From 890e44ebcc11c48f7347aa60748a84c48261aa5e Mon Sep 17 00:00:00 2001
From: Ben Sima <ben@bsima.me>
Date: Thu, 12 Nov 2020 17:13:39 -0800
Subject: Get Biz.Dev setup again

Also correctly renamed the files (didn't work the first time thanks to
the macOS filesystem) and moved the default build.os settings to a
OsBase.nix file to be used via imports.
---
 Biz/OsBase.nix | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 Biz/OsBase.nix

(limited to 'Biz/OsBase.nix')

diff --git a/Biz/OsBase.nix b/Biz/OsBase.nix
new file mode 100644
index 0000000..0ba3fca
--- /dev/null
+++ b/Biz/OsBase.nix
@@ -0,0 +1,24 @@
+{...}:
+{
+  boot.cleanTmpDir = true;
+  networking.firewall.allowPing = true;
+  nix.binaryCaches = [ "https://cache.nixos.org" ];
+  nix.gc.automatic = true;
+  nix.gc.dates = "Sunday 02:15";
+  nix.optimise.automatic = true;
+  nix.optimise.dates = [ "Sunday 02:30" ];
+  #nixpkgs.overlays = overlays;
+  programs.mosh.enable = true;
+  programs.mosh.withUtempter = true;
+  security.acme.email = "ben@bsima.me";
+  security.acme.acceptTerms = true;
+  security.sudo.wheelNeedsPassword = false;
+  services.clamav.daemon.enable = true; # security
+  services.clamav.updater.enable = true; # security
+  services.fail2ban.enable = true; # security
+  services.openssh.enable = true;
+  services.openssh.openFirewall = true;
+  services.openssh.forwardX11 = true;
+  services.openssh.passwordAuthentication = false;
+  system.autoUpgrade.enable = false; # 'true' breaks our nixpkgs pin
+}
-- 
cgit v1.2.3