128 lines
2.3 KiB
Nix
128 lines
2.3 KiB
Nix
{ config, pkgs, lib, ... }:
|
|
|
|
{
|
|
console = {
|
|
font = "Lat2-Terminus16";
|
|
keyMap = "de";
|
|
};
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
wget
|
|
curl
|
|
htop
|
|
iotop
|
|
iftop
|
|
ranger
|
|
parallel
|
|
ncdu
|
|
zip
|
|
smartmontools
|
|
nmap
|
|
rsync
|
|
progress
|
|
perl
|
|
acpi
|
|
lm_sensors
|
|
torsocks
|
|
tmux
|
|
gnupg1
|
|
nix-index
|
|
hexedit
|
|
gdb
|
|
dig
|
|
(lib.lowPrio python311)
|
|
borgbackup
|
|
zip
|
|
unzip
|
|
p7zip
|
|
lsof
|
|
pciutils
|
|
usbutils
|
|
dmidecode
|
|
tree
|
|
gitui
|
|
git-lfs
|
|
gitFull
|
|
];
|
|
|
|
services = {
|
|
netdata = {
|
|
enable = true;
|
|
config = {
|
|
global = {
|
|
"memory mode" = "dbengine";
|
|
"page cache size" = "32";
|
|
"dbengine multihost disk space" = "4096";
|
|
};
|
|
ml = {
|
|
"enabled" = "no";
|
|
};
|
|
};
|
|
};
|
|
openssh = {
|
|
enable = true;
|
|
settings = {
|
|
PermitRootLogin = "no";
|
|
PasswordAuthentication = false;
|
|
KbdInteractiveAuthentication = false;
|
|
Ciphers = [
|
|
"chacha20-poly1305@openssh.com"
|
|
"aes256-gcm@openssh.com"
|
|
"aes256-ctr"
|
|
];
|
|
KexAlgorithms = [
|
|
"sntrup761x25519-sha512@openssh.com"
|
|
"curve25519-sha256"
|
|
"curve25519-sha256@libssh.org"
|
|
];
|
|
};
|
|
openFirewall = true;
|
|
};
|
|
cron.enable = true;
|
|
fail2ban.enable = true;
|
|
|
|
# For SSDs
|
|
fstrim.enable = lib.mkDefault true;
|
|
};
|
|
|
|
users.users.fly = {
|
|
isNormalUser = true;
|
|
};
|
|
|
|
# to fix issue with iotop not showing IO times, see https://github.com/NixOS/nixpkgs/issues/160361#issuecomment-1246433671
|
|
boot.kernel.sysctl = { "kernel.task_delayacct" = 1; };
|
|
|
|
security.sudo.extraConfig = "Cmnd_Alias SHUTDOWN = /run/current-system/sw/bin/shutdown
|
|
Cmnd_Alias IOTOP = /run/current-system/sw/bin/iotop
|
|
Cmnd_Alias IFTOP = /run/current-system/sw/bin/iftop
|
|
Cmnd_Alias RPROF = /run/current-system/sw/bin/radeon-profile
|
|
Cmnd_Alias CCTRL = /run/current-system/sw/bin/corectrl
|
|
Cmnd_Alias LIGHT = /run/current-system/sw/bin/light
|
|
fly ALL=(ALL) NOPASSWD: SHUTDOWN,IOTOP,IFTOP,RPROF,CCTRL,LIGHT";
|
|
|
|
|
|
programs = {
|
|
vim.defaultEditor = true;
|
|
ssh = {
|
|
ciphers = [
|
|
"chacha20-poly1305@openssh.com"
|
|
"aes256-gcm@openssh.com"
|
|
"aes256-ctr"
|
|
];
|
|
kexAlgorithms = [
|
|
"sntrup761x25519-sha512@openssh.com"
|
|
"curve25519-sha256"
|
|
"curve25519-sha256@libssh.org"
|
|
];
|
|
};
|
|
};
|
|
|
|
nix.settings = {
|
|
experimental-features = [
|
|
"flakes"
|
|
"nix-command"
|
|
];
|
|
};
|
|
|
|
|
|
}
|