44 lines
896 B
Nix
44 lines
896 B
Nix
{pkgs, ...}: {
|
|
imports = [
|
|
./disko-config.nix
|
|
./hardware-configuration.nix
|
|
];
|
|
|
|
# Bootloader.
|
|
boot.loader.grub = {
|
|
efiSupport = true;
|
|
efiInstallAsRemovable = true;
|
|
};
|
|
|
|
networking.hostName = "m3-hermes";
|
|
networking.hostId = "a1b2c3d4"; # TODO: Generate unique hostId
|
|
networking.networkmanager.enable = true;
|
|
time.timeZone = "Europe/Berlin";
|
|
i18n.defaultLocale = "en_US.UTF-8";
|
|
|
|
environment.systemPackages = with pkgs; [neovim git];
|
|
|
|
services.openssh = {
|
|
enable = true;
|
|
settings = {
|
|
PermitRootLogin = "no";
|
|
PasswordAuthentication = false;
|
|
};
|
|
};
|
|
|
|
services.fstrim = {
|
|
enable = true;
|
|
interval = "weekly";
|
|
};
|
|
|
|
# Firewall: outbound only, SSH inbound
|
|
networking.firewall = {
|
|
enable = true;
|
|
allowedTCPPorts = [22]; # SSH only
|
|
allowedUDPPorts = [];
|
|
allowPing = false;
|
|
};
|
|
|
|
system.stateVersion = "25.05";
|
|
}
|