diff options
| author | Franck Cuny <franck@fcuny.net> | 2025-07-21 17:57:36 -0700 |
|---|---|---|
| committer | Franck Cuny <franck@fcuny.net> | 2025-07-21 17:57:36 -0700 |
| commit | 5484afc2ce90ab7d2d33d1a9e822d497f44c4e5d (patch) | |
| tree | 9f8d541e57956e7639b12801375ad91693a95b2c /profiles/default.nix | |
| parent | move all profiles, modules, and flakes to top-level (diff) | |
| download | infra-5484afc2ce90ab7d2d33d1a9e822d497f44c4e5d.tar.gz | |
keep organizing into modules and profiles
Diffstat (limited to 'profiles/default.nix')
| -rw-r--r-- | profiles/default.nix | 74 |
1 files changed, 74 insertions, 0 deletions
diff --git a/profiles/default.nix b/profiles/default.nix new file mode 100644 index 0000000..58c22eb --- /dev/null +++ b/profiles/default.nix @@ -0,0 +1,74 @@ +{ pkgs, lib, ... }: +{ + nix = { + extraOptions = '' + tarball-ttl = 900 + ''; + gc = { + automatic = true; + options = "--delete-older-than 7d"; + dates = "weekly"; + }; + package = pkgs.nixVersions.stable; + settings = { + trusted-substituters = [ + "https://cachix.cachix.org" + "https://nixpkgs.cachix.org" + "https://nix-community.cachix.org" + ]; + trusted-public-keys = [ + "cachix.cachix.org-1:eWNHQldwUO7G2VkjpnjDbWwy4KQ/HNxht7H4SSoMckM=" + "nixpkgs.cachix.org-1:q91R6hxbwFvDqTSDKwDAV4T5PxqXGxswD8vhONFMeOE=" + "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" + "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" + ]; + trusted-users = [ "root" ]; + experimental-features = lib.mkDefault [ + "nix-command" + "flakes" + ]; + }; + }; + + time.timeZone = "America/Los_Angeles"; + + # Select internationalisation properties. + i18n = { + defaultLocale = "en_US.UTF-8"; + }; + + ## only allow declarative user management + users.mutableUsers = false; + + services.openssh.enable = true; + services.openssh.settings.PasswordAuthentication = false; + services.openssh.settings.PermitRootLogin = "no"; + + users.users.root.openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBkozy+X96u5ciX766bJ/AyQ3xm1tXZTIr5+4PVFZFi" + ]; + + networking.firewall.allowedTCPPorts = [ 22 ]; + + programs.fish.enable = true; + security.sudo.wheelNeedsPassword = false; + + environment.systemPackages = with pkgs; [ + curl + fd + fish + git + htop + jq + mtr + pciutils + powertop + ripgrep + tcpdump + traceroute + vim + ]; + + ## disable that slow "building man-cache" step + documentation.man.generateCaches = lib.mkForce false; +} |