From 9453773af6bdc5b6d8a726d3d6eafc9bd1a99aa7 Mon Sep 17 00:00:00 2001 From: Wateir Date: Sun, 21 Dec 2025 15:33:03 +0100 Subject: [PATCH] chore: Refractor --- configuration.nix | 182 ++++++++++++++++++++++------------------------ 1 file changed, 85 insertions(+), 97 deletions(-) diff --git a/configuration.nix b/configuration.nix index a557e46..65b384c 100644 --- a/configuration.nix +++ b/configuration.nix @@ -1,10 +1,8 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). - { config,pkgs,lib, ... }: { + system.stateVersion = "25.11"; + imports = [ ./hardware-configuration.nix @@ -20,35 +18,40 @@ nix.settings.experimental-features = [ "nix-command" "flakes" ]; - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - # Use latest kernel. - boot.kernelPackages = pkgs.linuxPackages_latest; + boot = { + loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; + kernelPackages = pkgs.linuxPackages_latest; # Use latest kernel. + }; - networking.hostName = "ThinkCentre-Server-004"; # Define your hostname. - # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. - - # Configure network proxy if necessary - # networking.proxy.default = "http://user:password@proxy:port/"; - # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; - - networking.networkmanager.enable = true; + networking = { + hostName = "ThinkCentre-Server-004"; # Define your hostname. + #wireless.enable = true; # Enables wireless support via wpa_supplicant. + #proxy.default = "http://user:password@proxy:port/"; + #proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + networkmanager.enable = true; + firewall.enable = true; + }; + console.keyMap = "fr"; time.timeZone = "Europe/Paris"; - i18n.defaultLocale = "en_US.UTF-8"; - - i18n.extraLocaleSettings = { - LC_ADDRESS = "fr_FR.UTF-8"; - LC_IDENTIFICATION = "fr_FR.UTF-8"; - LC_MEASUREMENT = "fr_FR.UTF-8"; - LC_MONETARY = "fr_FR.UTF-8"; - LC_NAME = "fr_FR.UTF-8"; - LC_NUMERIC = "fr_FR.UTF-8"; - LC_PAPER = "fr_FR.UTF-8"; - LC_TELEPHONE = "fr_FR.UTF-8"; - LC_TIME = "fr_FR.UTF-8"; + i18n = { + defaultLocale = "en_US.UTF-8"; + extraLocaleSettings = { + LC_ADDRESS = "fr_FR.UTF-8"; + LC_IDENTIFICATION = "fr_FR.UTF-8"; + LC_MEASUREMENT = "fr_FR.UTF-8"; + LC_MONETARY = "fr_FR.UTF-8"; + LC_NAME = "fr_FR.UTF-8"; + LC_NUMERIC = "fr_FR.UTF-8"; + LC_PAPER = "fr_FR.UTF-8"; + LC_TELEPHONE = "fr_FR.UTF-8"; + LC_TIME = "fr_FR.UTF-8"; + }; }; services.xserver.xkb = { @@ -56,7 +59,7 @@ variant = "azerty"; }; - console.keyMap = "fr"; + programs.zsh.enable = true; users.users.manager = { @@ -67,83 +70,68 @@ shell = pkgs.zsh; }; - security.sudo.enable = true; - - security.sudo.extraRules = [ - { - groups = [ "wheel" ]; - commands = [ + security = { + sudo = { + enable = true; + extraRules = [ { - command = "/run/current-system/sw/bin/shutdown"; - options = [ "NOPASSWD" ]; - } - { - command = "/run/current-system/sw/bin/reboot"; - options = [ "NOPASSWD" ]; + groups = [ "wheel" ]; + commands = [ + { + command = "/run/current-system/sw/bin/shutdown"; + options = [ "NOPASSWD" ]; + } + { + command = "/run/current-system/sw/bin/reboot"; + options = [ "NOPASSWD" ]; + } + ]; } ]; - } - ]; + }; + polkit.extraConfig = '' + polkit.addRule(function (action, subject) { + if ( + subject.isInGroup("wheel") &&networking.firewall. + [ + "org.freedesktop.login1.reboot", + "org.freedesktop.login1.reboot-multiple-sessions", + "org.freedesktop.login1.power-off", + "org.freedesktop.login1.power-off-multiple-sessions", + ].indexOf(action.id) !== -1 + ) { + return polkit.Result.YES; + } + }); + ''; + }; - security.polkit.extraConfig = '' - polkit.addRule(function (action, subject) { - if ( - subject.isInGroup("wheel") && - [ - "org.freedesktop.login1.reboot", - "org.freedesktop.login1.reboot-multiple-sessions", - "org.freedesktop.login1.power-off", - "org.freedesktop.login1.power-off-multiple-sessions", - ].indexOf(action.id) !== -1 - ) { - return polkit.Result.YES; - } - }); - ''; + programs = { + zsh.enable = true; - services.tailscale = { - enable = true; - extraDaemonFlags = [ - "--no-logs-no-support" - ]; - - extraSetFlags = [ - "--ssh=false" - ]; - useRoutingFeatures = "server"; # or "client" / "both" - }; - - networking.firewall = { - enable = true; - allowedTCPPorts = [ 443 ]; - allowedUDPPorts = [ 41641 3478 ]; - - }; - - # Some programs need SUID wrappers, can be configured further or are - # started in user sessions. - # programs.mtr.enable = true; - # programs.gnupg.agent = { - # enable = true; - # enableSSHSupport = true; - # }; + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + #mtr.enable = true; + #gnupg.agent = { + # enable = true; + # enableSSHSupport = true; + # }; + }; environment.variables = { TERM = "xterm-256color"; }; - services.openssh.enable = true; - - services.openssh.settings.Macs = [ - # Current defaults: - "hmac-sha2-512-etm@openssh.com" - "hmac-sha2-256-etm@openssh.com" - "umac-128-etm@openssh.com" - # Cloudfare: - "hmac-sha2-256" - ]; - - system.stateVersion = "25.11"; - + services.openssh = { + enable = true; + settings.Macs = [ + # Current defaults: + "hmac-sha2-512-etm@openssh.com" + "hmac-sha2-256-etm@openssh.com" + "umac-128-etm@openssh.com" + # Cloudfare: + "hmac-sha2-256" + ]; + }; }