NixOS-Config/nixos/shared/default.nix

170 lines
4.4 KiB
Nix

{
inputs,
outputs,
lib,
config,
pkgs,
...
}: {
imports = [
./locale
./packages
inputs.home-manager.nixosModules.home-manager
];
sops = {
age.keyFile = ../../../../../../var/secrets/keys.txt;
secrets."lillian-password".neededForUsers = true;
defaultSopsFile = ../hosts/${config.networking.hostName}/secrets/sops.yaml;
secrets."wg-private-key".mode = "0440";
secrets."wg-private-key".owner = config.users.users.root.name;
secrets."ssh-private-key" = {
mode = "0600";
owner = config.users.users.lillian.name;
path = "/home/lillian/.ssh/id_ed25519";
};
};
#TODO: remove this when unneeded for freetube
nixpkgs.config.permittedInsecurePackages = [
"python3.12-youtube-dl-2021.12.17"
];
nix = {
package = pkgs.lix;
gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 7d";
};
# This will add each flake input as a registry
# To make nix3 commands consistent with your flake
registry = lib.mapAttrs (_: value: {flake = value;}) inputs;
# This will additionally add your inputs to the system's legacy channels
# Making legacy nix commands consistent as well, awesome!
nixPath = lib.mapAttrsToList (key: value: "${key}=${value.to.path}") config.nix.registry;
settings = {
# Enable flakes and new 'nix' command
experimental-features = "nix-command flakes";
# Deduplicate and optimize nix store
auto-optimise-store = true;
extra-substituters = [
"https://cache.lix.systems"
"https://nix-community.cachix.org"
"https://nixpkgs-unfree.cachix.org"
"https://0uptime.cachix.org"
];
trusted-public-keys = [
"cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"nixpkgs-unfree.cachix.org-1:hqvoInulhbV4nJ9yJOEr+4wxhDV4xq2d1DK7S6Nj6rs="
"0uptime.cachix.org-1:ctw8yknBLg9cZBdqss+5krAem0sHYdISkw/IFdRbYdE="
];
};
};
catppuccin = {
flavor = "macchiato";
enable = true;
plymouth.enable = false;
grub.enable = false;
};
# console.catppuccin.enable = true;
programs.zsh = {
enable = true;
};
stylix = {
enable = true;
autoEnable = true;
base16Scheme = {
scheme = "Catppuccin Macchiato";
author = "https://github.com/catppuccin/catppuccin";
base00 = "24273a";
base01 = "1e2030";
base02 = "363a4f";
base03 = "494d64";
base04 = "5b6078";
base05 = "cad3f5";
base06 = "f4dbd6";
base07 = "b7bdf8";
base08 = "ed8796";
base09 = "f5a97f";
base0A = "eed49f";
base0B = "a6da95";
base0C = "8bd5ca";
base0D = "8aadf4";
base0E = "c6a0f6";
base0F = "f0c6c6";
};
image = ./background.jpg;
cursor.package = pkgs.catppuccin-cursors.macchiatoMauve;
cursor.name = "catppuccin-macchiato-mauve-cursors";
homeManagerIntegration.followSystem = true;
fonts = {
serif = {
package = pkgs.dejavu_fonts;
name = "DejaVu Serif";
};
monospace = {
package = pkgs.dejavu_fonts;
name = "DejaVu Sans Mono";
};
sansSerif = {
package = pkgs.dejavu_fonts;
name = "DejaVu Sans";
};
emoji = {
package = pkgs.noto-fonts-emoji-blob-bin;
name = "Blobmoji";
};
};
};
fonts.packages = [
pkgs.dejavu_fonts
pkgs.noto-fonts
pkgs.nerd-fonts.fira-mono
];
# Enable completion of system packages by zsh
environment.pathsToLink = ["/share/zsh"];
home-manager = {
backupFileExtension = "backup";
extraSpecialArgs = {
inputs = inputs;
outputs = outputs;
};
users = {
# Import your home-manager configuration
lillian = import ../../home-manager/hosts/${config.networking.hostName};
};
};
users = {
users.lillian = {
isNormalUser = true;
extraGroups = ["sudo" "networkmanager" "wheel" "vboxsf" "docker"];
shell = pkgs.zsh;
hashedPasswordFile = config.sops.secrets."lillian-password".path;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILhwA+ZdP2tEBYQNdzLHZzFHxocyeqzhXI6tFpaZA3PZ lillian@EDI"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH30G2PJOnI6jnAtxOQV0SpLFUva0adarLZLvaoZvjGE lillian@GLaDOS"
];
};
mutableUsers = false;
users.root = {
hashedPassword = "*";
};
};
}