1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
|
{
config,
pkgs,
inputs,
...
}:
{
imports = [
./hardware-configuration.nix
./disko.nix
./impermanence.nix
./router.nix
./immich.nix
./postgresql.nix
];
powerManagement.powertop.enable = true;
hardware.graphics.extraPackages = with pkgs; [
vpl-gpu-rt
intel-media-driver
];
hardware.graphics.enable = true;
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
networking.hostName = "oden";
networking.hostId = "0de6fce1"; # needed for zfs, taken from /etc/machine-id
# Set your time zone.
time.timeZone = "Europe/Stockholm";
i18n.defaultLocale = "en_US.UTF-8";
console = {
font = "Lat2-Terminus16";
keyMap = "mod-dh-iso-us";
};
users.mutableUsers = false;
users.users.mathias = {
isNormalUser = true;
extraGroups = [ "wheel" ];
shell = pkgs.fish;
hashedPasswordFile = config.age.secrets."password-hash.txt".path;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPC69ml72mqbn7L3QkpsCJuWdrKFYFNd0MaS5xERbuSF"
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEdUe7mxGdV/Q37RKndPzDHisFb7q/xm+L97jcGluSDOA8MGt/+wTxpyGxfyEqaMvwV2bakaMVHTB3711dDu5kE="
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLZ6OVyjTvWx9gvS+/DvkQW5VvLBbykq/0AV5mYDLADDtIOaDVscQ3lGOcUsga1ODNSl14MSV63bE8VtHfG1HOc="
];
};
users.users.root.hashedPasswordFile = config.age.secrets."password-hash.txt".path;
age.secrets."password-hash.txt".file = ./secrets/password-hash.txt.age;
virtualisation.docker.enable = true;
oden.persist.directories = [ "/var/lib/docker" ];
programs.fish = {
enable = true;
shellAliases = {
e = "nvim";
lg = "lazygit";
};
};
programs.lazygit = {
enable = true;
settings.git.autoFetch = false;
};
programs.nh = {
enable = true;
flake = "/home/mathias/oden";
};
environment.systemPackages = with pkgs; [
neovim
curl
git
(ffmpeg.override { withVpl = true; })
(inputs.agenix.packages.${pkgs.system}.agenix)
age-plugin-yubikey
lm_sensors
ghostty.terminfo
];
age.identityPaths = [ "/nix/persist/etc/ssh/ssh_host_ed25519_key" ];
services.openssh.enable = true;
services.openssh.settings = {
PasswordAuthentication = false;
PermitRootLogin = "no";
};
security.sudo.wheelNeedsPassword = false;
nix.registry.nixpkgs.flake = inputs.nixpkgs;
nix.extraOptions = ''
experimental-features = nix-command flakes
'';
# This option defines the first version of NixOS you have installed on this particular machine,
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
#
# Most users should NEVER change this value after the initial install, for any reason,
# even if you've upgraded your system to a new NixOS release.
#
# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
# so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
# to actually do that.
#
# This value being lower than the current NixOS release does NOT mean your system is
# out of date, out of support, or vulnerable.
#
# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
# and migrated your data accordingly.
#
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system.stateVersion = "25.05"; # Did you read the comment?
}
|
