nixos/hosts/common/core/default.nix

64 lines
1.3 KiB
Nix

{ pkgs, lib, inputs, config, outputs, ... }:
let
sopsHashedPasswordFile = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."passwords/root".path;
in
{
imports = [
inputs.impermanence.nixosModules.impermanence
./sops.nix
./locale.nix
];
nixpkgs = {
overlays = [
outputs.overlays.additions
outputs.overlays.modifications
outputs.overlays.unstable-packages
inputs.nur.overlays.default
];
config = {
allowUnfree = true;
};
};
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
nix.settings.experimental-features = [ "nix-command" "flakes" ];
users = {
mutableUsers = true;
extraUsers = {
root = {
hashedPasswordFile = sopsHashedPasswordFile;
};
};
};
nix.gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 30d";
};
environment.systemPackages = [
pkgs.rsync
pkgs.curl
pkgs.just
pkgs.vim
];
programs.git = {
enable = true;
package = pkgs.git;
config = {
# need to set /etc/nixos as safe directory to enable root to interact with non-root nix config repo
safe = {directory = ["/etc/nixos"]; };
};
};
system.stateVersion = "24.05";
}