{ config, pkgs, lib, options, ... }: { imports = [ ./modules ]; config = { services.haveged.enable = true; services.smartd.enable = true; hardware.enableAllFirmware = true; hardware.cpu.amd.updateMicrocode = true; services.earlyoom.enable = true; # based mosh programs.mosh.enable = true; systemd.services.nix-daemon.serviceConfig.IOSchedulingClass = 3; nix = { package = lib.mkDefault pkgs.nixUnstable; gc = { automatic = true; dates = "20:00"; options = "--delete-older-than 40d"; }; daemonIONiceLevel = 7; daemonNiceLevel = 19; trustedUsers = [ "root" "builder" "@wheel" ]; extraOptions = '' builders-use-substitutes = true experimental-features = nix-command flakes ca-references keep-outputs = true keep-derivations = true ''; }; # make nginx have good logging and defaults services.nginx = { recommendedGzipSettings = true; recommendedOptimisation = true; recommendedProxySettings = true; appendHttpConfig = '' error_log stderr; access_log syslog:server=unix:/dev/log combined; ''; }; # allow reverse ssh port shit to be public sometimes services.openssh.gatewayPorts = "clientspecified"; # no homo nixpkgs.config.oraclejdk.accept_license = true; # set some basic system props security.sudo.wheelNeedsPassword = false; networking.networkmanager.enable = lib.mkDefault true; networking.nameservers = [ "1.1.1.1" "1.0.0.1" ]; time.timeZone = lib.mkDefault "America/Phoenix"; # package list environment.systemPackages = with pkgs; [ wget vim nano curl httpie git unzip htop (python37Full.withPackages (ps: with ps; [ pip setuptools ])) neofetch ripgrep lsd lm_sensors rsync bind file iotop psmisc usbutils pciutils ]; # Allow ssh services.openssh.enable = true; services.openssh.passwordAuthentication = false; # Use a firewall networking.firewall.enable = lib.mkDefault true; networking.firewall.allowedTCPPorts = [ 22 443 80 ]; programs.fish.enable = true; users.defaultUserShell = pkgs.fish; system.stateVersion = lib.mkDefault (builtins.abort "pls specify system.stateVersion (to 19.03)"); }; }