haccfiles/common/default.nix

84 lines
1.8 KiB
Nix
Raw Permalink Normal View History

{ config, lib, pkgs, modules, ... }:
2020-11-27 20:56:20 +00:00
let
sources = import ../nix/sources.nix;
in {
2020-11-27 20:56:20 +00:00
imports = [
../modules
2020-11-27 20:56:20 +00:00
./users.nix
(sources.home-manager + "/nixos")
modules.network.nftables
2020-11-27 20:56:20 +00:00
];
boot.kernelPackages = lib.mkDefault pkgs.linuxPackages;
2020-11-27 20:56:20 +00:00
boot.kernelParams = [ "quiet" ];
networking.domain = lib.mkDefault "hacc.space";
services.journald.extraConfig = ''
SystemMaxUse=512M
MaxRetentionSec=48h
'';
2020-11-27 20:56:20 +00:00
nix.gc.automatic = lib.mkDefault true;
nix.gc.options = lib.mkDefault "--delete-older-than 1w";
nix.trustedUsers = [ "root" "@wheel" ];
environment.variables.EDITOR = "vim";
2020-12-03 20:54:49 +00:00
services.openssh = {
enable = true;
ports = lib.mkDefault [ 62954 ];
passwordAuthentication = false;
challengeResponseAuthentication = false;
permitRootLogin = lib.mkDefault "prohibit-password";
extraConfig = "StreamLocalBindUnlink yes";
forwardX11 = true;
};
2020-11-27 20:56:20 +00:00
security.sudo.wheelNeedsPassword = lib.mkDefault false;
i18n.defaultLocale = "en_IE.UTF-8";
console = {
font = "Lat2-Terminus16";
keyMap = "de";
};
programs.mtr.enable = true;
environment.systemPackages = with pkgs; [
smartmontools lm_sensors htop tcpdump nload iftop
# bottom
ripgrep
git wget
kitty.terminfo
rsync pv progress
parallel bc
usbutils pciutils
cryptsetup gptfdisk
zstd p7zip
file
whois
iperf
fd
exa
socat
tmux
gnupg
vim
patchelf
binutils
dnsutils
flashrom ifdtool cbfstool nvramtool
nmap
2020-12-01 18:07:36 +00:00
s-tui stress
2020-12-01 20:00:13 +00:00
ffmpeg-full
2020-11-27 20:56:20 +00:00
];
2020-11-29 01:41:34 +00:00
security.acme.email = "info+acme@hacc.space";
security.acme.acceptTerms = true;
2021-01-15 21:02:03 +00:00
2021-01-15 21:09:32 +00:00
services.nginx.appendHttpConfig = ''
2021-01-15 21:02:03 +00:00
access_log off;
2021-08-07 19:24:59 +00:00
add_header Permissions-Policy "interest-cohort=()";
2021-01-15 21:02:03 +00:00
'';
networking.nftables.enable = true;
2020-11-27 20:56:20 +00:00
}