haccfiles/common/default.nix

86 lines
1.8 KiB
Nix
Raw Permalink Normal View History

{ config, lib, pkgs, modules, ... }:
2020-11-27 20:56:20 +00:00
let
sources = import ../nix/sources.nix;
in {
2020-11-27 20:56:20 +00:00
imports = [
../modules
2020-11-27 20:56:20 +00:00
./users.nix
(sources.home-manager + "/nixos")
modules.network.nftables
2020-11-27 20:56:20 +00:00
];
boot.kernelPackages = lib.mkDefault pkgs.linuxPackages;
2020-11-27 20:56:20 +00:00
boot.kernelParams = [ "quiet" ];
networking.domain = lib.mkDefault "hacc.space";
services.journald.extraConfig = ''
SystemMaxUse=512M
MaxRetentionSec=48h
'';
2020-11-27 20:56:20 +00:00
nix.gc.automatic = lib.mkDefault true;
nix.gc.options = lib.mkDefault "--delete-older-than 1w";
nix.trustedUsers = [ "root" "@wheel" ];
environment.variables.EDITOR = "vim";
2020-12-03 20:54:49 +00:00
services.openssh = {
enable = true;
ports = lib.mkDefault [ 62954 ];
passwordAuthentication = false;
challengeResponseAuthentication = false;
permitRootLogin = lib.mkDefault "prohibit-password";
extraConfig = "StreamLocalBindUnlink yes";
forwardX11 = true;
};
2020-11-27 20:56:20 +00:00
security.sudo.wheelNeedsPassword = lib.mkDefault false;
i18n.defaultLocale = "en_IE.UTF-8";
console = {
font = "Lat2-Terminus16";
keyMap = "de";
};
programs.mtr.enable = true;
environment.systemPackages = with pkgs; [
smartmontools lm_sensors htop tcpdump nload iftop
2021-12-25 17:56:29 +00:00
bottom
2022-01-19 21:11:10 +00:00
ripgrep vgrep
2020-11-27 20:56:20 +00:00
git wget
kitty.terminfo
rsync pv progress
parallel bc
usbutils pciutils
cryptsetup gptfdisk
zstd p7zip
file
whois
iperf
fd
exa
socat
tmux
gnupg
2021-12-25 17:56:29 +00:00
vim neovim
2020-11-27 20:56:20 +00:00
patchelf
binutils
dnsutils
flashrom ifdtool cbfstool nvramtool
nmap
2020-12-01 18:07:36 +00:00
s-tui stress
2020-12-01 20:00:13 +00:00
ffmpeg-full
2021-12-25 17:56:29 +00:00
bat
2022-02-04 07:51:39 +00:00
niv
2020-11-27 20:56:20 +00:00
];
2020-11-29 01:41:34 +00:00
security.acme.email = "info+acme@hacc.space";
security.acme.acceptTerms = true;
2021-01-15 21:02:03 +00:00
2021-01-15 21:09:32 +00:00
services.nginx.appendHttpConfig = ''
2021-01-15 21:02:03 +00:00
access_log off;
2021-08-07 19:24:59 +00:00
add_header Permissions-Policy "interest-cohort=()";
2021-01-15 21:02:03 +00:00
'';
networking.nftables.enable = true;
2020-11-27 20:56:20 +00:00
}