{ pkgs, config, lib, ... }: { systemd = { oomd = { enable = true; enableUserSlices = lib.mkDefault true; enableSystemSlice = lib.mkDefault true; extraConfig = { DefaultMemoryPressureDurationSec = lib.mkDefault "20s"; DefaultMemoryPressureLimit = lib.mkDefault "50%"; }; }; }; boot.kernel.sysctl = { "vm.swappiness" = config.swappiness; }; networking = { domain = lib.mkDefault "fxnet"; search = [ config.networking.domain ]; hosts = { "192.168.1.5" = [ "nas.fxnet" "radicale.fxnet" ]; }; firewall = { enable = lib.mkDefault true; }; iproute2.enable = lib.mkDefault true; }; services = { openssh = { enable = lib.mkDefault true; settings = { PermitRootLogin = lib.mkDefault "prohibit-password"; PasswordAuthentication = lib.mkDefault false; AllowGroups = [ "ssh" "root" ]; }; }; timesyncd.servers = [ "192.168.1.1" "0.nixos.pool.ntp.org" ]; btrfs.autoScrub = { enable = lib.mkDefault true; interval = lib.mkDefault "monthly"; fileSystems = [ "/" "/nix" "/home" ]; }; }; programs = { zsh.enable = true; nix-index = { enable = true; enableZshIntegration = config.programs.zsh.enable; enableBashIntegration = config.programs.bash.enable; }; }; environment.systemPackages = with pkgs; [ linux-firmware git wget curl htop gnumake neovim # archives zip xz unzip p7zip # utils ripgrep # recursively searches directories for a regex pattern jq # A lightweight and flexible command-line JSON processor # networking tools mtr # A network diagnostic tool ldns # replacement of `dig`, it provide the command `drill` aria2 # A lightweight multi-protocol & multi-source command-line download utility socat # replacement of openbsd-netcat nmap # A utility for network discovery and security auditing ipcalc # it is a calculator for the IPv4/v6 addresses # misc file which tree gnused gnutar gawk zstd gnupg bc # btop # replacement of htop/nmon iotop # io monitoring iftop # network monitoring # system call monitoring strace # system call monitoring ltrace # library call monitoring lsof # list open files cifs-utils age sops ]; }