-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathconfiguration.nix
161 lines (132 loc) · 4.28 KB
/
configuration.nix
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running ‘nixos-help’).
{ config, pkgs, ... }:
{
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
./docker.nix
./prometheus.nix
./grafana.nix
#./exim.nix
#./gitlab-runner.nix
];
# This value determines the NixOS release with which your system is to be
# compatible, in order to avoid breaking some software such as database
# servers. You should change this only after NixOS release notes say you
# should.
system.stateVersion = "17.09"; # Did you read the comment?
# Use the GRUB 2 boot loader.
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
# boot.loader.grub.efiSupport = true;
# boot.loader.grub.efiInstallAsRemovable = true;
# boot.loader.efi.efiSysMountPoint = "/boot/efi";
# Define on which hard drive you want to install Grub.
# boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only
# networking.hostName = "nixos"; # Define your hostname.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
networking.usePredictableInterfaceNames = false;
# Select internationalisation properties.
i18n = {
consoleFont = "Lat2-Terminus16";
consoleKeyMap = "us";
defaultLocale = "en_US.UTF-8";
};
# Set your time zone.
time.timeZone = "UTC";
# List packages installed in system profile. To search by name, run:
# $ nix-env -qaP | grep wget
environment.systemPackages = with pkgs; [
inetutils
mtr
sysstat
vim
wget
curl
htop
mosh
tmux
fail2ban
nix-repl
git
parallel
youtube-dl
];
programs.vim.defaultEditor= true;
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.bash.enableCompletion = true;
# programs.mtr.enable = true;
# programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
# List services that you want to enable:
# Enable the OpenSSH daemon.
services.openssh = {
enable = true;
permitRootLogin = "no";
passwordAuthentication = false;
ports = [ 5510 ]; # appends to allowedTCPPorts
};
services.ntp.enable = true;
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
networking.hostName = "neon.d6e.io";
networking.firewall = {
enable = true;
allowPing = true;
allowedTCPPorts = [];
};
programs.mosh.enable = true; # opens port 60000 to 61000
# Enable CUPS to print documents.
# services.printing.enable = true;
# Enable the X11 windowing system.
# services.xserver.enable = true;
# services.xserver.layout = "us";
# services.xserver.xkbOptions = "eurosign:e";
# Enable touchpad support.
# services.xserver.libinput.enable = true;
# Enable the KDE Desktop Environment.
# services.xserver.displayManager.sddm.enable = true;
# services.xserver.desktopManager.plasma5.enable = true;
# Define a user account. Don't forget to set a password with ‘passwd’.
# users.extraUsers.guest = {
# isNormalUser = true;
# uid = 1000;
# };
users.extraUsers.d6e = {
isNormalUser = true;
home = "/home/d6e";
extraGroups = [ "wheel" "docker" ];
initialPassword = "changeme";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK1gRLFVCsa9B7S2eEXJpggTgLSZ6kqkbHGJy7MYlgab [email protected]"
];
};
# Auto GC every morning
nix.gc.automatic = false;
services.cron.systemCronJobs = [ "0 3 * * * root /etc/admin/optimize-nix" ];
services.nixosManual.enable = true;
environment.etc =
{
"admin/optimize-nix" =
{
text =
''
#!/run/current-system/sw/bin/bash
set -eu
# Delete everything from this profile that isn't currently needed
nix-env --delete-generations old
# Delete generations older than a week
nix-collect-garbage
nix-collect-garbage --delete-older-than 7d
# Optimize
nix-store --gc --print-dead
nix-store --optimise
'';
mode = "0774";
};
};
}