added disko module, common-config, cleanup, etc.

2024-08-08 19:02:02 +02:00 · 2024-08-08 19:02:02 +02:00 · 52af8fc06e
commit 52af8fc06e
parent 8ad126aa99
9 changed files with 314 additions and 156 deletions
--- a/shared/base/common-config.nix
+++ b/shared/base/common-config.nix
@ -0,0 +1,52 @@
+{
+  services = {
+    openssh = {
+      enable = true;
+      openFirewall = true;
+      settings.PasswordAuthentication = false;
+    };
+
+    journald.extraConfig = "SystemMaxUse=100M";
+  };
+
+  nix = {
+    settings.auto-optimise-store = true;
+    gc = {
+      automatic = true;
+      options = "--delete-older-than 7d";
+      dates = "daily";
+    };
+  };
+  
+  # clean on boot
+  boot.tmp.cleanOnBoot = true;
+
+  # enable doas instead of sudo
+  security = {
+    sudo.enable = false;
+
+    doas = {
+      enable = true;
+      extraRules = [{
+        groups = [ "wheel" ];
+        persist = true;
+      }];
+    };
+  };
+
+  # always allow unfree
+  nixpkgs.config.allowUnfree = true;
+  environment.variables = {
+    NIXPKGS_ALLOW_UNFREE = "1";
+  };
+
+  # enable nftables based firewall
+  networking.nftables = {
+    enable = true;
+  };
+
+  users.users.root.openssh.authorizedKeys.keys = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPuma8g+U8Wh+4mLvZoV9V+ngPqxjuIG4zhsbaTeXq65 eyjhb@chronos"
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGee4uz+HDOj4Y4ANOhWJhoc4mMLP1gz6rpKoMueQF2J rendal@popper"
+  ];
+}