59 lines
1.3 KiB
Nix
59 lines
1.3 KiB
Nix
{ inputs, config, ... }:
|
|
|
|
{
|
|
imports = [
|
|
./disk-config.nix
|
|
../../hardware/base.nix
|
|
../../hardware/bluetooth.nix
|
|
../../system/desktop.nix
|
|
../../system/printing/home.nix
|
|
../../desktop
|
|
../../desktop/cosmic.nix
|
|
../../virtualisation/containers.nix
|
|
../../virtualisation/podman.nix
|
|
../../virtualisation/libvirt.nix
|
|
../../modules/systemdNotify.nix
|
|
inputs.seven-modules.nixosModules.seven
|
|
];
|
|
|
|
age.secrets.wireguard-seven-cmdframe-key = {
|
|
file = ../../secrets/wireguard/seven/cmdframe.key.age;
|
|
owner = "systemd-network";
|
|
};
|
|
|
|
services.fprintd.enable = true;
|
|
|
|
programs.zsh.enable = true;
|
|
|
|
services.openssh = {
|
|
enable = true;
|
|
settings = {
|
|
KbdInteractiveAuthentication = false;
|
|
PasswordAuthentication = false;
|
|
PermitRootLogin = "no";
|
|
};
|
|
};
|
|
|
|
services.tailscale.extraUpFlags = [
|
|
"--accept-routes"
|
|
"--operator=felschr"
|
|
];
|
|
|
|
seven = {
|
|
enable = true;
|
|
wireguard = {
|
|
addresses = [
|
|
"198.18.1.241/15"
|
|
"fd00:5ec::1f1/48"
|
|
];
|
|
privateKeyFile = config.age.secrets.wireguard-seven-cmdframe-key.path;
|
|
};
|
|
};
|
|
|
|
systemd.notify.enable = true;
|
|
systemd.notify.method = "libnotify";
|
|
systemd.notify.libnotify.user = "felschr";
|
|
|
|
# only change this when specified in release notes
|
|
system.stateVersion = "25.05";
|
|
}
|