# Nix Reference Manual: # https://nixos.org/manual/nix/stable/ # NixOS Packages / Options: # https://search.nixos.org/packages? { lib, config, pkgs, ... }: { imports = [ # Desktop Environments ./desktops/common.nix ./desktops/gnome.nix # Services ./services/openssh.nix ./services/promtail.nix ./services/fail2ban.nix ./services/telegraf.nix ]; # Define the default sops file: sops.defaultSopsFile = ./secrets/secrets.yaml; # Keep the system up-to-date automatically system = { autoUpgrade = { enable = true; allowReboot = false; channel = https://channels.nixos.org/nixos-23.05; }; }; # Bootloader boot.loader.efi.canTouchEfiVariables = true; boot.tmp.cleanOnBoot = true; # Plymouth splash screen boot.plymouth.enable = true; boot.initrd.systemd.enable = true; boot.kernelParams = ["quiet"]; # SecureBoot boot.loader.systemd-boot.enable = lib.mkForce false; boot.lanzaboote.enable = true; boot.lanzaboote.pkiBundle = "/etc/secureboot"; # Enable networking networking = { networkmanager = { enable = true; }; enableIPv6 = false; firewall = { enable = true; allowedTCPPorts = [ ]; allowedUDPPorts = [ ]; networking.interfaces.tailscale0.allowedTCPPorts = [ 22 ]; }; }; # Set your time zone. time.timeZone = "Asia/Tokyo"; # Select internationalisation properties. i18n.defaultLocale = "en_US.UTF-8"; i18n.extraLocaleSettings = { LC_ADDRESS = "en_US.UTF-8"; LC_IDENTIFICATION = "en_US.UTF-8"; LC_MEASUREMENT = "en_US.UTF-8"; LC_MONETARY = "en_US.UTF-8"; LC_NAME = "en_US.UTF-8"; LC_NUMERIC = "en_US.UTF-8"; LC_PAPER = "en_US.UTF-8"; LC_TELEPHONE = "en_US.UTF-8"; LC_TIME = "en_US.UTF-8"; }; # Define a user account. Don't forget to set a password with ‘passwd’. users.users.albert = { isNormalUser = true; description = "Albert J. Copeland"; extraGroups = [ "networkmanager" "wheel" ]; # passwordFile = /run/secrets/albert-pass }; # Enable flakes: https://nixos.wiki/wiki/Flakes nix.settings.experimental-features = [ "nix-command" "flakes" ]; # List packages installed in system profile environment.systemPackages = with pkgs; [ # Secureboot sbctl # Bash powerline powerline-go # General packages # https://github.com/gvolpe/dconf2nix dconf2nix wget neovim git curl htop iftop nload iotop glxinfo tailscale neofetch gnupg fail2ban ]; # Enable various system services services = { tailscale.enable = true; }; # Garbage collection -- Keep the system clean nix.gc = { automatic = true; dates = "daily"; options = "--delete-older-than 7d"; }; # Fonts fonts = { fontconfig = { defaultFonts = { emoji = [ "Noto Color Emoji" ]; monospace = [ "JetBrainsMono Nerd Font" "Cascadia Code" "Sarasa Mono SC" ]; sansSerif = [ "Arimo Nerd Font" "Sarasa Gothic SC" ]; serif = [ "Arimo Nerd Font" "Sarasa Gothic SC" ]; }; includeUserConf = false; }; fonts = with pkgs; [ cascadia-code (nerdfonts.override { fonts = [ "Arimo" "JetBrainsMono" ]; }) noto-fonts-emoji sarasa-gothic ]; }; # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave # this value at the release version of the first install of this system. # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "23.05"; # Did you read the comment? }