{ config, pkgs, ... }: { imports = [ ../users ]; # Set your time zone. time.timeZone = "Europe/Berlin"; # networking.useDHCP = false; TODO: why was this globally disabled? Because it should be! DHCP should only be enabled per interface. networking.firewall.allowedTCPPorts = [ 19999 ]; services.netdata.enable = true; networking.nameservers = [ "2a01:4f8:1c0c:8221::8" "10.42.10.8" ]; services.qemuGuest.enable = true; # Select internationalisation properties. i18n.defaultLocale = "en_US.UTF-8"; console = { font = "Lat2-Terminus16"; keyMap = "de-latin1"; }; environment.systemPackages = with pkgs; [ wget vim tmux screen mtr tcpdump bat direnv starship ]; programs.zsh = { enable = true; histSize = 10000; autosuggestions.enable = true; enableBashCompletion = true; syntaxHighlighting.enable = true; promptInit = '' if [[ $TERM != "dumb" && (-z $INSIDE_EMACS || $INSIDE_EMACS == "vterm") ]]; then eval "$(${pkgs.starship}/bin/starship init zsh)" fi source ~/.zkbd/$TERM-''${''${DISPLAY:t}:-$VENDOR-$OSTYPE} [[ -n ''${key[Left]} ]] && bindkey "''${key[Left]}" backward-char [[ -n ''${key[Right]} ]] && bindkey "''${key[Right]}" forward-char bindkey "''${key[Up]}" up-line-or-search bindkey "''${key[Home]}" beginning-of-line bindkey "''${key[End]}" end-of-line bindkey "''${key[Delete]}" delete-char function command_not_found_handler() { command-not-found $1 } alias cat='bat' eval "$(direnv hook zsh)" eval "$(starship init zsh)" ''; }; programs.mtr.enable = true; nix.settings = { trusted-users = [ "@wheel" ]; auto-optimise-store = true; }; nix.gc = { automatic = true; dates = "weekly"; options = "--delete-older-than 14d"; }; nix.extraOptions = '' min-free = ${toString (100 * 1024 * 1024)} max-free = ${toString (1024 * 1024 * 1024)} ''; services.openssh = { enable = true; passwordAuthentication = false; kbdInteractiveAuthentication = false; permitRootLogin = "yes"; }; security.acme.acceptTerms = true; security.acme.defaults.email = "vcp-letsencrypt@clerie.de"; services.nginx = { enable = true; clientMaxBodySize = "400M"; recommendedGzipSettings = true; recommendedOptimisation = true; recommendedProxySettings = true; recommendedTlsSettings = true; }; security.sudo.wheelNeedsPassword = false; sops.defaultSopsFile = (../. + "/hosts/${config.networking.hostName}/secrets.yaml"); }