78 lines
2.4 KiB
Nix
78 lines
2.4 KiB
Nix
{ config, lib, pkgs, ... }:
|
|
|
|
{
|
|
imports =
|
|
[
|
|
./hardware-configuration.nix
|
|
./disko-config.nix
|
|
];
|
|
|
|
boot = {
|
|
# Lanzaboote currently replaces the systemd-boot module.
|
|
loader.systemd-boot.enable = lib.mkForce false;
|
|
loader.efi.canTouchEfiVariables = true;
|
|
bootspec.enable = true;
|
|
lanzaboote = {
|
|
enable = true;
|
|
pkiBundle = "/etc/secureboot";
|
|
# This will be the new location in unstable
|
|
# pkiBundle = "/var/lib/sbctl";
|
|
};
|
|
initrd.systemd.enable = true;
|
|
# Name "crypted" corresponds to the luks name in disko config
|
|
initrd.luks.devices.crypted = {
|
|
device = lib.mkForce "/dev/disk/by-uuid/26973b85-9c65-488b-93fb-8992ea0f8d50";
|
|
crypttabExtraOpts = [ "tpm2-device=auto" ];
|
|
};
|
|
};
|
|
|
|
networking.hostName = "dalinar";
|
|
networking.useNetworkd = true;
|
|
|
|
time.timeZone = "Europe/Berlin";
|
|
|
|
i18n.defaultLocale = "en_US.UTF-8";
|
|
console = {
|
|
font = "Lat2-Terminus16";
|
|
keyMap = "de";
|
|
};
|
|
|
|
users.mutableUsers = false;
|
|
# mkpasswd -m sha512crypt <password>
|
|
users.users.root.hashedPassword = "$6$JdgM.TQt0/0988od$yPVgGZ5zu6HjG.sVjzEWJBm4L7XEReuplrqLRekPq/GrAyk5GrFmPM9hdzrmD28PDX9AtxaClYM5emsJ75YfJ0";
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
htop
|
|
sbctl
|
|
tmux
|
|
vim
|
|
wget
|
|
];
|
|
|
|
powerManagement.powertop.enable = true;
|
|
programs.neovim.enable = true;
|
|
|
|
services.tailscale.enable = true;
|
|
|
|
# This option defines the first version of NixOS you have installed on this particular machine,
|
|
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
|
|
#
|
|
# Most users should NEVER change this value after the initial install, for any reason,
|
|
# even if you've upgraded your system to a new NixOS release.
|
|
#
|
|
# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
|
|
# so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
|
|
# to actually do that.
|
|
#
|
|
# This value being lower than the current NixOS release does NOT mean your system is
|
|
# out of date, out of support, or vulnerable.
|
|
#
|
|
# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
|
|
# and migrated your data accordingly.
|
|
#
|
|
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
|
|
system.stateVersion = "24.11"; # Did you read the comment?
|
|
|
|
}
|
|
|