53 lines
919 B
Nix
53 lines
919 B
Nix
{ config, pkgs, ... }:
|
|
|
|
{
|
|
# Bootloader
|
|
boot.loader.systemd-boot = {
|
|
enable = true;
|
|
};
|
|
|
|
boot.loader.efi = {
|
|
canTouchEfiVariables = true;
|
|
};
|
|
|
|
boot = {
|
|
loader = {
|
|
systemd-boot = {
|
|
enable = true;
|
|
};
|
|
};
|
|
efi = {
|
|
enable = true;
|
|
canTouchEfiVariables = true;
|
|
espDevice = "/dev/sda2";
|
|
};
|
|
initrd.luks.devices.cryptroot.device = "/dev/sda2";
|
|
}
|
|
|
|
fileSystems."/" = {
|
|
device = "/dev/mapper/root";
|
|
fsType = "ext4";
|
|
};
|
|
|
|
swapDevices = [{ device = "/swapfile"; size = 8192; }];
|
|
|
|
# Locales and timezone
|
|
time.timeZone = "Europe/London";
|
|
i18n.defaultLocale = "en_GB.UTF-8";
|
|
|
|
# UFW Firewall
|
|
networking.firewall = {
|
|
enable = true;
|
|
allowedTCPPorts = [ 22 ]; # Allow SSH
|
|
};
|
|
|
|
# Enable SSH
|
|
services.openssh = {
|
|
enable = true;
|
|
settings = {
|
|
PermitRootLogin = "no";
|
|
PasswordAuthentication = false;
|
|
};
|
|
};
|
|
}
|