config/modules/base/default.nix

{
  config,
  lib,
  pkgs,
  myData,
  ...
}:
let
  cfg = config.mj;
in
{
  imports = [
    ./sshd
    ./unitstatus
    ./users
  ];

  options.mj = with lib.types; {
    stateVersion = lib.mkOption {
      type = str;
      example = "22.11";
      description = "The NixOS state version to use for this system";
    };

    timeZone = lib.mkOption {
      type = str;
      example = "Europe/Vilnius";
      description = "Time zone for this system";
    };

    username = lib.mkOption { type = str; };

  };

  config = {
    boot = {
      # https://github.com/NixOS/nixpkgs/issues/83694#issuecomment-605657381
      kernel.sysctl = {
        "kernel.sysrq" = "438";
        "kernel.perf_event_paranoid" = "-1";
        "kernel.kptr_restrict" = "0";
      };

      kernelPackages = lib.mkDefault pkgs.linuxPackages;

      supportedFilesystems = [
        "btrfs"
        "ext4"
      ];
    };

    nixpkgs.config.allowUnfree = true;

    hardware.enableRedistributableFirmware = true;

    time.timeZone = cfg.timeZone;

    mj.services.friendlyport.ports = [
      {
        subnets = [ myData.subnets.tailscale.cidr ];
        tcp = [ config.services.iperf3.port ];
        udp = [ config.services.iperf3.port ];
      }
    ];

    i18n = {
      defaultLocale = "en_US.UTF-8";
      supportedLocales = [ "all" ];
    };

    nix = {
      gc = {
        automatic = true;
        dates = "weekly";
        options = "--delete-older-than 7d";
      };
      settings = {
        experimental-features = [
          "nix-command"
          "flakes"
        ];
        trusted-users = [ cfg.username ];
      };
    };

    system.stateVersion = cfg.stateVersion;

    security = {
      sudo = {
        wheelNeedsPassword = false;
        execWheelOnly = true;
      };
    };

    environment = {
      systemPackages =
        with pkgs;
        lib.mkMerge [
          [
            bc
            jc # parse different formats and command outputs to json
            jq # parse, format and query json documents
            yq
            xz
            pv # pipe viewer for progressbars in pipes
            bat # "bat - cat with wings", cat|less with language highlight
            duf # nice disk usage output
            git
            lz4
            fio
            htop
            file # file duh
            host # look up host info
            tree # tree duh
            lsof # lsof yay
            rage # encrypt-decrypt
            ncdu # disk usage navigator
            btdu
            lshw
            entr
            cloc
            poop # hopefully poof some day
            pigz
            zstd
            flex
            bison
            s-tui # stress and monitor cpu
            unrar
            iotop
            wdiff
            tokei
            sshfs
            pwgen
            below # tracking cgroups
            mdadm
            zopfli
            brotli
            bindfs
            spiped
            parted
            bloaty
            dhcpcd
            hdparm
            sdparm
            procps
            unison
            usbtop
            vmtouch
            vimv-rs
            sysstat
            ripgrep
            ethtool
            gettext
            exiftool
            bpftrace
            keyutils
            libkcapi
            usbutils
            pciutils
            bsdgames
            parallel
            yamllint
            binutils
            dos2unix
            patchelf
            compsize
            p7zip-rar
            hyperfine
            stress-ng
            dmidecode
            moreutils
            sloccount
            cryptsetup
            lm_sensors
            inotify-info
            inotify-tools
            smartmontools
            unixtools.xxd
            bcachefs-tools
            ghostty.terminfo
            sqlite-interactive

            # networking
            wol
            dig
            nmap
            wget
            btop
            ngrep
            iftop
            whois
            ipset
            shfmt
            iperf3
            jnettop
            openssl
            tcpdump
            testssl
            dnsutils
            curlHTTP3
            bandwhich
            bridge-utils
            speedtest-cli
            nix-output-monitor

            config.boot.kernelPackages.perf
            config.boot.kernelPackages.vm-tools

            # non-virtual
            powerstat
            config.boot.kernelPackages.cpupower
          ]
          (lib.mkIf (pkgs.stdenv.hostPlatform.system == "x86_64-linux") [ wrk2 ])
        ];
    };

    programs = {
      nano.enable = false;
      mtr.enable = true;
      bcc.enable = true;

      tmux = {
        enable = true;
        keyMode = "vi";
        historyLimit = 1000000;
      };

      neovim = {
        enable = true;
        vimAlias = true;
        defaultEditor = true;
      };
    };

    networking.firewall.logRefusedConnections = false;

    systemd.services.dbus = {
      restartIfChanged = false;
      reloadIfChanged = lib.mkForce false;
    };

    services = {
      iperf3.enable = true;
      atd.enable = true;

      chrony = {
        enable = true;
        servers = [ "time.cloudflare.com" ];
      };

      locate = {
        enable = true;
        package = pkgs.plocate;
        localuser = null;
        prunePaths = [ "/home/.btrfs" ];
      };
    };
  };
}
flakes 2023-04-14 11:12:45 +00:00			`{`
			`config,`
			`lib,`
			`pkgs,`
rewrite firewall rules 2023-09-12 12:46:44 +00:00			`myData,`
flakes 2023-04-14 11:12:45 +00:00			`...`
nix fmt 2024-07-29 12:39:54 +00:00			`}:`
			`let`
vm updates 2024-03-04 12:53:50 +00:00			`cfg = config.mj;`
nix fmt 2024-07-29 12:39:54 +00:00			`in`
			`{`
flakes 2023-04-14 11:12:45 +00:00			`imports = [`
add unitstatus with some TODOs 2023-07-20 03:58:47 +00:00			`./sshd`
			`./unitstatus`
users and passwords 2023-07-20 12:02:38 +00:00			`./users`
flakes 2023-04-14 11:12:45 +00:00			`];`

users and passwords 2023-07-20 12:02:38 +00:00			`options.mj = with lib.types; {`
flakes 2023-04-14 11:12:45 +00:00			`stateVersion = lib.mkOption {`
users and passwords 2023-07-20 12:02:38 +00:00			`type = str;`
flakes 2023-04-14 11:12:45 +00:00			`example = "22.11";`
			`description = "The NixOS state version to use for this system";`
			`};`
users and passwords 2023-07-20 12:02:38 +00:00
flakes 2023-04-14 11:12:45 +00:00			`timeZone = lib.mkOption {`
users and passwords 2023-07-20 12:02:38 +00:00			`type = str;`
flakes 2023-04-14 11:12:45 +00:00			`example = "Europe/Vilnius";`
			`description = "Time zone for this system";`
			`};`
vm updates 2024-03-04 12:53:50 +00:00
nix fmt 2024-07-29 12:39:54 +00:00			`username = lib.mkOption { type = str; };`
arm64: skip perf tools doesn't build on the custome kernel 2024-03-07 11:08:40 +00:00
flakes 2023-04-14 11:12:45 +00:00			`};`

			`config = {`
vm and op5p: add bcachefs 2024-03-06 10:48:27 +00:00			`boot = {`
			`# https://github.com/NixOS/nixpkgs/issues/83694#issuecomment-605657381`
perf: allow more for users 2024-03-13 12:32:34 +00:00			`kernel.sysctl = {`
			`"kernel.sysrq" = "438";`
			`"kernel.perf_event_paranoid" = "-1";`
kptr_restrict = 0 2024-03-13 12:37:04 +00:00			`"kernel.kptr_restrict" = "0";`
perf: allow more for users 2024-03-13 12:32:34 +00:00			`};`
vm and op5p: add bcachefs 2024-03-06 10:48:27 +00:00
desktop: minor moving around xorg/displaymanager, use stable kernel pkgs 2024-05-30 14:25:54 +00:00			`kernelPackages = lib.mkDefault pkgs.linuxPackages;`
re-add btrfs 2024-03-13 14:19:00 +00:00
support ext4 and xfs 2025-01-18 20:37:04 +00:00			`supportedFilesystems = [`
			`"btrfs"`
			`"ext4"`
			`];`
vm and op5p: add bcachefs 2024-03-06 10:48:27 +00:00			`};`
remove busybox 2024-01-13 21:39:49 +00:00
vm and op5p: add bcachefs 2024-03-06 10:48:27 +00:00			`nixpkgs.config.allowUnfree = true;`
kernel: default to zfs-enabled 2024-03-06 08:37:59 +00:00
fwminex: enable redistributable firmware, remove docker volume 2023-09-14 08:30:14 +00:00			`hardware.enableRedistributableFirmware = true;`
fwminex: allow nonfree 2023-09-14 07:53:01 +00:00
vm updates 2024-03-04 12:53:50 +00:00			`time.timeZone = cfg.timeZone;`
flakes 2023-04-14 11:12:45 +00:00
rewrite firewall rules 2023-09-12 12:46:44 +00:00			`mj.services.friendlyport.ports = [`
			`{`
nix fmt 2024-07-29 12:39:54 +00:00			`subnets = [ myData.subnets.tailscale.cidr ];`
			`tcp = [ config.services.iperf3.port ];`
			`udp = [ config.services.iperf3.port ];`
rewrite firewall rules 2023-09-12 12:46:44 +00:00			`}`
			`];`
Revert "firewall: open iperf3 fully" This reverts commit 56bc914934b88cc3ee4cae501b01e372cdd6bb51. 2023-09-11 18:59:43 +00:00
flakes 2023-04-14 11:12:45 +00:00			`i18n = {`
locales: bring back the old means otherwise perl is complaining 2023-12-20 15:07:54 +00:00			`defaultLocale = "en_US.UTF-8";`
nix fmt 2024-07-29 12:39:54 +00:00			`supportedLocales = [ "all" ];`
flakes 2023-04-14 11:12:45 +00:00			`};`

small cleanup 2023-07-20 08:56:08 +00:00			`nix = {`
			`gc = {`
			`automatic = true;`
nix gc: TTL 2d, run weekly 2023-10-01 21:20:40 +00:00			`dates = "weekly";`
gc: no more than 7d 2024-07-30 21:51:35 +00:00			`options = "--delete-older-than 7d";`
small cleanup 2023-07-20 08:56:08 +00:00			`};`
			`settings = {`
nix fmt 2024-07-29 12:39:54 +00:00			`experimental-features = [`
			`"nix-command"`
			`"flakes"`
			`];`
			`trusted-users = [ cfg.username ];`
small cleanup 2023-07-20 08:56:08 +00:00			`};`
			`};`
flakes 2023-04-14 11:12:45 +00:00
vm updates 2024-03-04 12:53:50 +00:00			`system.stateVersion = cfg.stateVersion;`
flakes 2023-04-14 11:12:45 +00:00
			`security = {`
			`sudo = {`
			`wheelNeedsPassword = false;`
			`execWheelOnly = true;`
			`};`
			`};`

			`environment = {`
nix fmt 2024-07-29 12:39:54 +00:00			`systemPackages =`
			`with pkgs;`
arm64: skip perf tools doesn't build on the custome kernel 2024-03-07 11:08:40 +00:00			`lib.mkMerge [`
			`[`
base: +bc 2024-06-10 11:28:07 +00:00			`bc`
arm64: skip perf tools doesn't build on the custome kernel 2024-03-07 11:08:40 +00:00			`jc # parse different formats and command outputs to json`
			`jq # parse, format and query json documents`
base: install yq 2024-03-27 13:42:53 +00:00			`yq`
base: +ghostty terminfo 2025-01-26 15:34:58 +00:00			`xz`
arm64: skip perf tools doesn't build on the custome kernel 2024-03-07 11:08:40 +00:00			`pv # pipe viewer for progressbars in pipes`
			`bat # "bat - cat with wings", cat\|less with language highlight`
			`duf # nice disk usage output`
			`git`
base: +lz4 2024-04-08 06:33:17 +00:00			`lz4`
base: +fio 2024-04-03 14:43:20 +00:00			`fio`
arm64: skip perf tools doesn't build on the custome kernel 2024-03-07 11:08:40 +00:00			`htop`
			`file # file duh`
			`host # look up host info`
			`tree # tree duh`
			`lsof # lsof yay`
			`rage # encrypt-decrypt`
			`ncdu # disk usage navigator`
btdu 2024-08-01 11:05:10 +00:00			`btdu`
arm64: skip perf tools doesn't build on the custome kernel 2024-03-07 11:08:40 +00:00			`lshw`
			`entr`
			`cloc`
			`poop # hopefully poof some day`
base: +ghostty terminfo 2025-01-26 15:34:58 +00:00			`pigz`
			`zstd`
base: +flex +bison 2024-06-11 06:27:13 +00:00			`flex`
			`bison`
base: +s-tui 2024-03-25 11:20:46 +00:00			`s-tui # stress and monitor cpu`
base: +ghostty terminfo 2025-01-26 15:34:58 +00:00			`unrar`
base: +iotop 2024-06-04 13:23:50 +00:00			`iotop`
base: +wdiff 2024-05-22 10:31:36 +00:00			`wdiff`
arm64: skip perf tools doesn't build on the custome kernel 2024-03-07 11:08:40 +00:00			`tokei`
			`sshfs`
			`pwgen`
base: +below 2024-06-03 08:31:45 +00:00			`below # tracking cgroups`
base: add mdadm 2024-03-21 07:37:32 +00:00			`mdadm`
base: +ghostty terminfo 2025-01-26 15:34:58 +00:00			`zopfli`
			`brotli`
base: +bindfs 2024-09-29 20:51:01 +00:00			`bindfs`
desktop: +spiped 2024-08-24 17:05:31 +00:00			`spiped`
arm64: skip perf tools doesn't build on the custome kernel 2024-03-07 11:08:40 +00:00			`parted`
			`bloaty`
			`dhcpcd`
			`hdparm`
			`sdparm`
			`procps`
base: +unison 2024-06-05 21:15:46 +00:00			`unison`
base: +usbtop 2025-02-16 20:56:41 +00:00			`usbtop`
base: +vmtouch 2024-06-03 06:35:57 +00:00			`vmtouch`
arm64: skip perf tools doesn't build on the custome kernel 2024-03-07 11:08:40 +00:00			`vimv-rs`
			`sysstat`
			`ripgrep`
			`ethtool`
			`gettext`
base: +exiftool 2024-10-29 20:16:49 +00:00			`exiftool`
base: re-add bpftrace we use bcc anyway, which we want. 2024-07-31 06:10:23 +00:00			`bpftrace`
arm64: skip perf tools doesn't build on the custome kernel 2024-03-07 11:08:40 +00:00			`keyutils`
base: add libkcapi 2024-03-07 12:18:17 +00:00			`libkcapi`
arm64: skip perf tools doesn't build on the custome kernel 2024-03-07 11:08:40 +00:00			`usbutils`
			`pciutils`
			`bsdgames`
			`parallel`
			`yamllint`
			`binutils`
base: +dos2unix 2024-09-05 19:51:15 +00:00			`dos2unix`
base: +patchelf 2024-05-16 06:09:06 +00:00			`patchelf`
base: +ghostty terminfo 2025-01-26 15:34:58 +00:00			`compsize`
update base packages 2025-01-23 09:04:34 +00:00			`p7zip-rar`
arm64: skip perf tools doesn't build on the custome kernel 2024-03-07 11:08:40 +00:00			`hyperfine`
			`stress-ng`
			`dmidecode`
			`moreutils`
base: +sloccount 2024-12-30 20:39:50 +00:00			`sloccount`
arm64: skip perf tools doesn't build on the custome kernel 2024-03-07 11:08:40 +00:00			`cryptsetup`
			`lm_sensors`
inotify stuff 2024-05-10 20:02:01 +00:00			`inotify-info`
			`inotify-tools`
arm64: skip perf tools doesn't build on the custome kernel 2024-03-07 11:08:40 +00:00			`smartmontools`
			`unixtools.xxd`
			`bcachefs-tools`
base: +ghostty terminfo 2025-01-26 15:34:58 +00:00			`ghostty.terminfo`
sqlite -> sqlite-interactive 2024-06-30 21:14:25 +00:00			`sqlite-interactive`
arm64: skip perf tools doesn't build on the custome kernel 2024-03-07 11:08:40 +00:00
			`# networking`
			`wol`
			`dig`
			`nmap`
			`wget`
			`btop`
			`ngrep`
			`iftop`
			`whois`
			`ipset`
+shfmt -vbox 2024-04-12 11:57:56 +00:00			`shfmt`
arm64: skip perf tools doesn't build on the custome kernel 2024-03-07 11:08:40 +00:00			`iperf3`
			`jnettop`
			`openssl`
			`tcpdump`
			`testssl`
			`dnsutils`
jakstys.lt: http/3 2024-10-10 02:23:28 +00:00			`curlHTTP3`
arm64: skip perf tools doesn't build on the custome kernel 2024-03-07 11:08:40 +00:00			`bandwhich`
base: add bridge-utils 2024-05-14 13:52:32 +00:00			`bridge-utils`
arm64: skip perf tools doesn't build on the custome kernel 2024-03-07 11:08:40 +00:00			`speedtest-cli`
			`nix-output-monitor`

base cleanup 2025-01-23 09:12:24 +00:00			`config.boot.kernelPackages.perf`
bump gamja 2025-02-05 20:20:46 +00:00			`config.boot.kernelPackages.vm-tools`
base: +cpupower 2025-02-19 18:52:49 +00:00
			`# non-virtual`
			`powerstat`
bump gamja 2025-02-05 20:20:46 +00:00			`config.boot.kernelPackages.cpupower`
arm64: skip perf tools doesn't build on the custome kernel 2024-03-07 11:08:40 +00:00			`]`
update base packages 2025-01-23 09:04:34 +00:00			`(lib.mkIf (pkgs.stdenv.hostPlatform.system == "x86_64-linux") [ wrk2 ])`
arm64: skip perf tools doesn't build on the custome kernel 2024-03-07 11:08:40 +00:00			`];`
flakes 2023-04-14 11:12:45 +00:00			`};`

			`programs = {`
base: disable nano 2024-06-05 11:35:29 +00:00			`nano.enable = false;`
flakes 2023-04-14 11:12:45 +00:00			`mtr.enable = true;`
bcc -> perf-tools 2023-11-22 16:09:15 +00:00			`bcc.enable = true;`
vno1-rp3b 2023-08-15 04:09:11 +00:00
tmux 2023-08-18 20:45:13 +00:00			`tmux = {`
			`enable = true;`
			`keyMode = "vi";`
tmux: increase history limit 2023-10-09 06:42:11 +00:00			`historyLimit = 1000000;`
tmux 2023-08-18 20:45:13 +00:00			`};`

configure nvim system-wide 2023-08-18 20:33:56 +00:00			`neovim = {`
			`enable = true;`
			`vimAlias = true;`
			`defaultEditor = true;`
			`};`
flakes 2023-04-14 11:12:45 +00:00			`};`
enable sshguard and plocate 2023-07-26 11:10:22 +00:00
move logRefusedConnections to base 2023-08-24 20:49:21 +00:00			`networking.firewall.logRefusedConnections = false;`

dbus: more patches? 2025-02-20 08:56:56 +00:00			`systemd.services.dbus = {`
			`restartIfChanged = false;`
			`reloadIfChanged = lib.mkForce false;`
			`};`
dbus: avoid restart when changed 2025-02-20 07:53:08 +00:00
enable sshguard and plocate 2023-07-26 11:10:22 +00:00			`services = {`
enable iperf3 2023-10-24 11:30:48 +00:00			`iperf3.enable = true;`
replace `pkg.at` with `service.atd` 2024-10-21 10:12:42 +00:00			`atd.enable = true;`
enable iperf3 2023-10-24 11:30:48 +00:00
enable chrony 2023-08-24 14:14:57 +00:00			`chrony = {`
			`enable = true;`
nix fmt 2024-07-29 12:39:54 +00:00			`servers = [ "time.cloudflare.com" ];`
enable chrony 2023-08-24 14:14:57 +00:00			`};`

enable sshguard and plocate 2023-07-26 11:10:22 +00:00			`locate = {`
			`enable = true;`
23.11: get rid of most warnings 2023-11-27 15:54:44 +00:00			`package = pkgs.plocate;`
enable sshguard and plocate 2023-07-26 11:10:22 +00:00			`localuser = null;`
btrfs: ignore /home/.btrfs 2024-08-11 14:46:34 +00:00			`prunePaths = [ "/home/.btrfs" ];`
enable sshguard and plocate 2023-07-26 11:10:22 +00:00			`};`
			`};`
flakes 2023-04-14 11:12:45 +00:00			`};`
			`}`
No results found.