93 lines
2.3 KiB
Nix
Executable file
93 lines
2.3 KiB
Nix
Executable file
{ config, lib, pkgs, flakeSelf, ... }:
|
|
|
|
{
|
|
environment = {
|
|
# As of the 1st of May 2023, the default packages are nano, perl, rsync and strace
|
|
# I don't need any of them, so I just empty the list
|
|
defaultPackages = [];
|
|
variables = {
|
|
# Environment variables go here
|
|
EDITOR = "micro";
|
|
};
|
|
};
|
|
|
|
# Set up /tmp
|
|
boot.tmp = {
|
|
useTmpfs = lib.mkDefault true;
|
|
# Cleaning out /tmp at boot if it's a tmpfs is quite stupid
|
|
cleanOnBoot = !config.boot.tmp.useTmpfs;
|
|
};
|
|
|
|
# Set up keyboard layout
|
|
services.xserver.layout = "es";
|
|
|
|
# Set up console
|
|
console = {
|
|
packages = [ pkgs.terminus_font ];
|
|
earlySetup = true;
|
|
font = lib.mkDefault "ter-i16n";
|
|
# Make the console use X's keyboard configuration
|
|
useXkbConfig = true;
|
|
};
|
|
|
|
boot.supportedFilesystems = [ "nfs" ];
|
|
|
|
# Set up localisation
|
|
i18n = {
|
|
defaultLocale = "en_US.UTF-8";
|
|
extraLocaleSettings = {
|
|
LC_NUMERIC = "es_ES.UTF-8";
|
|
# am/pm is nice but mm/dd/yy is yucky
|
|
LC_TIME = "es_US.UTF-8";
|
|
LC_MONETARY = "es_ES.UTF-8";
|
|
LC_MEASUREMENT = "es_ES.UTF-8";
|
|
LC_PAPER = "es_ES.UTF-8";
|
|
LC_ADDRESS = "es_US.UTF-8";
|
|
LC_NAME = "es_ES.UTF-8";
|
|
LC_TELEPHONE = "es_ES.UTF-8";
|
|
};
|
|
};
|
|
|
|
# Set up time zone.
|
|
time.timeZone = "Europe/Madrid";
|
|
|
|
home-manager = {
|
|
backupFileExtension = "hm-backup";
|
|
useGlobalPkgs = true;
|
|
users.toast = { config, ... }: {
|
|
home.stateVersion = "23.05";
|
|
xdg = {
|
|
userDirs = {
|
|
enable = true;
|
|
createDirectories = true;
|
|
publicShare = null; # Disable the public folder
|
|
};
|
|
};
|
|
};
|
|
};
|
|
|
|
# Set up secrets
|
|
age = {
|
|
identityPaths = [
|
|
"/etc/ssh/ssh_host_rsa_key"
|
|
"/etc/ssh/ssh_host_ed25519_key"
|
|
# This key has a passcode, so if you need to use it you'll have to
|
|
# enter the password A LOT of times. Only on the first setup tho
|
|
"/tmp/id_ed25519_bootstrap"
|
|
];
|
|
};
|
|
|
|
/*
|
|
I used to keep the host keys in the repo as a secret, but since I use the
|
|
host keys for decrypting too I'm not sure encrypting a key with itself
|
|
is a good idea. Now the host keys will need to be placed manually where they are needed
|
|
For first time installs they are generated by services.openssh.hostKeys on servers, and
|
|
manually on everything else
|
|
*/
|
|
|
|
system = {
|
|
stateVersion = "23.05";
|
|
configurationRevision = flakeSelf.sourceInfo.rev or flakeSelf.sourceInfo.dirtyRev;
|
|
nixos.variant_id = lib.strings.toLower config.networking.hostName;
|
|
};
|
|
}
|