1 files changed, 161 insertions, 0 deletions
diff --git a/modules/base.nix b/modules/base.nix
new file mode 100755
index 0000000..b7770c8
--- /dev/null
+++ b/modules/base.nix
@@ -0,0 +1,161 @@
+{
+ pkgs,
+ lib,
+ config,
+ nom,
+ ...
+}:
+
+{
+ imports = [
+ ./expose-vmvariant.nix
+ ./extra-substituters.nix
+ ];
+
+ boot = {
+ initrd.systemd.enable = true;
+ kernelParams = [
+ "memory_hotplug.memmap_on_memory=1"
+ "memhp_default_state=online"
+ "net.core.default_qdisc=fq"
+ "net.ipv4.tcp_congestion_control=bbr"
+ "mitigations=off"
+ "audit=0"
+ "consoleblank=0"
+ "kmemcheck=0"
+ "no_console_suspend"
+ "kernel.core_pattern=/dev/null"
+ "init_on_alloc=0"
+ "kernel.sysrq=1"
+ "kernel.dmesg_restrict=0"
+ "net.ipv4.ip_forward=1"
+ "vm.swappiness=10"
+ "net.core.netdev_max_backlog=16384"
+ "net.core.somaxconn=8192"
+ "net.core.rmem_default=1048576"
+ "net.core.rmem_max=16777216"
+ "net.core.wmem_default=1048576"
+ "net.core.wmem_max=16777216"
+ "net.core.optmem_max=65536"
+ #"net.ipv4.tcp_rmem=4096 1048576 2097152"
+ #"net.ipv4.tcp_wmem=4096 65536 16777216"
+ "net.ipv4.udp_rmem_min=4096"
+ "net.ipv4.udp_wmem_min=4096"
+ "net.ipv4.tcp_fastopen=3"
+ "net.ipv4.tcp_mtu_probing=1"
+ "net.ipv4.tcp_keepalive_time=30"
+ "net.ipv4.tcp_keepalive_intvl=15"
+ "net.ipv4.tcp_keepalive_probes=4"
+ "net.ipv4.tcp_timestamps=0"
+ ];
+ kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
+ loader = {
+ grub = {
+ enable = lib.mkDefault true;
+ };
+ timeout = 1;
+ };
+ };
+
+ networking = {
+ hostName = lib.mkDefault "Rory-nix-base";
+ firewall = {
+ enable = false;
+ };
+ nameservers = lib.mkDefault [
+ "1.1.1.1"
+ "1.0.0.1"
+ "8.8.8.8"
+ "8.4.4.8"
+ ];
+ };
+
+ environment.etc."resolv.conf" = lib.mkDefault {
+ text = lib.concatStringsSep "\n" (
+ lib.optionals (config.networking ? nameservers) (map (nameserver: "nameserver ${nameserver}") (config.networking.nameservers))
+ #++ lib.optionals (config.networking ? enableIPv6 && !config.networking.enableIPv6) [ "options no-aaaa" ]
+ ++ lib.optionals (config.networking ? enableIPv6 && config.networking.enableIPv6) [
+ "options single-request"
+ "options single-request-reopen"
+ "options inet6"
+ ]
+ );
+ };
+
+ i18n.defaultLocale = "en_US.UTF-8";
+
+ services = {
+ openssh = {
+ enable = true;
+ settings.PermitRootLogin = "yes";
+ #allow more logins in cases where i have many ssh keys on a system
+ extraConfig = ''
+ MaxAuthTries 32
+ '';
+ };
+ resolved = {
+ enable = lib.mkForce false;
+ dnssec = lib.mkForce "false";
+ dnsovertls = lib.mkForce "false";
+ };
+ };
+
+ systemd = {
+ sleep.extraConfig = ''
+ AllowSuspend=no
+ AllowHibernation=no
+ '';
+ };
+
+ environment.systemPackages = with pkgs; [
+ nom.packages.${system}.default
+ ];
+
+ systemd.coredump.extraConfig = lib.mkDefault ''
+ Storage=none
+ '';
+ nix = {
+ settings = {
+ experimental-features = [
+ "nix-command"
+ "flakes"
+ ];
+ auto-optimise-store = true;
+ trusted-users = [
+ "@wheel"
+ "root"
+ ];
+ };
+ };
+ nixpkgs = {
+ config.allowUnfree = true;
+ };
+ security = {
+ polkit.enable = true;
+ sudo.wheelNeedsPassword = false;
+ };
+ virtualisation.vmVariant = {
+ services.getty.autologinUser = "root";
+ virtualisation = {
+ memorySize = 8192;
+ cores = 6;
+ msize = 1 * 1024 * 1024;
+ };
+
+ services.xserver.videoDrivers = [ "qxl" ];
+ services.spice-vdagentd.enable = true;
+ virtualisation.qemu.guestAgent.enable = true;
+ services.qemuGuest.enable = true;
+ virtualisation.qemu.options = [
+ "-vga qxl -device virtio-serial-pci -spice port=5930,disable-ticketing=on -device virtserialport,chardev=spicechannel0,name=com.redhat.spice.0 -chardev spicevmc,id=spicechannel0,name=vdagent"
+ "-display gtk,zoom-to-fit=off,show-cursor=on"
+ "-device virtio-balloon"
+ ];
+ virtualisation.forwardPorts = [
+ # { hostPort = 2222; guestPort = 22; } # Probably shouldn't do this with root:root lol
+ { from = "host"; host.port = 8080; guest.port = 80; }
+ ];
+
+ networking.useDHCP = lib.mkOverride 51 true;
+ };
+}
|
