{ pkgs, lib, config, nom, ... }: { imports = [ ./expose-vmvariant.nix ./extra-substituters.nix ]; boot = { initrd.systemd.enable = true; kernelParams = [ "memory_hotplug.memmap_on_memory=1" "memhp_default_state=online" "net.core.default_qdisc=fq" "net.ipv4.tcp_congestion_control=bbr" "mitigations=off" "audit=0" "consoleblank=0" "kmemcheck=0" "no_console_suspend" "kernel.core_pattern=/dev/null" "init_on_alloc=0" "kernel.sysrq=1" "kernel.dmesg_restrict=0" "net.ipv4.ip_forward=1" "vm.swappiness=10" "net.core.netdev_max_backlog=16384" "net.core.somaxconn=8192" "net.core.rmem_default=1048576" "net.core.rmem_max=16777216" "net.core.wmem_default=1048576" "net.core.wmem_max=16777216" "net.core.optmem_max=65536" #"net.ipv4.tcp_rmem=4096 1048576 2097152" #"net.ipv4.tcp_wmem=4096 65536 16777216" "net.ipv4.udp_rmem_min=4096" "net.ipv4.udp_wmem_min=4096" "net.ipv4.tcp_fastopen=3" "net.ipv4.tcp_mtu_probing=1" "net.ipv4.tcp_keepalive_time=30" "net.ipv4.tcp_keepalive_intvl=15" "net.ipv4.tcp_keepalive_probes=4" "net.ipv4.tcp_timestamps=0" ]; kernelPackages = lib.mkDefault pkgs.linuxPackages_latest; loader = { grub = { enable = lib.mkDefault true; }; timeout = 1; }; }; networking = { hostName = lib.mkDefault "Rory-nix-base"; firewall = { enable = false; }; nameservers = lib.mkDefault [ "1.1.1.1" "1.0.0.1" "8.8.8.8" "8.4.4.8" ]; }; environment.etc."resolv.conf" = lib.mkDefault { text = lib.concatStringsSep "\n" ( lib.optionals (config.networking ? nameservers) (map (nameserver: "nameserver ${nameserver}") (config.networking.nameservers)) #++ lib.optionals (config.networking ? enableIPv6 && !config.networking.enableIPv6) [ "options no-aaaa" ] ++ lib.optionals (config.networking ? enableIPv6 && config.networking.enableIPv6) [ "options single-request" "options single-request-reopen" "options inet6" ] ); }; i18n.defaultLocale = "en_US.UTF-8"; services = { openssh = { enable = true; settings.PermitRootLogin = "yes"; #allow more logins in cases where i have many ssh keys on a system extraConfig = '' MaxAuthTries 32 ''; }; resolved = { enable = lib.mkForce false; dnssec = lib.mkForce "false"; dnsovertls = lib.mkForce "false"; }; }; systemd = { sleep.extraConfig = '' AllowSuspend=no AllowHibernation=no ''; }; environment.systemPackages = with pkgs; [ nom.packages.${system}.default ]; systemd.coredump.extraConfig = lib.mkDefault '' Storage=none ''; nix = { settings = { experimental-features = [ "nix-command" "flakes" ]; auto-optimise-store = true; trusted-users = [ "@wheel" "root" ]; }; }; nixpkgs = { config.allowUnfree = true; }; security = { polkit.enable = true; sudo.wheelNeedsPassword = false; }; virtualisation.vmVariant = { services.getty.autologinUser = "root"; virtualisation = { memorySize = 8192; cores = 6; msize = 1 * 1024 * 1024; }; services.xserver.videoDrivers = [ "qxl" ]; services.spice-vdagentd.enable = true; virtualisation.qemu.guestAgent.enable = true; services.qemuGuest.enable = true; virtualisation.qemu.options = [ "-vga qxl -device virtio-serial-pci -spice port=5930,disable-ticketing=on -device virtserialport,chardev=spicechannel0,name=com.redhat.spice.0 -chardev spicevmc,id=spicechannel0,name=vdagent" "-display gtk,zoom-to-fit=off,show-cursor=on" "-device virtio-balloon" ]; virtualisation.forwardPorts = [ # { hostPort = 2222; guestPort = 22; } # Probably shouldn't do this with root:root lol { from = "host"; host.port = 8080; guest.port = 80; } ]; networking.useDHCP = lib.mkOverride 51 true; }; }