chore: cleanup config and bring settings over from earlier

2024-11-15 21:09:57 +01:00 · 2024-11-15 21:09:57 +01:00 · e585707491
commit e585707491
parent 33f7afd87d
5 changed files with 78 additions and 50 deletions
--- a/modules/profiles/base.nix
+++ b/modules/profiles/base.nix
@ -16,8 +16,7 @@

  nixpkgs.flake.setNixPath = false;
  nixpkgs.flake.setFlakeRegistry = false;
-
-  networking.hostName = "patos";
+  boot.enableContainers = false;

  boot.kernelModules = [
    "zram"
@ -35,8 +34,6 @@
  ];

  system.etc.overlay.mutable = lib.mkDefault false;
-  users.mutableUsers = lib.mkDefault false;
-

  systemd.watchdog = lib.mkDefault {
    runtimeTime = "10s";
@ -45,6 +42,10 @@

  zramSwap.enable = true;

+  # FIXME: fstrim should only be enabled for virtual machine images?
+  services.fstrim.enable = true;
+
+
  services.openssh.settings.PasswordAuthentication = lib.mkDefault false;

  users.allowNoPasswordLogin = true;
@ -52,7 +53,7 @@

  security.polkit = {
    enable = true;
-    extraConfig =''
+    extraConfig = ''
      polkit.addRule(function(action, subject) {
        if (subject.isInGroup("wheel")) {
          return polkit.Result.YES;
@ -63,17 +64,24 @@

  i18n.supportedLocales = [ "en_US.UTF-8/UTF-8" ];

-  systemd.enableEmergencyMode = false;
-  console.enable = false;
-  systemd.services."getty@tty1".enable = lib.mkDefault false;
-  systemd.services."autovt@".enable = lib.mkDefault false;
+  # Console
+  # FIXME: Add option for toggle
+  # console.enable = false;
+  # systemd.services."getty@tty1".enable = lib.mkDefault false;
+  # systemd.services."autovt@".enable = lib.mkDefault false;

-  boot.tmp.useTmpfs = true;
+  systemd.enableEmergencyMode = false;
  boot.consoleLogLevel = lib.mkDefault 1;
  boot.kernelParams = [
+    # "quiet"
    "panic=1"
    "boot.panic_on_fail"
    "nomodeset"
+    "console=tty1"
+    "console=ttyS0,38400"
+    "systemd.log_level=info"
+    "systemd.log_target=console"
+    "systemd.journald.forward_to_console"
  ];

  # This is vi country
@ -81,6 +89,15 @@
  programs.vim.enable = true;
  programs.vim.defaultEditor = lib.mkDefault true;

+  # Temporary file
+  boot.tmp.useTmpfs = true;
+
  # Logging
-  services.journald.storage = "volatile";
+  services.journald = {
+    storage = "volatile";
+    extraConfig = ''
+      SystemMaxUse=10M
+    '';
+  };
+
 }
--- a/modules/profiles/network.nix
+++ b/modules/profiles/network.nix
@ -1,23 +1,32 @@
 { lib, ... }:
 {
-  # Use TCP BBR
+  # Use networkd
+  networking.useNetworkd = true;
+  systemd.network.wait-online.enable = true;
+
+  # Firewall
+  networking.firewall.enable = false;
+  networking.nftables.enable = lib.mkDefault true;
+
+  # DNS
+  services.resolved = {
+    fallbackDns = [ ]; # Disable fallback DNS. DNS will fail if resolvers are unconfigured
+    extraConfig = ''
+      DNSStubListener=no
+    '';
+
+  };
+
+  # Configuration
+  networking.hostName = "";
+
+  # Kernel
  boot.kernel.sysctl = {
    "net.core.default_qdisc" = "fq";
    "net.ipv4.tcp_congestion_control" = "bbr";
  };

-  services.resolved.extraConfig = ''
-    DNSStubListener=no
-  '';
-
-  networking.firewall.enable = false;
-
-  networking.nftables.enable = lib.mkDefault true;
-
-  networking.useNetworkd = true;
-  systemd.network.wait-online.enable = true;
-
-  # Explicitly load networking modules
+  # Modules
  boot.kernelModules = [
    "ip_tables"
    "x_tables"