{ config, pkgs, lib, ... }: { config = { home-manager.users.nixos = { home = { inherit (config.system) stateVersion; username = "nixos"; homeDirectory = "/home/nixos"; keyboard.layout = "us"; }; services.gpg-agent = { enable = true; enableBashIntegration = true; enableSshSupport = true; pinentry = { package = pkgs.pinentry-curses; program = "pinentry-curses"; }; defaultCacheTtl = 60; maxCacheTtl = 120; }; programs.gpg = { enable = true; }; }; programs = { ssh.startAgent = false; gnupg = { dirmngr.enable = true; agent = { enable = true; enableSSHSupport = true; }; }; }; swapDevices = [ ]; services = { pcscd.enable = true; udev.packages = [ pkgs.yubikey-personalization ]; getty.autologinUser = "nixos"; }; nix = { channel.enable = false; settings.experimental-features = [ "nix-command" "flakes" ]; }; environment.interactiveShellInit = '' unset HISTFILE export GNUPGHOME="/run/user/$(id -u)/gnupg" if [ ! -d "$GNUPGHOME" ]; then install -m=0700 --directory="$GNUPGHOME" fi [ ! -f "$GNUPGHOME/gpg.conf" ] && cp /home/nixos/gpg.conf "$GNUPGHOME/gpg.conf" [ ! -f "$GNUPGHOME/gpg-agent.conf" ] && cp /home/nixos/gpg-agent.conf "$GNUPGHOME/gpg-agent.conf" ''; environment.systemPackages = with pkgs; [ paperkey pgpdump parted cryptsetup yubikey-manager yubikey-personalization pcsc-tools ]; boot = { initrd.network.enable = false; tmp.cleanOnBoot = true; kernel.sysctl = { "kernel.unprivileged_bpf_disabled" = 1; }; }; networking = { hostName = "policestation"; resolvconf.enable = false; dhcpcd.enable = false; dhcpcd.allowInterfaces = [ ]; interfaces = { }; firewall.enable = true; useDHCP = false; useNetworkd = false; wireless.enable = false; networkmanager.enable = lib.mkForce false; }; users.users.nixos = { isNormalUser = true; extraGroups = [ "wheel" ]; initialHashedPassword = ""; }; security.sudo = { enable = true; wheelNeedsPassword = false; }; systemd = { targets = { sleep.enable = false; suspend.enable = false; hibernate.enable = false; hybrid-sleep.enable = false; }; }; system.stateVersion = lib.mkForce "23.05"; }; }