61 lines
1.2 KiB
Nix
61 lines
1.2 KiB
Nix
{ config, lib, pkgs, ... }: {
|
|
nix.settings.experimental-features = [ "nix-command" "flakes" ];
|
|
|
|
console = {
|
|
keyMap = lib.mkForce "dvorak-es";
|
|
useXkbConfig = true;
|
|
};
|
|
|
|
hardware = {
|
|
enableRedistributableFirmware = true;
|
|
cpu.amd.updateMicrocode =
|
|
lib.mkDefault config.hardware.enableRedistributableFirmware;
|
|
};
|
|
|
|
nixpkgs = {
|
|
config.allowUnfree = true;
|
|
hostPlatform = lib.mkDefault "x86_64-linux";
|
|
};
|
|
|
|
users = {
|
|
defaultUserShell = pkgs.zsh;
|
|
users.avery = {
|
|
description = "Avery";
|
|
extraGroups = [ "wheel" ];
|
|
isNormalUser = true;
|
|
hashedPasswordFile = config.sops.secrets.avery_password.path;
|
|
};
|
|
};
|
|
|
|
environment = {
|
|
shells = with pkgs; [ zsh ];
|
|
systemPackages = with pkgs; [ git htop neovim sops ];
|
|
};
|
|
|
|
programs.zsh.enable = true;
|
|
|
|
security = {
|
|
polkit.enable = true;
|
|
rtkit.enable = true;
|
|
sudo-rs = {
|
|
enable = true;
|
|
wheelNeedsPassword = true;
|
|
};
|
|
};
|
|
|
|
services.openssh = {
|
|
enable = true;
|
|
settings = {
|
|
X11Forwarding = false;
|
|
PermitRootLogin = "no";
|
|
};
|
|
};
|
|
|
|
sops = {
|
|
secrets.avery_password = {
|
|
sopsFile = "/etc/nixos/secrets/common.yaml";
|
|
neededForUsers = true;
|
|
};
|
|
validateSopsFiles = false;
|
|
};
|
|
}
|