steam firewall openings, more defaulting, move some packages, cleanup

2021-10-05 10:28:08 -07:00 · 2021-10-05 10:28:08 -07:00 · a23f6db0ef
commit a23f6db0ef
parent fdbb796a33
5 changed files with 71 additions and 70 deletions
--- a/common.nix
+++ b/common.nix
@ -6,33 +6,35 @@
  ];

  config = {
-    services.haveged.enable = true;
+    services.haveged.enable = lib.mkDefault true;

-    security.rtkit.enable = true;
+    security.rtkit.enable = lib.mkDefault true;

-    services.smartd.enable = true;
+    services.smartd.enable = lib.mkDefault true;

-    hardware.enableAllFirmware = true;
-    hardware.cpu.amd.updateMicrocode = true;
+    hardware.enableAllFirmware = lib.mkDefault true;
+    hardware.cpu.amd.updateMicrocode = lib.mkDefault true;

-    services.earlyoom.enable = true;
+    services.earlyoom.enable = lib.mkDefault true;

    # based mosh
-    programs.mosh.enable = true;
+    programs.mosh.enable = lib.mkDefault true;

-    systemd.services.nix-daemon.serviceConfig.IOSchedulingClass = 3;
+    # Make Nix things not ruin my life when using a HDD
+    systemd.services.nix-daemon.serviceConfig.IOSchedulingClass = lib.mkDefault 3;
+    systemd.services.nix-gc.serviceConfig.IOSchedulingClass = lib.mkDefault 3;

    nix = {
      package = lib.mkDefault pkgs.nixUnstable;

      gc = {
-        automatic = true;
-        dates = "20:00";
-        options = "--delete-older-than 40d";
+        automatic = lib.mkDefault true;
+        dates = lib.mkDefault "20:00";
+        options = lib.mkDefault "--delete-older-than 40d";
      };

-      daemonIONiceLevel = 7;
-      daemonNiceLevel = 19;
+      daemonIONiceLevel = lib.mkDefault 7;
+      daemonNiceLevel = lib.mkDefault 19;
      trustedUsers = [ "root" "builder" "@wheel" ];

      extraOptions = ''
@ -45,9 +47,9 @@

    # make nginx have good logging and defaults
    services.nginx = {
-      recommendedGzipSettings = true;
-      recommendedOptimisation = true;
-      recommendedProxySettings = true;
+      recommendedGzipSettings = lib.mkDefault true;
+      recommendedOptimisation = lib.mkDefault true;
+      recommendedProxySettings = lib.mkDefault true;
      appendHttpConfig = ''
        error_log stderr;
        access_log syslog:server=unix:/dev/log combined;
@ -55,50 +57,38 @@
    };

    # allow reverse ssh port shit to be public sometimes
-    services.openssh.gatewayPorts = "clientspecified";
+    services.openssh.gatewayPorts = lib.mkDefault "clientspecified";

    # no homo
-    nixpkgs.config.oraclejdk.accept_license = true;
+    nixpkgs.config.oraclejdk.accept_license = lib.mkDefault true;

    # set some basic system props
-    security.sudo.wheelNeedsPassword = false;
+    security.sudo.wheelNeedsPassword = lib.mkDefault false;
    networking.networkmanager.enable = lib.mkDefault true;
    networking.nameservers = [ "1.1.1.1" "1.0.0.1" ];
    time.timeZone = lib.mkDefault "America/Phoenix";

    # package list
    environment.systemPackages = with pkgs; [
-      wget
-      vim
-      nano
-      curl
-      httpie
-      git
-      unzip
-      htop
-      (python37Full.withPackages (ps: with ps; [ pip setuptools ]))
-      neofetch
-      ripgrep
-      lsd
-      lm_sensors
-      rsync
-      bind
-      file
-      iotop
      psmisc
      usbutils
      pciutils
+
+      iotop
+      htop
+
+      exfat
    ];

    # Allow ssh
-    services.openssh.enable = true;
-    services.openssh.passwordAuthentication = false;
+    services.openssh.enable = lib.mkDefault true;
+    services.openssh.passwordAuthentication = lib.mkDefault false;

    # Use a firewall
    networking.firewall.enable = lib.mkDefault true;
    networking.firewall.allowedTCPPorts = [ 22 443 80 ];

-    programs.fish.enable = true;
-    users.defaultUserShell = pkgs.fish;
+    programs.fish.enable = lib.mkDefault true;
+    users.defaultUserShell = lib.mkOverride 900 pkgs.fish;
  };
 }