06b430e067
- Fix hardcoded user path in webapps.nix (use homeDirectory) - Normalize wallpapers option to use .enable suffix - Remove duplicate FZF keybind declaration - Update comments to match actual implementation
61 lines
1.1 KiB
Nix
61 lines
1.1 KiB
Nix
{pkgs, ...}: {
|
|
imports = [
|
|
./disko-config.nix
|
|
./hardware-configuration.nix
|
|
];
|
|
|
|
# Bootloader.
|
|
boot.loader.grub = {
|
|
efiSupport = true;
|
|
efiInstallAsRemovable = true;
|
|
};
|
|
|
|
networking.hostName = "m3-hermes";
|
|
networking.hostId = "a1b2c3d4"; # TODO: Generate unique hostId
|
|
networking.networkmanager.enable = true;
|
|
time.timeZone = "Europe/Berlin";
|
|
i18n.defaultLocale = "en_US.UTF-8";
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
neovim
|
|
git
|
|
tea
|
|
ghostty.terminfo
|
|
];
|
|
|
|
services.openssh = {
|
|
enable = true;
|
|
settings = {
|
|
PermitRootLogin = "no";
|
|
PasswordAuthentication = false;
|
|
};
|
|
};
|
|
|
|
security.sudo.extraRules = [
|
|
{
|
|
users = ["hermes"];
|
|
commands = [
|
|
{
|
|
command = "/run/current-system/sw/bin/podman";
|
|
options = ["NOPASSWD"];
|
|
}
|
|
];
|
|
}
|
|
];
|
|
|
|
services.fstrim = {
|
|
enable = true;
|
|
interval = "weekly";
|
|
};
|
|
|
|
# Firewall: outbound only, SSH inbound
|
|
networking.firewall = {
|
|
enable = true;
|
|
allowedTCPPorts = [22]; # SSH only
|
|
allowedUDPPorts = [];
|
|
allowPing = false;
|
|
};
|
|
|
|
system.stateVersion = "25.05";
|
|
}
|