96 lines
2.5 KiB
Nix
96 lines
2.5 KiB
Nix
{ config, pkgs, ... }:
|
|
|
|
{
|
|
imports = [ ../users ];
|
|
|
|
# Set your time zone.
|
|
time.timeZone = "Europe/Berlin";
|
|
# networking.useDHCP = false; TODO: why was this globally disabled? Because it should be! DHCP should only be enabled per interface.
|
|
networking.firewall.allowedTCPPorts = [ 19999 ];
|
|
services.netdata.enable = true;
|
|
|
|
networking.nameservers = [ "2a01:4f8:1c0c:8221::8" "10.42.10.8" ];
|
|
services.qemuGuest.enable = true;
|
|
|
|
# Select internationalisation properties.
|
|
i18n.defaultLocale = "en_US.UTF-8";
|
|
console = {
|
|
font = "Lat2-Terminus16";
|
|
keyMap = "de-latin1";
|
|
};
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
wget
|
|
vim
|
|
tmux
|
|
screen
|
|
mtr
|
|
tcpdump
|
|
bat
|
|
direnv
|
|
starship
|
|
];
|
|
|
|
programs.zsh = {
|
|
enable = true;
|
|
histSize = 10000;
|
|
autosuggestions.enable = true;
|
|
enableBashCompletion = true;
|
|
syntaxHighlighting.enable = true;
|
|
promptInit = ''
|
|
if [[ $TERM != "dumb" && (-z $INSIDE_EMACS || $INSIDE_EMACS == "vterm") ]]; then
|
|
eval "$(${pkgs.starship}/bin/starship init zsh)"
|
|
fi
|
|
|
|
source ~/.zkbd/$TERM-''${''${DISPLAY:t}:-$VENDOR-$OSTYPE}
|
|
[[ -n ''${key[Left]} ]] && bindkey "''${key[Left]}" backward-char
|
|
[[ -n ''${key[Right]} ]] && bindkey "''${key[Right]}" forward-char
|
|
bindkey "''${key[Up]}" up-line-or-search
|
|
bindkey "''${key[Home]}" beginning-of-line
|
|
bindkey "''${key[End]}" end-of-line
|
|
bindkey "''${key[Delete]}" delete-char
|
|
function command_not_found_handler() { command-not-found $1 }
|
|
alias cat='bat'
|
|
eval "$(direnv hook zsh)"
|
|
eval "$(starship init zsh)"
|
|
'';
|
|
};
|
|
|
|
programs.mtr.enable = true;
|
|
nix.settings = {
|
|
trusted-users = [ "@wheel" ];
|
|
auto-optimise-store = true;
|
|
};
|
|
nix.gc = {
|
|
automatic = true;
|
|
dates = "weekly";
|
|
options = "--delete-older-than 14d";
|
|
};
|
|
nix.extraOptions = ''
|
|
min-free = ${toString (100 * 1024 * 1024)}
|
|
max-free = ${toString (1024 * 1024 * 1024)}
|
|
'';
|
|
|
|
services.openssh = {
|
|
enable = true;
|
|
passwordAuthentication = false;
|
|
kbdInteractiveAuthentication = false;
|
|
permitRootLogin = "yes";
|
|
};
|
|
|
|
security.acme.acceptTerms = true;
|
|
security.acme.defaults.email = "vcp-letsencrypt@clerie.de";
|
|
services.nginx = {
|
|
enable = true;
|
|
clientMaxBodySize = "400M";
|
|
recommendedGzipSettings = true;
|
|
recommendedOptimisation = true;
|
|
recommendedProxySettings = true;
|
|
recommendedTlsSettings = true;
|
|
};
|
|
|
|
security.sudo.wheelNeedsPassword = false;
|
|
|
|
sops.defaultSopsFile = (../. + "/hosts/${config.networking.hostName}/secrets.yaml");
|
|
}
|