-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcommon.nix
53 lines (50 loc) · 1.56 KB
/
common.nix
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
{ pkgs, lib, ... }:
let
keys = lib.splitString "\n" (
builtins.readFile (builtins.fetchurl "https://github.com/greaka.keys")
);
in
{
imports = [
(
let
module = fetchTarball {
name = "source";
url = "https://git.lix.systems/lix-project/nixos-module/archive/2.92.0.tar.gz";
sha256 = "sha256:1gzrpdv2p74is4mjmi4kkmm4ycf74mpsm6ppmxwk9laz39qfphk0";
};
lixSrc = fetchTarball {
name = "source";
url = "https://git.lix.systems/lix-project/lix/archive/2.92.0.tar.gz";
sha256 = "sha256-CCKIAE84dzkrnlxJCKFyffAxP3yfsOAbdvydUGqq24g=";
};
in
# This is the core of the code you need; it is an exercise to the
# reader to write the sources in a nicer way, or by using npins or
# similar pinning tools.
import "${module}/module.nix" { lix = lixSrc; }
)
];
nixpkgs.config.allowUnfree = true;
boot.kernelPackages = pkgs.linuxPackages_latest;
#system.autoUpgrade.enable = true;
networking.firewall.logRefusedConnections = false;
services.openssh = {
enable = true;
settings.PasswordAuthentication = false;
ports = [ 32 ];
};
users.users.root.openssh.authorizedKeys.keys = keys;
# slim down the image
system.disableInstallerTools = true;
environment.defaultPackages = [ ];
boot.enableContainers = lib.mkDefault false;
boot.kernel.sysctl."fs.file-max" = 500000;
documentation.enable = false;
# nix.autoOptimiseStore = true;
nix.gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 30d";
};
}