2024-09-26 09:44:39 +00:00
|
|
|
{ pkgs, ... }:
|
|
|
|
|
|
|
|
{
|
|
|
|
imports = [
|
|
|
|
./users.nix
|
2024-09-27 09:59:28 +00:00
|
|
|
./motd.nix
|
2024-09-29 03:02:03 +00:00
|
|
|
./firewall.nix
|
2024-09-26 09:44:39 +00:00
|
|
|
];
|
2024-09-27 18:12:31 +00:00
|
|
|
|
2024-09-27 03:09:31 +00:00
|
|
|
nix = {
|
|
|
|
package = pkgs.lix;
|
|
|
|
settings.experimental-features = [ "nix-command" "flakes" ];
|
|
|
|
};
|
2024-09-27 18:12:31 +00:00
|
|
|
|
|
|
|
nix.gc = {
|
|
|
|
automatic = true;
|
|
|
|
options = "--delete-older-than 14d";
|
|
|
|
randomizedDelaySec = "30min";
|
|
|
|
};
|
|
|
|
|
2024-09-26 09:44:39 +00:00
|
|
|
environment.systemPackages = with pkgs; [
|
|
|
|
vim
|
|
|
|
wget
|
|
|
|
curl
|
|
|
|
htop
|
|
|
|
tmux
|
|
|
|
openssl
|
|
|
|
git
|
2024-09-26 14:03:41 +00:00
|
|
|
podman-tui
|
2024-09-26 09:44:39 +00:00
|
|
|
];
|
2024-09-27 18:12:31 +00:00
|
|
|
|
2024-09-27 15:28:47 +00:00
|
|
|
programs.mtr.enable = true;
|
2024-09-26 14:14:20 +00:00
|
|
|
programs.zsh.enable = true;
|
2024-09-27 16:38:45 +00:00
|
|
|
security.sudo = {
|
2024-09-27 15:28:47 +00:00
|
|
|
enable = true;
|
|
|
|
wheelNeedsPassword = false;
|
2024-09-27 16:38:45 +00:00
|
|
|
execWheelOnly = true;
|
2024-09-27 15:28:47 +00:00
|
|
|
};
|
2024-09-27 18:12:31 +00:00
|
|
|
|
2024-10-02 22:39:38 +00:00
|
|
|
services.earlyoom.enable = true;
|
|
|
|
|
2024-09-27 16:38:45 +00:00
|
|
|
services.openssh = {
|
|
|
|
enable = true;
|
|
|
|
settings = {
|
|
|
|
PasswordAuthentication = false;
|
|
|
|
KbdInteractiveAuthentication = false;
|
|
|
|
};
|
|
|
|
extraConfig = ''
|
|
|
|
AllowTcpForwarding yes
|
|
|
|
AllowAgentForwarding yes
|
|
|
|
AllowStreamLocalForwarding yes
|
|
|
|
AuthenticationMethods publickey
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2024-09-26 14:03:41 +00:00
|
|
|
virtualisation.containers.enable = true;
|
|
|
|
virtualisation = {
|
|
|
|
podman = {
|
|
|
|
enable = true;
|
|
|
|
dockerCompat = true;
|
|
|
|
defaultNetwork.settings.dns_enabled = true;
|
|
|
|
};
|
|
|
|
};
|
2024-09-29 03:39:16 +00:00
|
|
|
environment.etc = {
|
|
|
|
"nixos/THIS-SERVER-IS-BUILT-EXTERNALLY-READ-ME" = {
|
|
|
|
text = ''
|
|
|
|
Nothing in this directory is the current config.
|
|
|
|
Please see https://git.private.coffee/wolfgirls/nixos
|
|
|
|
Or /run/current-system/
|
|
|
|
'';
|
|
|
|
mode = "0644";
|
|
|
|
};
|
|
|
|
};
|
2024-09-26 09:44:39 +00:00
|
|
|
}
|