FxNet/roles/default.nix

{
  pkgs,
  config,
  lib,
  ...
}:
{
  systemd = {
    oomd = {
      enable = true;
      enableUserSlices = lib.mkDefault true;
      enableSystemSlice = lib.mkDefault true;
      settings.OOM = {
        DefaultMemoryPressureDurationSec = lib.mkDefault "20s";
        DefaultMemoryPressureLimit = lib.mkDefault "50%";
      };
    };
  };

  boot.kernel.sysctl = {
    "vm.swappiness" = config.swappiness;
  };

  networking = {
    domain = lib.mkDefault "fxnet";
    search = [
      config.networking.domain
    ];
    hosts = {
      "192.168.1.5" = [
        "nas.fxnet"
        "radicale.fxnet"
      ];
    };
    firewall = {
      enable = lib.mkDefault true;
    };
    iproute2.enable = lib.mkDefault true;
  };

  services = {
    kubo = {
      enable = lib.mkDefault true;
      enableGC = lib.mkDefault true;
      settings = {
        Addresses = {
          API = "/ip4/127.0.0.1/tcp/5001";
        };
      };
    };

    openssh = {
      enable = lib.mkDefault true;
      settings = {
        PermitRootLogin = lib.mkDefault "prohibit-password";
        PasswordAuthentication = lib.mkDefault false;
        AllowGroups = [
          "ssh"
          "root"
        ];
      };
    };

    timesyncd.servers = [
      "192.168.1.1"
      "0.nixos.pool.ntp.org"
    ];

    btrfs.autoScrub = {
      enable = lib.mkDefault true;
      interval = lib.mkDefault "monthly";
      fileSystems = [
        "/"
        "/nix"
        "/home"
      ];
    };
  };

  programs = {
    zsh.enable = true;
    nix-index = {
      enable = true;
      enableZshIntegration = config.programs.zsh.enable;
      enableBashIntegration = config.programs.bash.enable;
    };
  };

  environment.systemPackages = with pkgs; [
    linux-firmware
    git
    wget
    curl
    htop
    gnumake
    neovim

    # archives
    zip
    xz
    unzip
    p7zip

    # utils
    ripgrep # recursively searches directories for a regex pattern
    jq # A lightweight and flexible command-line JSON processor

    # networking tools
    mtr # A network diagnostic tool
    ldns # replacement of `dig`, it provide the command `drill`
    aria2 # A lightweight multi-protocol & multi-source command-line download utility
    socat # replacement of openbsd-netcat
    nmap # A utility for network discovery and security auditing
    ipcalc # it is a calculator for the IPv4/v6 addresses

    # misc
    file
    which
    tree
    gnused
    gnutar
    gawk
    zstd
    gnupg
    bc

    # btop # replacement of htop/nmon
    iotop # io monitoring
    iftop # network monitoring

    # system call monitoring
    strace # system call monitoring
    ltrace # library call monitoring
    lsof # list open files

    cifs-utils

    age
    sops
  ];
}