76 lines
1.7 KiB
Nix
76 lines
1.7 KiB
Nix
{ pkgs, lib, ... }@args:
|
|
let
|
|
cfg = args.config.jconfig;
|
|
keysFromGithub = lib.attrsets.mapAttrs' (username: sha256: {
|
|
name = "pubkeys/${username}";
|
|
value = {
|
|
mode = "0755";
|
|
source = builtins.fetchurl {
|
|
inherit sha256;
|
|
url = "https://github.com/${username}.keys";
|
|
};
|
|
};
|
|
}) cfg.importSSHKeysFromGithub;
|
|
in
|
|
{
|
|
imports = [
|
|
./options.nix
|
|
./dev.nix
|
|
./gui.nix
|
|
./starship.nix
|
|
./styling.nix
|
|
];
|
|
|
|
config = lib.mkIf cfg.enable {
|
|
# Enable unlocking the gpg-agent at boot (configured through home.nix)
|
|
security.pam.services.login.gnupg.enable = true;
|
|
|
|
environment.systemPackages = [
|
|
# CLI tools
|
|
pkgs.fd
|
|
pkgs.ripgrep
|
|
pkgs.du-dust
|
|
pkgs.curl
|
|
pkgs.zip
|
|
pkgs.unzip
|
|
];
|
|
|
|
programs.fish.enable = true;
|
|
|
|
environment.etc = keysFromGithub;
|
|
services = {
|
|
# Enable printer autodiscovery if printing is enabled
|
|
avahi = {
|
|
inherit (args.config.services.printing) enable;
|
|
nssmdns4 = true;
|
|
openFirewall = true;
|
|
};
|
|
openssh.authorizedKeysFiles = builtins.map (keys: "/etc/${keys}") (
|
|
builtins.attrNames keysFromGithub
|
|
);
|
|
};
|
|
# Open ports for spotifyd
|
|
networking.firewall = {
|
|
allowedUDPPorts = [ 5353 ];
|
|
allowedTCPPorts = [ 2020 ];
|
|
};
|
|
# Nix Settings
|
|
nix = {
|
|
gc = {
|
|
automatic = true;
|
|
dates = "weekly";
|
|
options = "--delete-older-than 30d";
|
|
# run between 0 and 45min after boot if run was missed
|
|
randomizedDelaySec = "45min";
|
|
};
|
|
settings = {
|
|
use-xdg-base-directories = true;
|
|
auto-optimise-store = true;
|
|
experimental-features = [
|
|
"nix-command"
|
|
"flakes"
|
|
];
|
|
};
|
|
};
|
|
};
|
|
}
|