jana/server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
server/defaults/machine-config.nix

104 lines
2.1 KiB
Nix
Raw Blame History

{
lib,
pkgs,
flakes,
machine,
...
}:
{
imports = [
./machine-or-home-config.nix
./xdg.nix
];
system.stateVersion = machine.stateVersion;
services.resolved.enable = false;
xdg.mime.enable = lib.mkForce false;
# Enable SSH
services.openssh = {
enable = true;
settings = {
PasswordAuthentication = lib.mkDefault false;
PermitRootLogin = lib.mkDefault "no";
};
};
networking.firewall.allowedTCPPorts = [ 22 ];
# Disable sudo prompt for `wheel` users.
security.sudo.wheelNeedsPassword = lib.mkDefault false;
# Configure the root account
users.extraUsers.root = {
# Allow my SSH keys for logging in as root. TODO: find from users list
# openssh.authorizedKeys.keys = ;
# Also use zsh for root
shell = pkgs.zsh;
};
programs.zsh.enable = true;
programs.fish.enable = true;
services.qemuGuest.enable = true;
# Clean /tmp on boot.
boot.tmp.cleanOnBoot = true;
# Set your time zone.
time.timeZone = lib.mkDefault "Europe/Amsterdam";
systemd.oomd = {
enableRootSlice = true;
# enableUserServices = true;
enableUserSlices = true;
};
# Limit the systemd journal to 100 MB of disk or the
# last 7 days of logs, whichever happens first.
services.journald.extraConfig = ''
SystemMaxUse=100M
MaxFileSec=7day
'';
nix = {
package = pkgs.lix;
settings = {
auto-optimise-store = true;
};
optimise = {
automatic = true;
dates = [ "weekly" ];
};
gc = {
automatic = true;
dates = "weekly";
randomizedDelaySec = "3h";
options = "--delete-older-than 7d";
};
extraOptions = ''
experimental-features = nix-command flakes
'';
};
# Debloat
documentation = {
enable = lib.mkForce false;
doc.enable = lib.mkForce false;
man.enable = lib.mkForce false;
info.enable = lib.mkForce false;
nixos.enable = lib.mkForce false;
};
security.polkit.enable = true;
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
extraSpecialArgs = {
inherit flakes;
};
};
}
Reference in a new issue View git blame Copy permalink