73 lines
1.5 KiB
Nix
73 lines
1.5 KiB
Nix
{ pkgs, config, ... }: {
|
|
imports = [
|
|
./hardware-configuration.nix
|
|
./tor.nix
|
|
];
|
|
|
|
nix.package = pkgs.nixUnstable;
|
|
nix.extraOptions = ''
|
|
experimental-features = nix-command flakes
|
|
'';
|
|
|
|
boot.loader.grub.configurationLimit = 5;
|
|
boot.tmp.cleanOnBoot = true;
|
|
zramSwap.enable = true;
|
|
networking.hostName = "apple";
|
|
networking.domain = "";
|
|
networking.firewall = {
|
|
enable = true;
|
|
allowedTCPPorts = [ 80 443 3000 ];
|
|
};
|
|
|
|
networking = {
|
|
interfaces = {
|
|
ens3.ipv6.addresses = [{
|
|
address = "2a01:4f8:1c1e:95be::1";
|
|
prefixLength = 64;
|
|
}];
|
|
};
|
|
defaultGateway6 = {
|
|
address = "fe80::1";
|
|
interface = "ens3";
|
|
};
|
|
};
|
|
|
|
services.openssh.settings.PermitRootLogin = "no";
|
|
services.openssh.enable = true;
|
|
users.users.nixuser.openssh.authorizedKeys.keys = [''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDkt+yJSrXhJedWxxR3ISwByyXU0tXyhJlLwIS5vL0KO''
|
|
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPj0rhpWRvdmeVd1uXCLGC+797Nmouvsb9jvRT8y85FS''];
|
|
services.fail2ban.enable = true;
|
|
|
|
programs.bash.shellAliases = {
|
|
yay = "nixos-rebuild switch";
|
|
};
|
|
|
|
users.users.nixuser = {
|
|
isNormalUser = true;
|
|
extraGroups = [ "wheel" ];
|
|
packages = with pkgs; [
|
|
vim
|
|
git
|
|
btop
|
|
htop
|
|
];
|
|
};
|
|
|
|
environment.shellAliases = {
|
|
nyx = "sudo -u tor '${pkgs.nyx}/bin/nyx'";
|
|
};
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
vim
|
|
dig
|
|
whois
|
|
traceroute
|
|
fmt
|
|
git
|
|
ssh-audit
|
|
];
|
|
|
|
system.stateVersion = "23.11";
|
|
}
|
|
|