Initial commit
This commit is contained in:
131
roles/default.nix
Normal file
131
roles/default.nix
Normal file
@@ -0,0 +1,131 @@
|
||||
{
|
||||
pkgs,
|
||||
config,
|
||||
lib,
|
||||
...
|
||||
}:
|
||||
{
|
||||
systemd = {
|
||||
oomd = {
|
||||
enable = true;
|
||||
enableUserSlices = lib.mkDefault true;
|
||||
enableSystemSlice = lib.mkDefault true;
|
||||
extraConfig = {
|
||||
DefaultMemoryPressureDurationSec = lib.mkDefault "20s";
|
||||
DefaultMemoryPressureLimit = lib.mkDefault "50%";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
boot.kernel.sysctl = {
|
||||
"vm.swappiness" = config.swappiness;
|
||||
};
|
||||
|
||||
networking = {
|
||||
domain = lib.mkDefault "fxnet";
|
||||
search = [
|
||||
config.networking.domain
|
||||
];
|
||||
hosts = {
|
||||
"192.168.1.5" = [
|
||||
"nas.fxnet"
|
||||
"radicale.fxnet"
|
||||
];
|
||||
};
|
||||
firewall = {
|
||||
enable = lib.mkDefault true;
|
||||
};
|
||||
iproute2.enable = lib.mkDefault true;
|
||||
};
|
||||
|
||||
services = {
|
||||
openssh = {
|
||||
enable = lib.mkDefault true;
|
||||
settings = {
|
||||
PermitRootLogin = lib.mkDefault "prohibit-password";
|
||||
PasswordAuthentication = lib.mkDefault false;
|
||||
AllowGroups = [
|
||||
"ssh"
|
||||
"root"
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
timesyncd.servers = [
|
||||
"192.168.1.1"
|
||||
"0.nixos.pool.ntp.org"
|
||||
];
|
||||
|
||||
btrfs.autoScrub = {
|
||||
enable = lib.mkDefault true;
|
||||
interval = lib.mkDefault "monthly";
|
||||
fileSystems = [
|
||||
"/"
|
||||
"/nix"
|
||||
"/home"
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
programs = {
|
||||
nix-index = {
|
||||
enable = true;
|
||||
enableFishIntegration = config.programs.fish.enable;
|
||||
enableZshIntegration = config.programs.zsh.enable;
|
||||
enableBashIntegration = config.programs.bash.enable;
|
||||
};
|
||||
};
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
linux-firmware
|
||||
git
|
||||
wget
|
||||
curl
|
||||
htop
|
||||
gnumake
|
||||
neovim
|
||||
|
||||
# archives
|
||||
zip
|
||||
xz
|
||||
unzip
|
||||
p7zip
|
||||
|
||||
# utils
|
||||
ripgrep # recursively searches directories for a regex pattern
|
||||
jq # A lightweight and flexible command-line JSON processor
|
||||
|
||||
# networking tools
|
||||
mtr # A network diagnostic tool
|
||||
ldns # replacement of `dig`, it provide the command `drill`
|
||||
aria2 # A lightweight multi-protocol & multi-source command-line download utility
|
||||
socat # replacement of openbsd-netcat
|
||||
nmap # A utility for network discovery and security auditing
|
||||
ipcalc # it is a calculator for the IPv4/v6 addresses
|
||||
|
||||
# misc
|
||||
file
|
||||
which
|
||||
tree
|
||||
gnused
|
||||
gnutar
|
||||
gawk
|
||||
zstd
|
||||
gnupg
|
||||
bc
|
||||
|
||||
# btop # replacement of htop/nmon
|
||||
iotop # io monitoring
|
||||
iftop # network monitoring
|
||||
|
||||
# system call monitoring
|
||||
strace # system call monitoring
|
||||
ltrace # library call monitoring
|
||||
lsof # list open files
|
||||
|
||||
cifs-utils
|
||||
|
||||
age
|
||||
sops
|
||||
];
|
||||
}
|
||||
Reference in New Issue
Block a user