50 lines
1.3 KiB
Nix
50 lines
1.3 KiB
Nix
{
|
|
config,
|
|
pkgs,
|
|
modulesPath,
|
|
lib,
|
|
factsGenerator,
|
|
...
|
|
}:
|
|
|
|
{
|
|
system.stateVersion = "23.11";
|
|
|
|
imports = [
|
|
./disko-config.nix
|
|
./hardware-configuration.nix
|
|
./hetzner.nix
|
|
];
|
|
|
|
services.smartd.enable = true;
|
|
|
|
# root password
|
|
clan.core.facts.services.rootPassword = factsGenerator.password { name = "root"; };
|
|
users.users.root.hashedPasswordFile =
|
|
config.clan.core.facts.services.rootPassword.secret."password.root.pam".path;
|
|
|
|
# todo : use component for that
|
|
services.openssh.settings.PermitRootLogin = "prohibit-password";
|
|
services.openssh.settings.PasswordAuthentication = false;
|
|
|
|
boot.tmp.useTmpfs = true; # make /tmp a tmpfs (performance!)
|
|
|
|
boot.supportedFilesystems = [ "zfs" ];
|
|
clan.core.facts.services.zfs = factsGenerator.zfs { };
|
|
networking.hostId = config.clan.core.facts.services.zfs.public."zfs.hostId".value;
|
|
|
|
services.zfs = {
|
|
autoSnapshot.enable = true;
|
|
autoScrub.enable = true;
|
|
};
|
|
|
|
# Because of https://github.com/NixOS/nixpkgs/issues/361006#issuecomment-2598059564
|
|
# The default max inotify watches is 8192.
|
|
# Nowadays most apps require a good number of inotify watches,
|
|
# the value below is used by default on several other distros.
|
|
boot.kernel.sysctl = {
|
|
"fs.inotify.max_user_instances" = lib.mkDefault 524288;
|
|
"fs.inotify.max_user_watches" = lib.mkDefault 524288;
|
|
};
|
|
|
|
}
|