31 lines
948 B
Nix
31 lines
948 B
Nix
{ self, ... }: { config, lib, pkgs, ... }: {
|
|
imports = with self.nixosModules; [
|
|
mimalloc
|
|
];
|
|
|
|
boot.kernelParams = [ "panic=-1" ];
|
|
|
|
boot.initrd.network = {
|
|
enable = false;
|
|
ssh.enable = true;
|
|
ssh.authorizedKeys = lib.flatten (lib.mapAttrsToList (_: user: user.openssh.authorizedKeys.keys) (lib.filterAttrs (_: user: lib.any (group: group == "wheel") user.extraGroups) config.users.users));
|
|
};
|
|
|
|
hardware.graphics.enable = false;
|
|
|
|
security.lockKernelModules = true;
|
|
security.pam.sshAgentAuth.enable = true;
|
|
security.protectKernelImage = true;
|
|
services.openssh.enable = true;
|
|
services.openssh.openFirewall = true;
|
|
|
|
systemd.network.networks."97-ethernet-default-dhcp-static.network" = {
|
|
matchConfig.Type = "ether";
|
|
matchConfig.Name = "en*";
|
|
|
|
networkConfig.DHCP = "yes";
|
|
dhcpV4Config.UseDNS = false;
|
|
dhcpV6Config.UseDNS = false;
|
|
ipv6AcceptRAConfig.Token = lib.mkDefault "static:::1";
|
|
};
|
|
}
|