NixOS-Config/nixos/shared/default.nix

87 lines
2.5 KiB
Nix

{
inputs,
outputs,
lib,
config,
pkgs,
pkgs-edge,
...
}: {
imports = [
./locale
./packages
];
sops.age.keyFile = ../../../../../../var/secrets/keys.txt;
sops.secrets."lillian-password".neededForUsers = true;
#TODO: remove this when unneeded for freetube
nixpkgs.config.permittedInsecurePackages = [
"python3.12-youtube-dl-2021.12.17"
];
nix = {
package = pkgs.lix;
gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 7d";
};
# This will add each flake input as a registry
# To make nix3 commands consistent with your flake
registry = lib.mapAttrs (_: value: {flake = value;}) inputs;
# This will additionally add your inputs to the system's legacy channels
# Making legacy nix commands consistent as well, awesome!
nixPath = lib.mapAttrsToList (key: value: "${key}=${value.to.path}") config.nix.registry;
settings = {
# Enable flakes and new 'nix' command
experimental-features = "nix-command flakes";
# Deduplicate and optimize nix store
auto-optimise-store = true;
extra-substituters = [
"https://cache.lix.systems"
"https://nix-community.cachix.org"
"https://nixpkgs-unfree.cachix.org"
"https://0uptime.cachix.org"
];
trusted-public-keys = [
"cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"nixpkgs-unfree.cachix.org-1:hqvoInulhbV4nJ9yJOEr+4wxhDV4xq2d1DK7S6Nj6rs="
"0uptime.cachix.org-1:ctw8yknBLg9cZBdqss+5krAem0sHYdISkw/IFdRbYdE="
];
};
};
catppuccin.flavor = "macchiato";
catppuccin.enable = true;
console.catppuccin.enable = true;
home-manager.backupFileExtension = "backup";
users.users.lillian = {
isNormalUser = true;
extraGroups = ["sudo" "networkmanager" "wheel" "vboxsf" "docker"];
shell = pkgs.zsh;
hashedPasswordFile = config.sops.secrets."lillian-password".path;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILhwA+ZdP2tEBYQNdzLHZzFHxocyeqzhXI6tFpaZA3PZ lillian@EDI"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH30G2PJOnI6jnAtxOQV0SpLFUva0adarLZLvaoZvjGE lillian@GLaDOS"
];
};
programs.zsh = {
enable = true;
};
# Enable completion of system packages by zsh
environment.pathsToLink = ["/share/zsh"];
users.mutableUsers = false;
users.users.root = {
hashedPassword = "*";
};
}