{ pkgs, config, ... }: let ports = import ./Cloud/Ports.nix; in { boot.tmp.cleanOnBoot = true; fonts.fonts = with pkgs; [ google-fonts mononoki source-code-pro fantasque-sans-mono hack-font fira fira-code fira-code-symbols ]; networking.firewall.allowPing = true; nix.settings.substituters = [ "https://cache.nixos.org" ]; # "ssh://dev.simatime.com" ]; nix.gc.automatic = true; nix.gc.dates = "Sunday 02:15"; nix.optimise.automatic = true; nix.optimise.dates = [ "Sunday 02:30" ]; nix.settings.extra-sandbox-paths = [ config.programs.ccache.cacheDir ]; programs.ccache.enable = true; programs.mosh.enable = true; programs.mosh.withUtempter = true; security.acme.defaults.email = "ben@bsima.me"; security.acme.acceptTerms = true; security.sudo.wheelNeedsPassword = false; services.clamav.daemon.enable = true; # security services.clamav.updater.enable = true; # security services.fail2ban.enable = true; # security services.fail2ban.ignoreIP = [ ports.bensIp ]; # my home IP services.openssh.enable = true; services.openssh.openFirewall = true; services.openssh.settings.X11Forwarding = true; services.openssh.settings.PasswordAuthentication = false; services.openssh.settings.PermitRootLogin = "prohibit-password"; system.autoUpgrade.enable = false; # 'true' breaks our nixpkgs pin zramSwap.enable = true; }