# https://search.nixos.org/options { inputs, config, pkgs, lib, ... }: let user = config.user; in { nix = { settings = { experimental-features = ["nix-command" "flakes" "pipe-operators"]; }; settings.trusted-users = ["root" user]; registry.nixpkgs.flake = inputs.nixpkgs; }; boot.loader.grub = { enable = true; device = "nodev"; efiSupport = true; configurationLimit = 50; }; boot.loader.efi.canTouchEfiVariables = true; boot.tmp = { useTmpfs = lib.mkDefault true; }; networking.networkmanager.enable = true; # fix nixos-containers networking.nat.enable = true; networking.nat.internalInterfaces = ["ve-+"]; networking.nat.externalInterface = "eth0"; networking.networkmanager.unmanaged = ["interface-name:ve-*"]; services.tailscale.enable = true; networking.firewall.interfaces.tailscale0 = { allowedTCPPortRanges = [ { from = 0; to = 65535; } ]; }; time.timeZone = lib.mkDefault "Europe/London"; console = { font = "Lat2-Terminus16"; useXkbConfig = true; }; services.avahi = { enable = true; nssmdns4 = true; }; i18n.defaultLocale = lib.mkDefault "en_GB.UTF-8"; services.xserver.xkb = { layout = lib.mkDefault "us"; variant = lib.mkDefault "dvorak"; options = "caps:escape"; }; system.configurationRevision = pkgs.lib.mkIf (inputs.self ? rev) inputs.self.rev; users.users.${user} = { isNormalUser = true; extraGroups = ["wheel" "video" "networkmanager" "kvm"]; initialPassword = "pass"; shell = pkgs.zsh; }; programs.zsh.enable = true; environment.variables = { EDITOR = "nvim"; VISUAL = "nvim"; }; environment.pathsToLink = ["/share/zsh"]; services.gvfs.enable = true; environment.systemPackages = with pkgs; [ tealdeer alsa-utils trash-cli wget unzip fzf sops lsof nix-tree comma jq ]; boot.kernel.sysctl = { "net.ipv4.ip_unprivileged_port_start" = 53; }; services.prometheus.exporters.node = { enable = true; enabledCollectors = ["systemd"]; }; programs.command-not-found.enable = false; programs.nix-index.enable = true; programs.nh.enable = true; }