101 lines
3.6 KiB
Nix
101 lines
3.6 KiB
Nix
{ config, lib, pkgs, ... }:
|
|
{
|
|
# ─── Boot ──────────────────────────────────────────────────────────────────
|
|
boot.loader.grub = {
|
|
enable = true;
|
|
device = "/dev/sda"; # BIOS/MBR install on scsi0
|
|
useOSProber = false;
|
|
};
|
|
|
|
boot.kernelPackages = pkgs.linuxPackages_latest;
|
|
|
|
# ─── Filesystems ───────────────────────────────────────────────────────────
|
|
fileSystems."/" = {
|
|
device = "/dev/disk/by-label/nixos";
|
|
fsType = "ext4";
|
|
};
|
|
|
|
swapDevices = [{ device = "/dev/disk/by-label/swap"; }];
|
|
|
|
# ─── Hardware ──────────────────────────────────────────────────────────────
|
|
services.qemuGuest.enable = true;
|
|
|
|
# ─── Network ───────────────────────────────────────────────────────────────
|
|
networking = {
|
|
hostName = "nixos-dev";
|
|
networkmanager.enable = true;
|
|
useDHCP = lib.mkDefault true;
|
|
firewall = {
|
|
enable = true;
|
|
allowedTCPPorts = [ 22 3000 8000 8080 ];
|
|
};
|
|
};
|
|
|
|
# ─── SSH ───────────────────────────────────────────────────────────────────
|
|
services.openssh = {
|
|
enable = true;
|
|
settings = {
|
|
PermitRootLogin = "no";
|
|
PasswordAuthentication = false;
|
|
};
|
|
};
|
|
|
|
# ─── Users ─────────────────────────────────────────────────────────────────
|
|
users.users.konrad = {
|
|
isNormalUser = true;
|
|
extraGroups = [ "wheel" "docker" "networkmanager" ];
|
|
shell = pkgs.zsh;
|
|
openssh.authorizedKeys.keys = [
|
|
# crablo (OpenClaw agent)
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJLK3oQWZNq7vanyv6E6DM4QTN03sKhp149Ob44YTiS4 crablo@proxmox"
|
|
];
|
|
};
|
|
|
|
security.sudo.wheelNeedsPassword = false;
|
|
|
|
# ─── Programs ──────────────────────────────────────────────────────────────
|
|
programs = {
|
|
zsh.enable = true;
|
|
git.enable = true;
|
|
};
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
curl
|
|
wget
|
|
git
|
|
vim
|
|
neovim
|
|
htop
|
|
btop
|
|
ripgrep
|
|
fd
|
|
jq
|
|
tree
|
|
unzip
|
|
tmux
|
|
];
|
|
|
|
# ─── Docker ────────────────────────────────────────────────────────────────
|
|
virtualisation.docker = {
|
|
enable = true;
|
|
enableOnBoot = true;
|
|
};
|
|
|
|
# ─── Nix ───────────────────────────────────────────────────────────────────
|
|
nix.settings = {
|
|
experimental-features = [ "nix-command" "flakes" ];
|
|
auto-optimise-store = true;
|
|
trusted-users = [ "root" "konrad" ];
|
|
};
|
|
|
|
nix.gc = {
|
|
automatic = true;
|
|
dates = "weekly";
|
|
options = "--delete-older-than 7d";
|
|
};
|
|
|
|
nixpkgs.config.allowUnfree = true;
|
|
|
|
system.stateVersion = "24.11";
|
|
}
|