From 3d717b6415d4429a2f9bc9619ac0bbff456827c3 Mon Sep 17 00:00:00 2001
From: Franck Cuny <franck@fcuny.net>
Date: Thu, 23 Oct 2025 17:41:18 -0700
Subject: move a few more things back as profiles

---
 profiles/defaults.nix | 88 +++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 88 insertions(+)
 create mode 100644 profiles/defaults.nix

(limited to 'profiles/defaults.nix')

diff --git a/profiles/defaults.nix b/profiles/defaults.nix
new file mode 100644
index 0000000..7c8a7fb
--- /dev/null
+++ b/profiles/defaults.nix
@@ -0,0 +1,88 @@
+{
+  self,
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+{
+  boot = {
+    kernelPackages = pkgs.linuxPackages_latest;
+    kernel.sysctl = {
+      "net.ipv4.tcp_congestion_control" = "bbr";
+      "net.ipv4.tcp_ecn" = 1;
+      "net.ipv4.tcp_fastopen" = 3;
+      "net.ipv4.tcp_tw_reuse" = 1;
+    };
+  };
+
+  networking = {
+    useNetworkd = true;
+    # Used by systemd-resolved, not directly by resolv.conf.
+    nameservers = [
+      "8.8.8.8#dns.google"
+      "1.0.0.1#cloudflare-dns.com"
+    ];
+    firewall = {
+      enable = true;
+      allowPing = true;
+      logRefusedConnections = false;
+    };
+  };
+
+  systemd.network = {
+    enable = true;
+  };
+
+  services.resolved = {
+    enable = true;
+    dnssec = "false";
+  };
+
+  i18n = {
+    defaultLocale = "en_US.UTF-8";
+    supportedLocales = [
+      "en_US.UTF-8/UTF-8"
+    ];
+  };
+
+  time.timeZone = "America/Los_Angeles";
+
+  users.motdFile = "/etc/motd";
+
+  environment.etc.motd.text = ''
+    Machine  ${config.networking.hostName}
+     NixOS   ${config.system.nixos.release}
+       @     ${self.shortRev or self.dirtyShortRev}
+  '';
+
+  ## disable that slow "building man-cache" step
+  documentation.man.generateCaches = lib.mkForce false;
+
+  users = {
+    mutableUsers = false;
+    users.root.openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBkozy+X96u5ciX766bJ/AyQ3xm1tXZTIr5+4PVFZFi"
+    ];
+  };
+
+  security.sudo.wheelNeedsPassword = false;
+
+  environment.systemPackages = with pkgs; [
+    curl
+    dysk
+    fd
+    fish
+    git
+    htop
+    jq
+    mtr
+    pciutils
+    powertop
+    ripgrep
+    tcpdump
+    traceroute
+    vim
+    wireguard-tools
+  ];
+}
-- 
cgit v1.2.3