haccfiles/common/default.nix

{ config, lib, pkgs, modules, ... }:

let
  sources = import ../nix/sources.nix;
in {
  imports = [
    ../modules
    ./users.nix
    (sources.home-manager + "/nixos")
    modules.network.nftables
  ];

  boot.kernelPackages = lib.mkDefault pkgs.linuxPackages;
  boot.kernelParams = [ "quiet" ];

  networking.domain = lib.mkDefault "hacc.space";

  services.journald.extraConfig = ''
    SystemMaxUse=512M
    MaxRetentionSec=48h
  '';
  nix.gc.automatic = lib.mkDefault true;
  nix.gc.options = lib.mkDefault "--delete-older-than 1w";
  nix.trustedUsers = [ "root" "@wheel" ];
  environment.variables.EDITOR = "vim";

  services.openssh = {
    enable = true;
    ports = lib.mkDefault [ 62954 ];
    passwordAuthentication = false;
    challengeResponseAuthentication = false;
    permitRootLogin = lib.mkDefault "prohibit-password";
    extraConfig = "StreamLocalBindUnlink yes";
    forwardX11 = true;
  };
  security.sudo.wheelNeedsPassword = lib.mkDefault false;

  i18n.defaultLocale = "en_IE.UTF-8";
  console = {
    font = "Lat2-Terminus16";
    keyMap = "de";
  };
  programs.mtr.enable = true;

  environment.systemPackages = with pkgs; [
    smartmontools lm_sensors htop tcpdump nload iftop
    bottom 
    ripgrep vgrep
    git wget
    kitty.terminfo
    rsync pv progress
    parallel bc
    usbutils pciutils
    cryptsetup gptfdisk
    zstd p7zip
    file
    whois
    iperf
    fd
    exa
    socat
    tmux
    gnupg
    vim neovim
    patchelf
    binutils
    dnsutils
    flashrom ifdtool cbfstool nvramtool
    nmap
    s-tui stress
    ffmpeg-full
    bat 
    niv
  ];

  security.acme.email = "info+acme@hacc.space";
  security.acme.acceptTerms = true;

  services.nginx.appendHttpConfig = ''
    access_log off;
    add_header Permissions-Policy "interest-cohort=()";
  '';

  networking.nftables.enable = true;
}
sources: update nixpkgs to 21.05 this caused various other changes related to nftables, we are now using hexchen's fork of pbb's module. 2021-07-29 20:31:14 +00:00			`{ config, lib, pkgs, modules, ... }:`
Initial Commit 2020-11-27 20:56:20 +00:00
complete restructure of haccfiles here be winkekatzen 2021-01-10 23:53:41 +00:00			`let`
			`sources = import ../nix/sources.nix;`
			`in {`
Initial Commit 2020-11-27 20:56:20 +00:00			`imports = [`
complete restructure of haccfiles here be winkekatzen 2021-01-10 23:53:41 +00:00			`../modules`
Initial Commit 2020-11-27 20:56:20 +00:00			`./users.nix`
complete restructure of haccfiles here be winkekatzen 2021-01-10 23:53:41 +00:00			`(sources.home-manager + "/nixos")`
sources: update nixpkgs to 21.05 this caused various other changes related to nftables, we are now using hexchen's fork of pbb's module. 2021-07-29 20:31:14 +00:00			`modules.network.nftables`
Initial Commit 2020-11-27 20:56:20 +00:00			`];`

sources: update nixpkgs to 21.05 this caused various other changes related to nftables, we are now using hexchen's fork of pbb's module. 2021-07-29 20:31:14 +00:00			`boot.kernelPackages = lib.mkDefault pkgs.linuxPackages;`
Initial Commit 2020-11-27 20:56:20 +00:00			`boot.kernelParams = [ "quiet" ];`

			`networking.domain = lib.mkDefault "hacc.space";`

default: make log retention 48h (or 512MiB) 2021-01-07 00:18:08 +00:00			`services.journald.extraConfig = ''`
			`SystemMaxUse=512M`
			`MaxRetentionSec=48h`
			`'';`
Initial Commit 2020-11-27 20:56:20 +00:00			`nix.gc.automatic = lib.mkDefault true;`
			`nix.gc.options = lib.mkDefault "--delete-older-than 1w";`
			`nix.trustedUsers = [ "root" "@wheel" ];`
			`environment.variables.EDITOR = "vim";`

common: allow x forwarding 2020-12-03 20:54:49 +00:00			`services.openssh = {`
			`enable = true;`
			`ports = lib.mkDefault [ 62954 ];`
			`passwordAuthentication = false;`
			`challengeResponseAuthentication = false;`
			`permitRootLogin = lib.mkDefault "prohibit-password";`
			`extraConfig = "StreamLocalBindUnlink yes";`
			`forwardX11 = true;`
			`};`
Initial Commit 2020-11-27 20:56:20 +00:00			`security.sudo.wheelNeedsPassword = lib.mkDefault false;`

			`i18n.defaultLocale = "en_IE.UTF-8";`
			`console = {`
			`font = "Lat2-Terminus16";`
			`keyMap = "de";`
			`};`
			`programs.mtr.enable = true;`

			`environment.systemPackages = with pkgs; [`
			`smartmontools lm_sensors htop tcpdump nload iftop`
cleanup default apps 2021-12-25 17:56:29 +00:00			`bottom`
common/default.nix: add vgrep 2022-01-19 21:11:10 +00:00			`ripgrep vgrep`
Initial Commit 2020-11-27 20:56:20 +00:00			`git wget`
			`kitty.terminfo`
			`rsync pv progress`
			`parallel bc`
			`usbutils pciutils`
			`cryptsetup gptfdisk`
			`zstd p7zip`
			`file`
			`whois`
			`iperf`
			`fd`
			`exa`
			`socat`
			`tmux`
			`gnupg`
cleanup default apps 2021-12-25 17:56:29 +00:00			`vim neovim`
Initial Commit 2020-11-27 20:56:20 +00:00			`patchelf`
			`binutils`
			`dnsutils`
			`flashrom ifdtool cbfstool nvramtool`
			`nmap`
common: add stress util 2020-12-01 18:07:36 +00:00			`s-tui stress`
common: add ffmpeg-full 2020-12-01 20:00:13 +00:00			`ffmpeg-full`
cleanup default apps 2021-12-25 17:56:29 +00:00			`bat`
common: add niv 2022-02-04 07:51:39 +00:00			`niv`
Initial Commit 2020-11-27 20:56:20 +00:00			`];`

hosts: init cdn-node-1 2020-11-29 01:41:34 +00:00			`security.acme.email = "info+acme@hacc.space";`
			`security.acme.acceptTerms = true;`
common: disable nginx access log 2021-01-15 21:02:03 +00:00
fixup!common: disable logs 2021-01-15 21:09:32 +00:00			`services.nginx.appendHttpConfig = ''`
common: disable nginx access log 2021-01-15 21:02:03 +00:00			`access_log off;`
parsons: config nginx 2021-08-07 19:24:59 +00:00			`add_header Permissions-Policy "interest-cohort=()";`
common: disable nginx access log 2021-01-15 21:02:03 +00:00			`'';`
nftables: import module and init config 2021-01-15 22:45:34 +00:00
sources: update nixpkgs to 21.05 this caused various other changes related to nftables, we are now using hexchen's fork of pbb's module. 2021-07-29 20:31:14 +00:00			`networking.nftables.enable = true;`
Initial Commit 2020-11-27 20:56:20 +00:00			`}`