Litenet-Nix-Infra/modules/base.nix

{
  config,
  pkgs,
  lib,
  ...
}:

{
  imports = [ ./packages/vim.nix ];

  boot = {
    initrd.systemd.enable = true;
    kernelParams = [
      "memory_hotplug.memmap_on_memory=1"
      "memhp_default_state=online"
      "net.core.default_qdisc=fq"
      "net.ipv4.tcp_congestion_control=bbr"
      "mitigations=off"
      "audit=0"
      "consoleblank=0"
      "kmemcheck=0"
      "no_console_suspend"
      "kernel.core_pattern=/dev/null"
      "init_on_alloc=0"
      "kernel.sysrq=1"
      "kernel.dmesg_restrict=0"
      "net.ipv4.ip_forward=1"
      "vm.swappiness=10"
      "net.core.netdev_max_backlog=16384"
      "net.core.somaxconn=8192"
      "net.core.rmem_default=1048576"
      "net.core.rmem_max=16777216"
      "net.core.wmem_default=1048576"
      "net.core.wmem_max=16777216"
      "net.core.optmem_max=65536"
      "net.ipv4.udp_rmem_min=4096"
      "net.ipv4.udp_wmem_min=4096"
      "net.ipv4.tcp_fastopen=3"
      "net.ipv4.tcp_mtu_probing=1"
      "net.ipv4.tcp_keepalive_time=30"
      "net.ipv4.tcp_keepalive_intvl=15"
      "net.ipv4.tcp_keepalive_probes=4"
      "net.ipv4.tcp_timestamps=0"
    ];
    kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
    loader = {
      grub = {
        enable = true;
        version = 2;
      };
      timeout = 1;
    };
  };

  networking = {
    hostName = lib.mkDefault "Rory-nix-base";
    firewall = {
      enable = false;
      # allowedTCPPorts = [ ... ];
      # allowedUDPPorts = [ ... ];
    };
    nameservers = [
      "1.1.1.1"
      "1.0.0.1"
      "8.8.8.8"
      "8.4.4.8"
    ];
  };

  i18n.defaultLocale = "en_US.UTF-8";

  services = {
    openssh = {
      enable = true;
      #allow more logins in cases where i have many ssh keys on a system
      extraConfig = ''
        MaxAuthTries 32
      '';
    };
    resolved = {
      enable = true;
      dnssec = lib.mkForce "false";
      dnsovertls = lib.mkForce "false";
    };
  };

  systemd = {
    sleep.extraConfig = ''
      AllowSuspend=no
      AllowHibernation=no
    '';
  };

  environment.systemPackages = with pkgs; [
    neofetch
    lnav
    pciutils
    git
    lsd
    duf
    htop
    btop
    duf
    kitty.terminfo
    jq
    dig
    cloud-utils
    nix-output-monitor
    unrar-wrapper
    file
    unzip
    brotli

    # - zsh
    zsh
    zsh-powerlevel10k
    zsh-nix-shell
    zsh-you-should-use
    zsh-syntax-highlighting
    zsh-completions
  ];

  systemd.coredump.extraConfig = lib.mkDefault ''
    Storage=none
  '';
  nix = {
    settings = {
      experimental-features = [
        "nix-command"
        "flakes"
      ];
      auto-optimise-store = true;
      trusted-users = [ "@wheel" ];
    };
  };
  nixpkgs = {
    config.allowUnfree = true;
  };
  security = {
    polkit.enable = true;
    sudo.wheelNeedsPassword = false;
  };

}