2023-04-14 14:12:45 +03:00
|
|
|
{
|
|
|
|
config,
|
|
|
|
lib,
|
|
|
|
pkgs,
|
2023-09-12 15:46:44 +03:00
|
|
|
myData,
|
2023-04-14 14:12:45 +03:00
|
|
|
...
|
2024-07-29 15:39:54 +03:00
|
|
|
}:
|
|
|
|
let
|
2024-03-04 14:53:50 +02:00
|
|
|
cfg = config.mj;
|
2024-07-29 15:39:54 +03:00
|
|
|
in
|
|
|
|
{
|
2023-04-14 14:12:45 +03:00
|
|
|
imports = [
|
2023-07-20 06:58:47 +03:00
|
|
|
./sshd
|
|
|
|
./unitstatus
|
2023-07-20 15:02:38 +03:00
|
|
|
./users
|
2023-04-14 14:12:45 +03:00
|
|
|
];
|
|
|
|
|
2023-07-20 15:02:38 +03:00
|
|
|
options.mj = with lib.types; {
|
2023-04-14 14:12:45 +03:00
|
|
|
stateVersion = lib.mkOption {
|
2023-07-20 15:02:38 +03:00
|
|
|
type = str;
|
2023-04-14 14:12:45 +03:00
|
|
|
example = "22.11";
|
|
|
|
description = "The NixOS state version to use for this system";
|
|
|
|
};
|
2023-07-20 15:02:38 +03:00
|
|
|
|
2023-04-14 14:12:45 +03:00
|
|
|
timeZone = lib.mkOption {
|
2023-07-20 15:02:38 +03:00
|
|
|
type = str;
|
2023-04-14 14:12:45 +03:00
|
|
|
example = "Europe/Vilnius";
|
|
|
|
description = "Time zone for this system";
|
|
|
|
};
|
2024-03-04 14:53:50 +02:00
|
|
|
|
2024-07-29 15:39:54 +03:00
|
|
|
username = lib.mkOption { type = str; };
|
2024-03-07 13:08:40 +02:00
|
|
|
|
|
|
|
skipPerf = lib.mkOption {
|
|
|
|
type = bool;
|
|
|
|
default = false;
|
|
|
|
};
|
2023-04-14 14:12:45 +03:00
|
|
|
};
|
|
|
|
|
|
|
|
config = {
|
2024-03-06 12:48:27 +02:00
|
|
|
boot = {
|
|
|
|
# https://github.com/NixOS/nixpkgs/issues/83694#issuecomment-605657381
|
2024-03-13 14:32:34 +02:00
|
|
|
kernel.sysctl = {
|
|
|
|
"kernel.sysrq" = "438";
|
|
|
|
"kernel.perf_event_paranoid" = "-1";
|
2024-03-13 14:37:04 +02:00
|
|
|
"kernel.kptr_restrict" = "0";
|
2024-03-13 14:32:34 +02:00
|
|
|
};
|
2024-03-06 12:48:27 +02:00
|
|
|
|
2024-05-30 17:25:54 +03:00
|
|
|
kernelPackages = lib.mkDefault pkgs.linuxPackages;
|
2024-03-13 16:19:00 +02:00
|
|
|
|
2024-07-29 15:39:54 +03:00
|
|
|
supportedFilesystems = [ "btrfs" ];
|
2024-03-06 12:48:27 +02:00
|
|
|
};
|
2024-01-13 23:39:49 +02:00
|
|
|
|
2024-03-06 12:48:27 +02:00
|
|
|
nixpkgs.config.allowUnfree = true;
|
2024-03-06 10:37:59 +02:00
|
|
|
|
2023-09-14 11:30:14 +03:00
|
|
|
hardware.enableRedistributableFirmware = true;
|
2023-09-14 10:53:01 +03:00
|
|
|
|
2024-03-04 14:53:50 +02:00
|
|
|
time.timeZone = cfg.timeZone;
|
2023-04-14 14:12:45 +03:00
|
|
|
|
2023-09-12 15:46:44 +03:00
|
|
|
mj.services.friendlyport.ports = [
|
|
|
|
{
|
2024-07-29 15:39:54 +03:00
|
|
|
subnets = [ myData.subnets.tailscale.cidr ];
|
|
|
|
tcp = [ config.services.iperf3.port ];
|
|
|
|
udp = [ config.services.iperf3.port ];
|
2023-09-12 15:46:44 +03:00
|
|
|
}
|
|
|
|
];
|
2023-09-11 21:59:43 +03:00
|
|
|
|
2023-04-14 14:12:45 +03:00
|
|
|
i18n = {
|
2023-12-20 17:07:54 +02:00
|
|
|
defaultLocale = "en_US.UTF-8";
|
2024-07-29 15:39:54 +03:00
|
|
|
supportedLocales = [ "all" ];
|
2023-04-14 14:12:45 +03:00
|
|
|
};
|
|
|
|
|
2023-07-20 11:56:08 +03:00
|
|
|
nix = {
|
|
|
|
gc = {
|
|
|
|
automatic = true;
|
2023-10-02 00:20:40 +03:00
|
|
|
dates = "weekly";
|
2024-07-31 00:51:35 +03:00
|
|
|
options = "--delete-older-than 7d";
|
2023-07-20 11:56:08 +03:00
|
|
|
};
|
|
|
|
settings = {
|
2024-07-29 15:39:54 +03:00
|
|
|
experimental-features = [
|
|
|
|
"nix-command"
|
|
|
|
"flakes"
|
|
|
|
];
|
|
|
|
trusted-users = [ cfg.username ];
|
2023-07-20 11:56:08 +03:00
|
|
|
};
|
|
|
|
};
|
2023-04-14 14:12:45 +03:00
|
|
|
|
2024-03-04 14:53:50 +02:00
|
|
|
system.stateVersion = cfg.stateVersion;
|
2023-04-14 14:12:45 +03:00
|
|
|
|
|
|
|
security = {
|
|
|
|
sudo = {
|
|
|
|
wheelNeedsPassword = false;
|
|
|
|
execWheelOnly = true;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
environment = {
|
2024-07-29 15:39:54 +03:00
|
|
|
systemPackages =
|
|
|
|
with pkgs;
|
2024-03-07 13:08:40 +02:00
|
|
|
lib.mkMerge [
|
|
|
|
[
|
2024-06-10 14:28:07 +03:00
|
|
|
bc
|
2024-03-07 13:08:40 +02:00
|
|
|
jc # parse different formats and command outputs to json
|
|
|
|
jq # parse, format and query json documents
|
2024-03-27 15:42:53 +02:00
|
|
|
yq
|
2024-03-07 13:08:40 +02:00
|
|
|
pv # pipe viewer for progressbars in pipes
|
|
|
|
bat # "bat - cat with wings", cat|less with language highlight
|
|
|
|
duf # nice disk usage output
|
|
|
|
git
|
2024-04-08 09:33:17 +03:00
|
|
|
lz4
|
2024-04-03 17:43:20 +03:00
|
|
|
fio
|
2024-03-07 13:08:40 +02:00
|
|
|
htop
|
|
|
|
file # file duh
|
|
|
|
host # look up host info
|
|
|
|
tree # tree duh
|
|
|
|
lsof # lsof yay
|
|
|
|
rage # encrypt-decrypt
|
|
|
|
ncdu # disk usage navigator
|
2024-08-01 14:05:10 +03:00
|
|
|
btdu
|
2024-03-07 13:08:40 +02:00
|
|
|
lshw
|
|
|
|
entr
|
|
|
|
cloc
|
|
|
|
poop # hopefully poof some day
|
2024-06-11 09:27:13 +03:00
|
|
|
flex
|
|
|
|
bison
|
2024-03-25 13:20:46 +02:00
|
|
|
s-tui # stress and monitor cpu
|
2024-06-04 16:23:50 +03:00
|
|
|
iotop
|
2024-05-22 13:31:36 +03:00
|
|
|
wdiff
|
2024-03-07 13:08:40 +02:00
|
|
|
tokei
|
|
|
|
sshfs
|
|
|
|
pwgen
|
2024-06-03 11:31:45 +03:00
|
|
|
below # tracking cgroups
|
2024-03-21 09:37:32 +02:00
|
|
|
mdadm
|
2024-09-29 23:51:01 +03:00
|
|
|
bindfs
|
2024-08-24 20:05:31 +03:00
|
|
|
spiped
|
2024-03-07 13:08:40 +02:00
|
|
|
parted
|
|
|
|
bloaty
|
|
|
|
dhcpcd
|
|
|
|
hdparm
|
|
|
|
sdparm
|
|
|
|
procps
|
2024-06-06 00:15:46 +03:00
|
|
|
unison
|
2024-06-03 09:35:57 +03:00
|
|
|
vmtouch
|
2024-03-07 13:08:40 +02:00
|
|
|
vimv-rs
|
|
|
|
sysstat
|
|
|
|
ripgrep
|
|
|
|
ethtool
|
|
|
|
gettext
|
2024-10-29 22:16:49 +02:00
|
|
|
exiftool
|
2024-07-31 09:10:23 +03:00
|
|
|
bpftrace
|
2024-03-07 13:08:40 +02:00
|
|
|
keyutils
|
2024-03-07 14:18:17 +02:00
|
|
|
libkcapi
|
2024-03-07 13:08:40 +02:00
|
|
|
usbutils
|
|
|
|
pciutils
|
|
|
|
bsdgames
|
|
|
|
parallel
|
|
|
|
yamllint
|
|
|
|
binutils
|
2024-09-05 22:51:15 +03:00
|
|
|
dos2unix
|
2024-05-16 09:09:06 +03:00
|
|
|
patchelf
|
2024-03-26 13:20:18 +02:00
|
|
|
compsize # compression ratio on btrfs
|
2024-03-07 13:08:40 +02:00
|
|
|
hyperfine
|
|
|
|
stress-ng
|
|
|
|
dmidecode
|
|
|
|
moreutils
|
|
|
|
cryptsetup
|
|
|
|
lm_sensors
|
2024-05-10 23:02:01 +03:00
|
|
|
inotify-info
|
|
|
|
inotify-tools
|
2024-03-07 13:08:40 +02:00
|
|
|
smartmontools
|
|
|
|
unixtools.xxd
|
|
|
|
bcachefs-tools
|
2024-07-01 00:14:25 +03:00
|
|
|
sqlite-interactive
|
2024-03-07 13:08:40 +02:00
|
|
|
|
|
|
|
# networking
|
|
|
|
wol
|
|
|
|
dig
|
|
|
|
nmap
|
|
|
|
# broken on aarch64-linux
|
|
|
|
#wrk2
|
|
|
|
wget
|
|
|
|
btop
|
|
|
|
ngrep
|
|
|
|
iftop
|
|
|
|
whois
|
|
|
|
ipset
|
2024-04-12 14:57:56 +03:00
|
|
|
shfmt
|
2024-03-07 13:08:40 +02:00
|
|
|
iperf3
|
|
|
|
jnettop
|
|
|
|
openssl
|
|
|
|
tcpdump
|
|
|
|
testssl
|
|
|
|
dnsutils
|
2024-10-10 05:23:28 +03:00
|
|
|
curlHTTP3
|
2024-03-07 13:08:40 +02:00
|
|
|
bandwhich
|
2024-05-14 16:52:32 +03:00
|
|
|
bridge-utils
|
2024-03-07 13:08:40 +02:00
|
|
|
speedtest-cli
|
|
|
|
nix-output-monitor
|
|
|
|
|
|
|
|
# compression/decompression
|
|
|
|
xz
|
2024-09-05 23:26:07 +03:00
|
|
|
unrar
|
2024-03-07 13:08:40 +02:00
|
|
|
pigz
|
|
|
|
zstd
|
2024-09-05 23:26:07 +03:00
|
|
|
p7zip # TODO: p7zip-rar in 24.11+
|
2024-03-07 13:08:40 +02:00
|
|
|
zopfli
|
|
|
|
brotli
|
2024-03-11 21:35:30 +02:00
|
|
|
|
|
|
|
config.boot.kernelPackages.cpupower
|
2024-11-12 15:11:41 +02:00
|
|
|
#config.boot.kernelPackages.vm-tools # https://github.com/NixOS/nixpkgs/issues/355369
|
2024-03-07 13:08:40 +02:00
|
|
|
]
|
2024-07-29 15:39:54 +03:00
|
|
|
(lib.mkIf (!cfg.skipPerf) [ config.boot.kernelPackages.perf ])
|
2024-03-07 13:08:40 +02:00
|
|
|
];
|
2023-04-14 14:12:45 +03:00
|
|
|
};
|
|
|
|
|
|
|
|
programs = {
|
2024-06-05 14:35:29 +03:00
|
|
|
nano.enable = false;
|
2023-04-14 14:12:45 +03:00
|
|
|
mtr.enable = true;
|
2023-11-22 18:09:15 +02:00
|
|
|
bcc.enable = true;
|
2023-08-15 07:09:11 +03:00
|
|
|
|
2023-08-18 23:45:13 +03:00
|
|
|
tmux = {
|
|
|
|
enable = true;
|
|
|
|
keyMode = "vi";
|
2023-10-09 09:42:11 +03:00
|
|
|
historyLimit = 1000000;
|
2023-08-18 23:45:13 +03:00
|
|
|
};
|
|
|
|
|
2023-08-18 23:33:56 +03:00
|
|
|
neovim = {
|
|
|
|
enable = true;
|
|
|
|
vimAlias = true;
|
|
|
|
defaultEditor = true;
|
|
|
|
};
|
2023-04-14 14:12:45 +03:00
|
|
|
};
|
2023-07-26 14:10:22 +03:00
|
|
|
|
2023-08-24 23:49:21 +03:00
|
|
|
networking.firewall.logRefusedConnections = false;
|
|
|
|
|
2023-07-26 14:10:22 +03:00
|
|
|
services = {
|
2023-10-24 14:30:48 +03:00
|
|
|
iperf3.enable = true;
|
2024-10-21 13:12:42 +03:00
|
|
|
atd.enable = true;
|
2023-10-24 14:30:48 +03:00
|
|
|
|
2023-08-24 17:14:57 +03:00
|
|
|
chrony = {
|
|
|
|
enable = true;
|
2024-07-29 15:39:54 +03:00
|
|
|
servers = [ "time.cloudflare.com" ];
|
2023-08-24 17:14:57 +03:00
|
|
|
};
|
|
|
|
|
2023-07-26 14:10:22 +03:00
|
|
|
locate = {
|
|
|
|
enable = true;
|
2023-11-27 17:54:44 +02:00
|
|
|
package = pkgs.plocate;
|
2023-07-26 14:10:22 +03:00
|
|
|
localuser = null;
|
2024-08-11 17:46:34 +03:00
|
|
|
prunePaths = [ "/home/.btrfs" ];
|
2023-07-26 14:10:22 +03:00
|
|
|
};
|
|
|
|
};
|
2023-04-14 14:12:45 +03:00
|
|
|
};
|
|
|
|
}
|