network/nix/nixos-module/defaults.nix

95 lines
2.1 KiB
Nix

{ hostName, inputs, pkgs, config, options, lib, ... }:
{
boot.kernelParams = [
# No server/router runs any untrusted user code
"mitigations=off"
# Prevents automatic creation of interface bond0 by the kernel
"bonding.max_bonds=0"
];
boot.tmpOnTmpfs = true;
# Includes wireguard
boot.kernelPackages = pkgs.linuxPackages_latest;
# Keep building
boot.zfs.enableUnstable = true;
# no persistent logs
services.journald.extraConfig = ''
RuntimeMaxUse=32M
Storage=volatile
'';
# central logging
services.journalbeat = {
enable = true;
tags = [ "zentralwerk" ];
extraConfig = ''
journalbeat.inputs:
# Paths that should be crawled and fetched. Possible values files and directories.
# When setting a directory, all journals under it are merged.
# When empty starts to read from local journal.
- paths: []
journalbeat:
seek_position: cursor
cursor_seek_fallback: tail
write_cursor_state: true
cursor_flush_period: 5s
clean_field_names: true
convert_to_numbers: false
move_metadata_to_field: journal
default_type: journal
kernel: true
output.logstash:
# Boolean flag to enable or disable the output module.
enabled: true
hosts: ["${config.site.net.serv.hosts4.logging}:5044"]
'';
};
nix = {
package = pkgs.nixFlakes;
extraOptions = "experimental-features = nix-command flakes";
registry = {
nixpkgs.flake = inputs.nixpkgs;
};
};
nixpkgs.config.packageOverrides = pkgs: {
# TODO: remove when host is rebooted with a nixos-21.11 kernel
iptables = pkgs.iptables-legacy;
};
documentation = {
enable = false;
nixos.enable = false;
};
environment.systemPackages = with pkgs; [
bmon
bridge-utils
conntrack-tools
dhcpcd
ethtool
git
iftop
iperf
iptables
iptraf-ng
iputils
mtr
psmisc
screen
speedtest-cli
tcpdump
traceroute
vim
wget
];
networking.hostName = hostName;
users.users.root.initialHashedPassword = "";
system.stateVersion = "20.09";
}