The Nest
Explore
0
one flake containing all of my nixos configs 
{pkgs, ...}: {
  imports = [
    ../nixpkgs/nixos/common.nix
    ../nixpkgs/nixos/networking.nix
    ../nixpkgs/nixos/tailscale.nix
    ../nixpkgs/nixos/users/chris-minimal.nix
    ./hardware-configurations/tootsie.nix
  ];

  boot.loader.grub.enable = true;

  # forwarding required for tailscale exit-node
  # https://tailscale.com/kb/1104/enable-ip-forwarding/
  boot.kernel.sysctl."net.ipv4.ip_forward" = true;
  boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = true;

  networking = {
    firewall.checkReversePath = "loose";
    hostName = "tootsie";
    useDHCP = false;
    defaultGateway = {
      address = "45.56.117.20";
      interface = "eth0";
    };
    usePredictableInterfaceNames = false;
    interfaces.eth0 = {
      useDHCP = true;
      ipv4.addresses = [
        {
          address = "45.56.117.20";
          prefixLength = 24;
        }
      ];
    };
    # https://discourse.nixos.org/t/nixos-on-linode/14825
    # Linode blocks all IPv6 traffic originating from your instance
    # except for traffic originating from your assigned address. If
    # you have temporary addresses enabled, traffic will originate
    # from them by default.
    tempAddresses = "disabled";
  };

  services.openssh = {
    enable = true;
    settings.PermitRootLogin = "no";
    settings.PasswordAuthentication = false;
  };

  environment.systemPackages = with pkgs; [
    inetutils
    mtr
    sysstat
  ];

  system.stateVersion = "21.11";
  home-manager.users.chris = {
    pkgs,
    config,
    ...
  }: {
    home.stateVersion = "21.11";
    home.packages = with pkgs; [python311Packages.pipx];
    programs.meganz.enable = true;
    programs.zsh.initExtra = ''
      export PATH=$HOME/.local/bin:$PATH
    '';
  };

  time.timeZone = "UTC";

  # TODO extract into deployable module
  security.sudo = {
    wheelNeedsPassword = false;
    execWheelOnly = true;
  };
}