stateVersion = "23.11";
|
|
|
|
# turn off screen 5min after boot
|
|
boot.kernelParams = [ "consoleblank=300" ];
|
|
|
|
nix.settings.experimental-features = [ "nix-command" ];
|
|
|
|
|
|
## Packages
|
|
|
|
nixpkgs.overlays = lib.singleton (self: super:
|
|
{ # don't shadow procps, etc.
|
|
busybox = lib.setPrio 20 super.busybox;
|
|
});
|
|
|
|
|
|
## Environment
|
|
|
|
i18n.defaultLocale = "en_GB.UTF-8";
|
|
i18n.extraLocaleSettings.LC_TIME = "it_IT.UTF-8";
|
|
|
|
time.timeZone = "Europe/Rome";
|
|
|
|
environment.sessionVariables =
|
|
{ PATH = [ "$HOME/bin" ];
|
|
XDG_CONFIG_HOME = "$HOME/etc";
|
|
XDG_DATA_HOME = "$HOME/var/lib";
|
|
XDG_CACHE_HOME = "$HOME/var/cache";
|
|
EDITOR = "vi";
|
|
LESS = "-RSic -j.5";
|
|
ABDUCO_CMD = "ash";
|
|
ABDUCO_SOCKET_DIR = "$XDG_RUNTIME_DIR";
|
|
SYSTEMD_COLORS = "16";
|
|
PS1 = ''\e[32m\u\e[0m@\e[33m\H \e[36m\w\n\e[34mλ\e[0m '';
|
|
};
|
|
|
|
environment.shellInit =
|
|
''
|
|
# create XDG directories
|
|
mkdir -p $XDG_CONFIG_HOME $XDG_DATA_HOME $XDG_CACHE_HOME $HOME/bin
|
|
|
|
# some aliases
|
|
alias l="ls -lh"
|
|
alias e="$EDITOR"
|
|
alias ip="ip -c"
|
|
'';
|
|
|
|
environment.systemPackages = with pkgs; [ abduco busybox ];
|
|
|
|
|
|
## Users
|
|
|
|
users.users.rnhmjoj =
|
|
{ isNormalUser = true;
|
|
shell = "${pkgs.busybox}/bin/ash";
|
|
extraGroups = [ "wheel" ];
|
|
openssh.authorizedKeys.keys = [ key ];
|
|
};
|
|
|
|
|
|
## Security
|
|
|
|
security.sudo.wheelNeedsPassword = false;
|
|
|
|
# never interrupt host key generation
|
|
systemd.services.openssh.serviceConfig.TimeoutStartSec = "infinity";
|
|
|
|
services.openssh.enable = true;
|
|
services.openssh.settings.PermitRootLogin = "no";
|
|
|
|
nix.settings.trusted-users = [ "rnhmjoj" "root" ];
|
|
|
|
|
|
## Network
|
|
|
|
networking.usePredictableInterfaceNames = false;
|
|
|
|
# Bridges for wired to wireless
|
|
networking.bridges.br0.interfaces = [ "eth0" ];
|
|
|
|
# change MAC address
|
|
networking.interfaces.eth0.macAddress = "00:68:eb:26:b2:42";
|
|
networking.interfaces.br0.macAddress = "00:68:eb:26:b2:43";
|
|
|
|
# Enable forwarding packets
|
|
boot.kernel.sysctl = {
|
|
"net.ipv6.conf.all.forwarding" = 1;
|
|
"net.ipv4.conf.all.forwarding" = 1;
|
|
};
|
|
|
|
# Create an access point
|
|
services.hostapd.enable = true;
|
|
services.hostapd.radios.wlan0 =
|
|
{ band = "5g";
|
|
channel = 0;
|
|
countryCode = "PA";
|
|
wifi4.capabilities =
|
|
[ "HT40+" "SHORT-GI-20" "SHORT-GI-40" "MAX-AMSDU-3839" "DSSS_CCK-40" ];
|
|
wifi5.capabilities = [ "MAX-MPDU-3895" "SHORT-GI-80" "SU-BEAMFORMEE" ];
|
|
wifi5.operatingChannelWidth = "80";
|
|
networks.wlan0 =
|
|
{ ssid = "<ssid-here>";
|
|
bssid = "f8:0d:ac:60:E0:f9";
|
|
authentication.mode = "wpa2-sha1";
|
|
authentication.wpaPassword = "<psk-here>";
|
|
settings.bridge = "br0";
|
|
};
|
|
};
|
|
|
|
|
|
## Make the image small
|
|
|
|
# disable nscd
|
|
services.nscd.enable = false;
|
|
system.nssModules = lib.mkForce [];
|
|
|
|
# use chrony
|
|
services.timesyncd.enable = false;
|
|
services.chrony.enable = true;
|
|
|
|
# disable systemd stuff
|
|
services.dbus.enable = lib.mkForce false;
|
|
systemd.coredump.enable = false;
|
|
systemd.services.mount-pstore.enable = false;
|
|
systemd.services.systemd-udev-settle.enable = false;
|
|
systemd.services.systemd-hostnamed.enable = false;
|
|
|
|
}
|