nixos/common/default.nix

75 lines
1.4 KiB
Nix
Raw Normal View History

2024-09-26 09:44:39 +00:00
{ pkgs, ... }:
{
imports = [
./users.nix
2024-09-27 09:59:28 +00:00
./motd.nix
2024-09-29 03:02:03 +00:00
./firewall.nix
2024-09-26 09:44:39 +00:00
];
2024-09-27 18:12:31 +00:00
2024-09-27 03:09:31 +00:00
nix = {
package = pkgs.lix;
settings.experimental-features = [ "nix-command" "flakes" ];
};
2024-09-27 18:12:31 +00:00
nix.gc = {
automatic = true;
options = "--delete-older-than 14d";
randomizedDelaySec = "30min";
};
2024-09-26 09:44:39 +00:00
environment.systemPackages = with pkgs; [
vim
wget
curl
htop
tmux
openssl
git
2024-09-26 14:03:41 +00:00
podman-tui
2024-09-26 09:44:39 +00:00
];
2024-09-27 18:12:31 +00:00
2024-09-27 15:28:47 +00:00
programs.mtr.enable = true;
2024-09-26 14:14:20 +00:00
programs.zsh.enable = true;
2024-09-27 16:38:45 +00:00
security.sudo = {
2024-09-27 15:28:47 +00:00
enable = true;
wheelNeedsPassword = false;
2024-09-27 16:38:45 +00:00
execWheelOnly = true;
2024-09-27 15:28:47 +00:00
};
2024-09-27 18:12:31 +00:00
2024-10-02 22:39:38 +00:00
services.earlyoom.enable = true;
2024-09-27 16:38:45 +00:00
services.openssh = {
enable = true;
settings = {
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
};
extraConfig = ''
AllowTcpForwarding yes
AllowAgentForwarding yes
AllowStreamLocalForwarding yes
AuthenticationMethods publickey
'';
};
2024-09-26 14:03:41 +00:00
virtualisation.containers.enable = true;
virtualisation = {
podman = {
enable = true;
dockerCompat = true;
defaultNetwork.settings.dns_enabled = true;
};
};
2024-09-29 03:39:16 +00:00
environment.etc = {
"nixos/THIS-SERVER-IS-BUILT-EXTERNALLY-READ-ME" = {
text = ''
Nothing in this directory is the current config.
Please see https://git.private.coffee/wolfgirls/nixos
Or /run/current-system/
'';
mode = "0644";
};
};
2024-09-26 09:44:39 +00:00
}