107 lines
2.8 KiB
Nix
107 lines
2.8 KiB
Nix
{ config, pkgs, lib, options, ... }:
|
|
|
|
{
|
|
imports = [
|
|
./modules
|
|
];
|
|
|
|
config = {
|
|
services.haveged.enable = lib.mkDefault true;
|
|
|
|
security.rtkit.enable = lib.mkDefault true;
|
|
|
|
hardware.enableAllFirmware = lib.mkDefault true;
|
|
hardware.enableRedistributableFirmware = lib.mkDefault true;
|
|
hardware.cpu.amd.updateMicrocode = lib.mkDefault true;
|
|
hardware.cpu.intel.updateMicrocode = lib.mkDefault true;
|
|
|
|
services.earlyoom.enable = lib.mkDefault true;
|
|
|
|
programs.mosh.enable = lib.mkDefault true;
|
|
|
|
systemd.services.nix-gc.serviceConfig.IOSchedulingPriority = lib.mkDefault 7;
|
|
systemd.services.nix-gc.serviceConfig.IOSchedulingClass = lib.mkDefault "idle";
|
|
systemd.services.nix-gc.serviceConfig.CPUSchedulingPolicy = lib.mkDefault "idle";
|
|
|
|
nix = {
|
|
package = lib.mkDefault pkgs.nixUnstable;
|
|
|
|
gc = {
|
|
automatic = lib.mkDefault true;
|
|
dates = lib.mkDefault "20:00";
|
|
options = lib.mkDefault "--delete-older-than 40d";
|
|
};
|
|
|
|
daemonIOSchedPriority = lib.mkDefault 7;
|
|
daemonIOSchedClass = lib.mkDefault "idle";
|
|
daemonCPUSchedPolicy = lib.mkDefault "idle";
|
|
trustedUsers = [ "root" "builder" "@wheel" ];
|
|
|
|
extraOptions = ''
|
|
builders-use-substitutes = true
|
|
experimental-features = nix-command flakes
|
|
keep-outputs = true
|
|
keep-derivations = true
|
|
'';
|
|
};
|
|
|
|
# make nginx have good logging and defaults
|
|
services.nginx = {
|
|
recommendedGzipSettings = lib.mkDefault true;
|
|
recommendedOptimisation = lib.mkDefault true;
|
|
recommendedProxySettings = lib.mkDefault true;
|
|
appendHttpConfig = ''
|
|
error_log stderr;
|
|
access_log syslog:server=unix:/dev/log combined;
|
|
'';
|
|
};
|
|
|
|
# allow reverse ssh port shit to be public sometimes
|
|
services.openssh.gatewayPorts = lib.mkDefault "clientspecified";
|
|
|
|
# no homo
|
|
nixpkgs.config.oraclejdk.accept_license = lib.mkDefault true;
|
|
|
|
# set some basic system props
|
|
security.sudo.wheelNeedsPassword = lib.mkDefault false;
|
|
networking.networkmanager.enable = lib.mkDefault true;
|
|
networking.nameservers = [ "1.1.1.1" "1.0.0.1" ];
|
|
time.timeZone = lib.mkDefault "America/Phoenix";
|
|
|
|
# package list
|
|
environment.systemPackages = with pkgs; [
|
|
psmisc
|
|
usbutils
|
|
pciutils
|
|
cpufrequtils
|
|
intel-gpu-tools
|
|
lshw
|
|
|
|
lsof
|
|
bind
|
|
file
|
|
|
|
iotop
|
|
htop
|
|
glances
|
|
powertop
|
|
|
|
exfat
|
|
|
|
# to stop NixOS breaking
|
|
git
|
|
];
|
|
|
|
# Allow ssh
|
|
services.openssh.enable = lib.mkDefault true;
|
|
services.openssh.passwordAuthentication = lib.mkDefault false;
|
|
|
|
# Use a firewall
|
|
networking.firewall.enable = lib.mkDefault true;
|
|
networking.firewall.allowedTCPPorts = lib.mkDefault [ 22 ];
|
|
|
|
programs.fish.enable = lib.mkDefault true;
|
|
users.defaultUserShell = lib.mkOverride 900 pkgs.fish;
|
|
};
|
|
}
|