summaryrefslogtreecommitdiff
path: root/Biz/OsBase.nix
diff options
context:
space:
mode:
Diffstat (limited to 'Biz/OsBase.nix')
-rw-r--r--Biz/OsBase.nix24
1 files changed, 24 insertions, 0 deletions
diff --git a/Biz/OsBase.nix b/Biz/OsBase.nix
new file mode 100644
index 0000000..0ba3fca
--- /dev/null
+++ b/Biz/OsBase.nix
@@ -0,0 +1,24 @@
+{...}:
+{
+ boot.cleanTmpDir = true;
+ networking.firewall.allowPing = true;
+ nix.binaryCaches = [ "https://cache.nixos.org" ];
+ nix.gc.automatic = true;
+ nix.gc.dates = "Sunday 02:15";
+ nix.optimise.automatic = true;
+ nix.optimise.dates = [ "Sunday 02:30" ];
+ #nixpkgs.overlays = overlays;
+ programs.mosh.enable = true;
+ programs.mosh.withUtempter = true;
+ security.acme.email = "ben@bsima.me";
+ security.acme.acceptTerms = true;
+ security.sudo.wheelNeedsPassword = false;
+ services.clamav.daemon.enable = true; # security
+ services.clamav.updater.enable = true; # security
+ services.fail2ban.enable = true; # security
+ services.openssh.enable = true;
+ services.openssh.openFirewall = true;
+ services.openssh.forwardX11 = true;
+ services.openssh.passwordAuthentication = false;
+ system.autoUpgrade.enable = false; # 'true' breaks our nixpkgs pin
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-01 07:18:18 +0000