2021-10-14 17:06:39 +02:00
|
|
|
{ hostName, inputs, pkgs, config, options, lib, ... }:
|
2021-03-05 20:05:50 +01:00
|
|
|
|
|
|
|
{
|
2021-04-06 22:34:05 +02:00
|
|
|
boot.kernelParams = [
|
|
|
|
# No server/router runs any untrusted user code
|
|
|
|
"mitigations=off"
|
|
|
|
# Prevents automatic creation of interface bond0 by the kernel
|
|
|
|
"bonding.max_bonds=0"
|
|
|
|
];
|
2021-04-30 22:39:24 +02:00
|
|
|
boot.tmpOnTmpfs = true;
|
2021-04-06 18:38:59 +02:00
|
|
|
# Includes wireguard
|
|
|
|
boot.kernelPackages = pkgs.linuxPackages_latest;
|
2021-06-09 18:43:40 +02:00
|
|
|
# Keep building
|
|
|
|
boot.zfs.enableUnstable = true;
|
2021-04-06 18:38:59 +02:00
|
|
|
|
2021-05-06 00:44:50 +02:00
|
|
|
# no persistent logs
|
|
|
|
services.journald.extraConfig = ''
|
|
|
|
RuntimeMaxUse=32M
|
|
|
|
Storage=volatile
|
|
|
|
'';
|
|
|
|
|
2021-10-14 17:06:39 +02:00
|
|
|
# central logging
|
|
|
|
services.journalbeat = {
|
|
|
|
enable = true;
|
|
|
|
tags = [ "zentralwerk" ];
|
|
|
|
extraConfig = ''
|
|
|
|
journalbeat.inputs:
|
|
|
|
# Paths that should be crawled and fetched. Possible values files and directories.
|
|
|
|
# When setting a directory, all journals under it are merged.
|
|
|
|
# When empty starts to read from local journal.
|
|
|
|
- paths: []
|
|
|
|
journalbeat:
|
|
|
|
seek_position: cursor
|
|
|
|
cursor_seek_fallback: tail
|
|
|
|
write_cursor_state: true
|
|
|
|
cursor_flush_period: 5s
|
|
|
|
clean_field_names: true
|
|
|
|
convert_to_numbers: false
|
|
|
|
move_metadata_to_field: journal
|
|
|
|
default_type: journal
|
|
|
|
kernel: true
|
|
|
|
output.logstash:
|
|
|
|
# Boolean flag to enable or disable the output module.
|
|
|
|
enabled: true
|
2021-10-14 17:12:25 +02:00
|
|
|
hosts: ["${config.site.net.serv.hosts4.logging}:5044"]
|
2021-10-14 17:06:39 +02:00
|
|
|
'';
|
2021-10-14 17:08:09 +02:00
|
|
|
};
|
2021-10-14 17:06:39 +02:00
|
|
|
|
2021-03-05 20:05:50 +01:00
|
|
|
nix = {
|
|
|
|
package = pkgs.nixFlakes;
|
|
|
|
extraOptions = "experimental-features = nix-command flakes";
|
2021-03-26 21:10:21 +01:00
|
|
|
registry = {
|
|
|
|
nixpkgs.flake = inputs.nixpkgs;
|
|
|
|
};
|
2021-03-05 20:05:50 +01:00
|
|
|
};
|
|
|
|
|
2021-04-02 03:10:16 +02:00
|
|
|
documentation = {
|
|
|
|
enable = false;
|
|
|
|
nixos.enable = false;
|
|
|
|
};
|
|
|
|
|
2021-03-05 20:05:50 +01:00
|
|
|
environment.systemPackages = with pkgs; [
|
2021-05-31 13:44:28 +02:00
|
|
|
bmon
|
|
|
|
bridge-utils
|
|
|
|
conntrack-tools
|
2021-05-23 22:45:07 +02:00
|
|
|
dhcpcd
|
2021-05-31 13:44:28 +02:00
|
|
|
ethtool
|
|
|
|
git
|
|
|
|
iftop
|
|
|
|
iperf
|
|
|
|
iptables
|
|
|
|
iptraf-ng
|
|
|
|
iputils
|
|
|
|
mtr
|
|
|
|
psmisc
|
|
|
|
screen
|
|
|
|
speedtest-cli
|
|
|
|
tcpdump
|
|
|
|
traceroute
|
|
|
|
vim
|
|
|
|
wget
|
2021-03-05 20:05:50 +01:00
|
|
|
];
|
2021-03-22 22:38:15 +01:00
|
|
|
|
|
|
|
networking.hostName = hostName;
|
2021-03-22 23:37:25 +01:00
|
|
|
|
|
|
|
users.users.root.initialHashedPassword = "";
|
2021-03-25 04:07:18 +01:00
|
|
|
|
|
|
|
system.stateVersion = "20.09";
|
2021-03-05 20:05:50 +01:00
|
|
|
}
|