Skip to content

Instantly share code, notes, and snippets.

@chrisportela

chrisportela/configuration.nix Secret

Created June 9, 2023 14:57
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save chrisportela/650f80d18ea48b4c31259ca73b66e8ec to your computer and use it in GitHub Desktop.
Save chrisportela/650f80d18ea48b4c31259ca73b66e8ec to your computer and use it in GitHub Desktop.
Download ZIP
Basic configuration for a "base nix" VM instance you can deploy changes on top of
Raw
configuration.nix
{ config, pkgs, ... }:
{
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
];
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
nix = {
settings = {
sandbox = true;
trusted-users = [ "root" "@wheel" ];
experimental-features = [ "nix-command" "flakes" ];
};
};
networking.hostName = "nixos-template"; # Define your hostname.
environment.systemPackages = with pkgs; [
nixpkgs-fmt
curl
neovim
git
parted
];
environment.variables = {
EDITOR = "vim";
};
services.openssh = {
enable = true;
openFirewall = true;
settings = {
#PermitRootLogin = "no";
PasswordAuthentication = false;
KexAlgorithms = [
"curve25519-sha256"
"curve25519-sha256@libssh.org"
"diffie-hellman-group-exchange-sha256"
"ecdh-sha2-nistp256"
];
};
hostKeys = [
{
type = "rsa";
bits = 4096;
path = "/etc/ssh/ssh_host_rsa_key";
}
{
type = "ed25519";
path = "/etc/ssh/ssh_host_ed25519_key";
}
{
type = "ecdsa";
bits = 256;
path = "/etc/ssh/ssh_host_ecdsa_key";
}
];
#ports = [ 2222 ];
};
users.users = {
cmp = {
isNormalUser = true;
extraGroups = [ "wheel" ];
packages = [ ];
openssh.authorizedKeys.keys = [
"..."
];
};
};
security.sudo.wheelNeedsPassword = true;
system.stateVersion = "23.05"; # Did you read the comment?
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment