154 lines
2.9 KiB
Nix
Executable file
154 lines
2.9 KiB
Nix
Executable file
{
|
|
config,
|
|
pkgs,
|
|
lib,
|
|
...
|
|
}:
|
|
|
|
{
|
|
imports = [ ./packages/vim.nix ];
|
|
|
|
boot = {
|
|
initrd.systemd.enable = true;
|
|
kernelParams = [
|
|
"memory_hotplug.memmap_on_memory=1"
|
|
"memhp_default_state=online"
|
|
"net.core.default_qdisc=fq"
|
|
"net.ipv4.tcp_congestion_control=bbr"
|
|
"mitigations=off"
|
|
"audit=0"
|
|
"consoleblank=0"
|
|
"kmemcheck=0"
|
|
"no_console_suspend"
|
|
"kernel.core_pattern=/dev/null"
|
|
"init_on_alloc=0"
|
|
"kernel.sysrq=1"
|
|
"kernel.dmesg_restrict=0"
|
|
"net.ipv4.ip_forward=1"
|
|
"vm.swappiness=10"
|
|
"net.core.netdev_max_backlog=16384"
|
|
"net.core.somaxconn=8192"
|
|
"net.core.rmem_default=1048576"
|
|
"net.core.rmem_max=16777216"
|
|
"net.core.wmem_default=1048576"
|
|
"net.core.wmem_max=16777216"
|
|
"net.core.optmem_max=65536"
|
|
#"net.ipv4.tcp_rmem=4096 1048576 2097152"
|
|
#"net.ipv4.tcp_wmem=4096 65536 16777216"
|
|
"net.ipv4.udp_rmem_min=4096"
|
|
"net.ipv4.udp_wmem_min=4096"
|
|
"net.ipv4.tcp_fastopen=3"
|
|
"net.ipv4.tcp_mtu_probing=1"
|
|
"net.ipv4.tcp_keepalive_time=30"
|
|
"net.ipv4.tcp_keepalive_intvl=15"
|
|
"net.ipv4.tcp_keepalive_probes=4"
|
|
"net.ipv4.tcp_timestamps=0"
|
|
];
|
|
kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
|
|
loader = {
|
|
grub = {
|
|
enable = true;
|
|
version = 2;
|
|
};
|
|
timeout = 1;
|
|
};
|
|
};
|
|
|
|
networking = {
|
|
hostName = lib.mkDefault "Rory-nix-base";
|
|
firewall = {
|
|
enable = false;
|
|
# allowedTCPPorts = [ ... ];
|
|
# allowedUDPPorts = [ ... ];
|
|
};
|
|
nameservers = [
|
|
"1.1.1.1"
|
|
"1.0.0.1"
|
|
"8.8.8.8"
|
|
"8.4.4.8"
|
|
];
|
|
};
|
|
|
|
i18n.defaultLocale = "en_US.UTF-8";
|
|
|
|
services = {
|
|
openssh = {
|
|
enable = true;
|
|
#allow more logins in cases where i have many ssh keys on a system
|
|
extraConfig = ''
|
|
MaxAuthTries 32
|
|
'';
|
|
};
|
|
resolved = {
|
|
enable = true;
|
|
dnssec = lib.mkForce "false";
|
|
dnsovertls = lib.mkForce "false";
|
|
};
|
|
};
|
|
|
|
systemd = {
|
|
sleep.extraConfig = ''
|
|
AllowSuspend=no
|
|
AllowHibernation=no
|
|
'';
|
|
};
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
wget
|
|
neofetch
|
|
lnav
|
|
pciutils
|
|
git
|
|
lsd
|
|
duf
|
|
htop
|
|
btop
|
|
duf
|
|
kitty.terminfo
|
|
tmux
|
|
jq
|
|
yq
|
|
pv
|
|
dig
|
|
cloud-utils
|
|
nix-output-monitor
|
|
expect
|
|
unrar-wrapper
|
|
arch-install-scripts
|
|
debootstrap
|
|
file
|
|
unzip
|
|
brotli
|
|
|
|
# - zsh
|
|
zsh
|
|
zsh-powerlevel10k
|
|
zsh-nix-shell
|
|
zsh-you-should-use
|
|
zsh-syntax-highlighting
|
|
zsh-completions
|
|
];
|
|
|
|
systemd.coredump.extraConfig = lib.mkDefault ''
|
|
Storage=none
|
|
'';
|
|
nix = {
|
|
settings = {
|
|
experimental-features = [
|
|
"nix-command"
|
|
"flakes"
|
|
];
|
|
auto-optimise-store = true;
|
|
trusted-users = [ "@wheel" ];
|
|
};
|
|
};
|
|
nixpkgs = {
|
|
config.allowUnfree = true;
|
|
};
|
|
security = {
|
|
polkit.enable = true;
|
|
sudo.wheelNeedsPassword = false;
|
|
};
|
|
|
|
}
|