145 lines
3.7 KiB
Nix
145 lines
3.7 KiB
Nix
{ config, lib, pkgs, zentralwerk, ... }:
|
|
|
|
# this file contains default configuration that may be turned on depending on other config settings.
|
|
# options should go to modules.
|
|
|
|
lib.mkMerge [
|
|
{
|
|
boot.cleanTmpDir = true;
|
|
|
|
documentation.nixos.enable = false;
|
|
|
|
environment = {
|
|
gnome.excludePackages = with pkgs; [
|
|
epiphany # we are using firefox or chromium and requires second webkitgtk
|
|
];
|
|
noXlibs = !lib.any (host: host == config.networking.hostName) [ "dacbert" "glotzbert" "rpi-netboot" ];
|
|
systemPackages = with pkgs; [
|
|
bmon
|
|
curl
|
|
dig
|
|
ethtool
|
|
git
|
|
htop
|
|
iotop
|
|
mtr
|
|
pv
|
|
ripgrep
|
|
screen
|
|
tcpdump
|
|
tree
|
|
vim
|
|
wget
|
|
];
|
|
};
|
|
|
|
hardware.enableRedistributableFirmware = lib.mkDefault true;
|
|
|
|
i18n = {
|
|
defaultLocale = "en_US.UTF-8";
|
|
supportedLocales = [
|
|
"en_US.UTF-8/UTF-8"
|
|
"de_DE.UTF-8/UTF-8"
|
|
];
|
|
};
|
|
|
|
nix = {
|
|
settings = {
|
|
builders-use-substitutes = true;
|
|
connect-timeout = 20;
|
|
experimental-features = "nix-command flakes";
|
|
fallback = true;
|
|
trusted-public-keys = [
|
|
"nix-serve.hq.c3d2.de:KZRGGnwOYzys6pxgM8jlur36RmkJQ/y8y62e52fj1ps="
|
|
];
|
|
# don't self feed hydra
|
|
substituters = lib.mkIf (config.networking.hostName != "hydra") (
|
|
lib.mkBefore [ "https://nix-serve.hq.c3d2.de" ]
|
|
);
|
|
};
|
|
gc = {
|
|
automatic = lib.mkDefault true;
|
|
dates = "06:00";
|
|
options = "--delete-older-than 21d";
|
|
randomizedDelaySec = "6h";
|
|
};
|
|
};
|
|
|
|
# trust sandro to set good defaults in nixos-modules
|
|
opinionatedDefaults = true;
|
|
|
|
services = {
|
|
gnome.gnome-initial-setup.enable = false;
|
|
openssh = {
|
|
# Required for deployment and sops
|
|
enable = true;
|
|
permitRootLogin = "prohibit-password";
|
|
};
|
|
portunus = with zentralwerk.lib.config.site.net.serv; {
|
|
domain = "auth.c3d2.de";
|
|
externalIp4 = hosts4.auth;
|
|
externalIp6 = hosts6.up4.auth;
|
|
};
|
|
};
|
|
|
|
programs = {
|
|
fzf.keybindings = true;
|
|
tmux = {
|
|
enable = true;
|
|
aggressiveResize = true;
|
|
baseIndex = 0;
|
|
clock24 = true;
|
|
historyLimit = 50000;
|
|
terminal = "xterm-256color";
|
|
extraConfig = ''
|
|
# mouse control
|
|
set -g mouse on
|
|
|
|
# focus events enabled for terminals that support them
|
|
set -g focus-events on
|
|
|
|
# open new tab in PWD
|
|
bind '"' split-window -c "#{pane_current_path}"
|
|
bind % split-window -h -c "#{pane_current_path}"
|
|
bind c new-window -c "#{pane_current_path}"
|
|
|
|
# don't clear selection on copy
|
|
bind-key -Tcopy-mode-vi MouseDragEnd1Pane send -X copy-selection-no-clear
|
|
bind-key -Tcopy-mode-vi y send -X copy-selection-no-clear
|
|
'';
|
|
};
|
|
vim.defaultEditor = true;
|
|
};
|
|
|
|
security.acme = {
|
|
acceptTerms = true;
|
|
defaults = {
|
|
email = "mail@c3d2.de";
|
|
# letsencrypt staging server with way higher rate limits
|
|
# server = "https://acme-staging-v02.api.letsencrypt.org/directory";
|
|
};
|
|
};
|
|
|
|
# Reboot on hang
|
|
systemd.watchdog = lib.mkIf (!config.boot.isContainer) {
|
|
runtimeTime = "15s";
|
|
rebootTime = "15s";
|
|
};
|
|
|
|
time.timeZone = lib.mkDefault "Europe/Berlin";
|
|
|
|
users.motd = builtins.readFile ./motd;
|
|
|
|
zramSwap.enable = true;
|
|
}
|
|
|
|
(lib.mkIf config.services.nginx.enable {
|
|
services.nginx = {
|
|
recommendedGzipSettings = true;
|
|
recommendedOptimisation = true;
|
|
recommendedProxySettings = true;
|
|
recommendedTlsSettings = true;
|
|
};
|
|
})
|
|
]
|