haccfiles/common/default.nix
stuebinm bb24ce8b87 nixos-22.11: fix module warnings
(also wow nextcloud encryption is apparently broken. colour me surprised!)
2022-12-16 22:56:28 +01:00

86 lines
1.9 KiB
Nix

{ config, lib, pkgs, modules, sources, ... }:
{
imports = [
../modules
./users.nix
modules.network.nftables
];
boot.kernelPackages = lib.mkDefault pkgs.linuxPackages;
boot.kernelParams = [ "quiet" ];
networking.domain = lib.mkDefault "hacc.space";
services.journald.extraConfig = ''
SystemMaxUse=512M
MaxRetentionSec=48h
'';
nix.gc.automatic = lib.mkDefault true;
nix.gc.options = lib.mkDefault "--delete-older-than 1w";
nix.settings.trusted-users = [ "root" "@wheel" ];
nix.extraOptions = ''
experimental-features = nix-command flakes
'';
environment.variables.EDITOR = "vim";
services.openssh = {
enable = true;
ports = lib.mkDefault [ 62954 ];
passwordAuthentication = false;
kbdInteractiveAuthentication = false;
permitRootLogin = lib.mkDefault "prohibit-password";
extraConfig = "StreamLocalBindUnlink yes";
forwardX11 = true;
};
programs.mosh.enable = true;
security.sudo.wheelNeedsPassword = lib.mkDefault false;
i18n.defaultLocale = "en_IE.UTF-8";
console = {
font = "Lat2-Terminus16";
keyMap = "de";
};
programs.mtr.enable = true;
environment.systemPackages = with pkgs; [
smartmontools lm_sensors htop tcpdump nload iftop
bottom
ripgrep vgrep
git wget
kitty.terminfo
rsync pv progress
parallel bc
usbutils pciutils
cryptsetup gptfdisk
zstd p7zip
file
whois
iperf
fd
exa
socat
tmux
gnupg
vim neovim
patchelf
binutils
dnsutils
flashrom ifdtool cbfstool nvramtool
nmap
s-tui stress
ffmpeg-full
bat
niv
];
security.acme.defaults.email = "info+acme@hacc.space";
security.acme.acceptTerms = true;
services.nginx.appendHttpConfig = ''
access_log off;
add_header Permissions-Policy "interest-cohort=()";
'';
networking.nftables.enable = true;
}