idiosyn/nixos/module/headless.nix

31 lines
977 B
Nix
Raw Normal View History

2024-08-18 13:47:18 +02:00
{ self, ... }: { config, lib, pkgs, ... }: {
imports = with self.nixosModules; [
mimalloc
];
boot.kernelParams = [ "panic=-1" ];
boot.initrd.network = {
enable = false;
ssh.enable = true;
ssh.authorizedKeys = lib.flatten (lib.mapAttrsToList (_: user: user.openssh.authorizedKeys.keys) (lib.filterAttrs (_: user: lib.any (group: group == "wheel") user.extraGroups) config.users.users));
};
hardware.graphics.enable = false;
security.lockKernelModules = lib.mkIf (config.boot.kernelPackages.kernel.config.isEnabled "MODULES") true;
2024-08-18 13:47:18 +02:00
security.protectKernelImage = true;
services.openssh.enable = true;
services.openssh.openFirewall = true;
systemd.network.networks."97-ethernet-default-dhcp-static.network" = {
matchConfig.Type = "ether";
matchConfig.Name = "en*";
networkConfig.DHCP = "yes";
dhcpV4Config.UseDNS = false;
dhcpV6Config.UseDNS = false;
ipv6AcceptRAConfig.Token = lib.mkDefault "static:::1";
};
}