{ config, lib, pkgs, inputs, values, ... }: { boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; networking = { domain = lib.mkDefault "home.feal.no"; nameservers = lib.mkDefault [ "192.168.10.175" "192.168.10.1" "1.1.1.1" ]; useDHCP = lib.mkDefault false; }; time.timeZone = "Europe/Oslo"; i18n.defaultLocale = "en_US.UTF-8"; console = { font = "Lat2-Terminus16"; keyMap = lib.mkDefault "no"; }; nix = { gc = { automatic = true; options = "--delete-older-than 2d"; }; settings = { experimental-features = ["nix-command" "flakes"]; trusted-users = [ "felixalb" ]; builders-use-substitutes = true; }; registry= { nixpkgs.flake = inputs.nixpkgs; }; nixPath = [ "nixpkgs=${inputs.nixpkgs}" ]; }; programs.zsh.enable = true; environment.systemPackages = with pkgs; [ bottom duf eza file git gnugrep gnutar htop iotop lm_sensors nix-output-monitor p7zip python3 ripgrep rsync screen unzip usbutils vim wget zip ]; services.openssh = { enable = true; settings = { PermitRootLogin = "no"; PasswordAuthentication = false; KbdInteractiveAuthentication = false; }; extraConfig = '' AllowTcpForwarding yes AllowAgentForwarding yes AuthenticationMethods publickey ''; }; networking.firewall.allowedTCPPorts = [ 22 ]; users.users.felixalb = { isNormalUser = true; extraGroups = lib.mkDefault [ "wheel" "docker" ]; uid = lib.mkDefault 1000; openssh.authorizedKeys.keys = lib.mkDefault [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDKzPICGew7uN0cmvRmbwkwTCodTBUgEhkoftQnZuO4Q felixalbrigtsen@gmail.com" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBTXSL0w7OUcz1LzEt1T3I3K5RgyNV+MYz0x/1RbpDHQ felixalb@worf" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFiPHhj0YbklJnJNcxD0IlzPxLTGfv095H5zyS/1Wb64 felixalb@edison.home.feal.no" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH5M7hYl3saBNMAo6sczgfUvASEJWFHuERB7xvf4gxst nix-builder-worf" ]; shell = pkgs.zsh; }; sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; }