diff options
| author | Ben Sima <ben@bsima.me> | 2024-05-15 21:04:08 -0400 |
|---|---|---|
| committer | Ben Sima <ben@bsima.me> | 2024-10-31 13:28:50 -0400 |
| commit | 2b23714e642554c747ad8e750a6504d4fd0da5b0 (patch) | |
| tree | 2049da65587e7a87a51d853cbc395441260ed32c /machines/lib/base.nix | |
| parent | 15c3357d0d971f22892b796deb9e22bea51556fb (diff) | |
add boron
Diffstat (limited to 'machines/lib/base.nix')
| -rw-r--r-- | machines/lib/base.nix | 73 |
1 files changed, 73 insertions, 0 deletions
diff --git a/machines/lib/base.nix b/machines/lib/base.nix new file mode 100644 index 0000000..3805aa4 --- /dev/null +++ b/machines/lib/base.nix @@ -0,0 +1,73 @@ +{ config, lib, pkgs, ... }: + +let + nixpkgs = builtins.fetchTarball (import ../../nixpkgs.nix); +in { + console.font = "${pkgs.fira-code}/share/fonts/truetype/FiraCode-VF.ttf"; + + environment.systemPackages = with pkgs; [ + yubioath-flutter + yubico-pam + yubikey-manager + yubikey-personalization + ]; + + + fonts.fonts = with pkgs; [ + google-fonts mononoki source-code-pro fantasque-sans-mono hack-font + fira fira-code fira-code-symbols + ]; + + location.latitude = 40.80; + location.longitude = -81.52; + + programs.bash.enableCompletion = true; + programs.command-not-found.enable = true; + programs.light.enable = true; + programs.gnupg.agent.enable = true; + programs.gnupg.agent.enableSSHSupport = true; + programs.mosh.enable = true; + programs.ssh.agentTimeout = "1h"; + + security.pam.yubico.control = "sufficient"; # use yubikey in lieu of password + security.pam.yubico.debug = false; + security.pam.yubico.enable = true; + security.pam.yubico.mode = "challenge-response"; + security.sudo.wheelNeedsPassword = true; + + services.pcscd.enable = true; + + services.logind.lidSwitch = "suspend"; + services.logind.lidSwitchDocked = "lock"; + services.logind.lidSwitchExternalPower = "lock"; + + services.clight.enable = true; + services.clight.temperature.day = 6500; + services.clight.temperature.night = 1800; + + services.printing.enable = true; + + services.xserver.xkbOptions = "caps:ctrl_modifier"; + + services.vnstat.enable = true; + + services.fail2ban.enable = true; + services.clamav.daemon.enable = false; + services.clamav.updater.enable = false; + + nix.nixPath = [ + "nixpkgs=${nixpkgs}" + "nixos-config=/etc/nixos/configuration.nix" + "/nix/var/nix/profiles/per-user/root/channels" + ]; + nix.gc.automatic = false; + nix.gc.dates = "03:15"; + nix.extraOptions = '' + builders-use-substitutes = true + ''; + + nixpkgs.config.allowUnfree = true; + nixpkgs.config.allowBroken = true; + + time.timeZone = "America/New_York"; +} |