nerf/defaultRoles #12
1 changed files with 49 additions and 1 deletions
|
|
@ -1,4 +1,52 @@
|
|||
{ ... } : {
|
||||
{pkgs, config, lib, ...} : {
|
||||
|
||||
imports = [ ./admins.nix ];
|
||||
nix = {
|
||||
extraOptions = ''
|
||||
experimental-features = nix-command flakes
|
||||
builders-use-substitutes = true
|
||||
'';
|
||||
};
|
||||
|
||||
networking = {
|
||||
firewall = { # these shoud be default, but better make sure!
|
||||
enable = true;
|
||||
allowPing = true;
|
||||
};
|
||||
nftables.enable = true;
|
||||
useDHCP = false; # We don't speak DHCP and even if we would, we should enable it per interface
|
||||
# hosts = # TODO write something to autogenerate ip adresses!
|
||||
};
|
||||
|
||||
users = {
|
||||
mutableUsers = false;
|
||||
};
|
||||
|
||||
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
||||
|
||||
environment = {
|
||||
systemPackages = builtins.attrValues {
|
||||
inherit (pkgs)
|
||||
htop lsof tmux btop;
|
||||
};
|
||||
};
|
||||
|
||||
services = {
|
||||
journald.extraConfig = "SystemMaxUse=5G";
|
||||
|
||||
nginx = {
|
||||
recommendedOptimisation = true;
|
||||
recommendedGzipSettings = true;
|
||||
recommendedTlsSettings = true;
|
||||
};
|
||||
|
||||
|
Gonne marked this conversation as resolved
|
||||
openssh = {
|
||||
enable = true;
|
||||
settings = {
|
||||
PermitRootLogin = "no";
|
||||
PasswordAuthentication = false;
|
||||
};
|
||||
};
|
||||
};
|
||||
>>>>>>> 2b0eec7 (added actual hardware identifiers & atual network config)
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue
Does this only set the defaults in case we enable some nginx or does this enable nginx (and why)?
This does not enable ngingx, but it will set these if you load ngingx (for that there is
services.nginx.enable). And it isn't nginx default behavior but it kind of should be.