{ config, lib, pkgs, modulesPath, ... }: { imports = [ (modulesPath + "/profiles/image-based-appliance.nix") (modulesPath + "/profiles/perlless.nix") (modulesPath + "/profiles/qemu-guest.nix") ]; # system.forbiddenDependenciesRegexes = lib.mkForce [ ]; nixpkgs.flake.setNixPath = false; nixpkgs.flake.setFlakeRegistry = false; boot.enableContainers = false; boot.kernelModules = [ "zram" "usb_storage" "uas" "sd_mod" "r8169" "ehci-hcd" "ehci-pci" "xhci-hcd" "xhci-pci" "xhci-pci-renesas" "nvme" "virtio_net" ]; system.etc.overlay.mutable = lib.mkDefault false; systemd.watchdog = lib.mkDefault { runtimeTime = "10s"; rebootTime = "30s"; }; zramSwap.enable = true; # FIXME: fstrim should only be enabled for virtual machine images? services.fstrim.enable = true; services.openssh.settings.PasswordAuthentication = lib.mkDefault false; users.allowNoPasswordLogin = true; security.sudo.enable = lib.mkDefault false; security.polkit = { enable = true; extraConfig = '' polkit.addRule(function(action, subject) { if (subject.isInGroup("wheel")) { return polkit.Result.YES; } }); ''; }; i18n.supportedLocales = [ "en_US.UTF-8/UTF-8" ]; # Console # FIXME: Add option for toggle # console.enable = false; # systemd.services."getty@tty1".enable = lib.mkDefault false; # systemd.services."autovt@".enable = lib.mkDefault false; systemd.enableEmergencyMode = false; boot.consoleLogLevel = lib.mkDefault 1; boot.kernelParams = [ # "quiet" "panic=1" "boot.panic_on_fail" "nomodeset" "console=tty1" "console=ttyS0,38400" "systemd.log_level=info" "systemd.log_target=console" "systemd.journald.forward_to_console" ]; # This is vi country programs.nano.enable = false; programs.vim.enable = true; programs.vim.defaultEditor = lib.mkDefault true; # Temporary file boot.tmp.useTmpfs = true; # Logging services.journald = { storage = "volatile"; extraConfig = '' SystemMaxUse=10M ''; }; }