wew lad

2021-03-29 15:22:47 -07:00 · 2021-03-29 15:22:47 -07:00 · d78da97be7
commit d78da97be7
35 changed files with 6762 additions and 0 deletions
--- a/common.nix
+++ b/common.nix
@ -0,0 +1,95 @@
+{ config, pkgs, lib, options, ... }:
+
+{
+  imports = [
+    ./modules
+  ];
+
+  config = {
+    hardware.enableAllFirmware = true;
+    hardware.cpu.amd.updateMicrocode = true;
+
+    services.earlyoom.enable = true;
+
+    # based mosh
+    programs.mosh.enable = true;
+
+    systemd.services.nix-daemon.serviceConfig.IOSchedulingClass = 3;
+
+    nix = {
+      package = lib.mkDefault pkgs.nixUnstable;
+
+      gc = {
+        automatic = true;
+        dates = "20:00";
+        options = "--delete-older-than 40d";
+      };
+
+      daemonIONiceLevel = 7;
+      daemonNiceLevel = 19;
+      trustedUsers = [ "root" "builder" "@wheel" ];
+
+      extraOptions = ''
+        builders-use-substitutes = true
+        experimental-features = nix-command flakes
+        keep-outputs = true
+        keep-derivations = true
+      '';
+    };
+
+    # make nginx have good logging and defaults
+    services.nginx = {
+      recommendedGzipSettings = true;
+      recommendedOptimisation = true;
+      recommendedProxySettings = true;
+      appendHttpConfig = ''
+        error_log stderr;
+        access_log syslog:server=unix:/dev/log combined;
+      '';
+    };
+
+    # allow reverse ssh port shit to be public sometimes
+    services.openssh.gatewayPorts = "clientspecified";
+
+    # no homo
+    nixpkgs.config.oraclejdk.accept_license = true;
+
+    # set some basic system props
+    security.sudo.wheelNeedsPassword = false;
+    networking.networkmanager.enable = lib.mkDefault true;
+    networking.nameservers = [ "1.1.1.1" "1.0.0.1" ];
+    time.timeZone = lib.mkDefault "America/Phoenix";
+
+    # package list
+    environment.systemPackages = with pkgs; [
+      wget
+      vim
+      nano
+      curl
+      httpie
+      git
+      unzip
+      htop
+      (python37Full.withPackages (ps: with ps; [ pip setuptools ]))
+      neofetch
+      ripgrep
+      lsd
+      lm_sensors
+      rsync
+      bind
+    ];
+
+    # Allow ssh
+    services.openssh.enable = true;
+    services.openssh.passwordAuthentication = false;
+
+    # Use a firewall
+    networking.firewall.enable = lib.mkDefault true;
+    networking.firewall.allowedTCPPorts = [ 22 443 80 ];
+
+    programs.fish.enable = true;
+    users.defaultUserShell = pkgs.fish;
+
+    system.stateVersion = lib.mkDefault (builtins.abort "pls specify system.stateVersion (to 19.03)");
+  };
+}