summaryrefslogtreecommitdiffstats
path: root/makefu/1systems/iso/target-config.nix
diff options
context:
space:
mode:
authorJeschli <jeschli@gmail.com>2019-12-20 08:56:54 +0100
committerJeschli <jeschli@gmail.com>2019-12-20 08:56:54 +0100
commitea5522e2e048cbdac5184803040e314f84472f4f (patch)
tree52cd5a95d9a3d3c276b485f970b0d1cebf2d26ec /makefu/1systems/iso/target-config.nix
parent555e4f0825da1b06be97e1d487c800145c51c9f6 (diff)
parente2a43e1e30b635b85a79bedb3d40cd8a888a1d49 (diff)
Merge branch 'master' of https://cgit.lassul.us/stockholm
Diffstat (limited to 'makefu/1systems/iso/target-config.nix')
-rw-r--r--makefu/1systems/iso/target-config.nix40
1 files changed, 40 insertions, 0 deletions
diff --git a/makefu/1systems/iso/target-config.nix b/makefu/1systems/iso/target-config.nix
new file mode 100644
index 000000000..ba4e3207b
--- /dev/null
+++ b/makefu/1systems/iso/target-config.nix
@@ -0,0 +1,40 @@
+{ ... }:
+
+{
+ imports = [ ./hardware-configuration.nix ./generated.nix ];
+ boot.loader.grub.enable = true;
+ boot.loader.grub.version = 2;
+ boot.zfs.devNodes = "/dev"; # fixes some virtualmachine issues
+ boot.zfs.forceImportRoot = false;
+ boot.zfs.forceImportAll = false;
+ boot.kernelParams = [
+ "boot.shell_on_fail"
+ "panic=30" "boot.panic_on_fail" # reboot the machine upon fatal boot issues
+ ];
+ users.users.root.openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl3RTOHd5DLiVeUbUr/GSiKoRWknXQnbkIf+uNiFO+XxiqZVojPlumQUVhasY8UzDzj9tSDruUKXpjut50FhIO5UFAgsBeMJyoZbgY/+R+QKU00Q19+IiUtxeFol/9dCO+F4o937MC0OpAC10LbOXN/9SYIXueYk3pJxIycXwUqhYmyEqtDdVh9Rx32LBVqlBoXRHpNGPLiswV2qNe0b5p919IGcslzf1XoUzfE3a3yjk/XbWh/59xnl4V7Oe7+iQheFxOT6rFA30WYwEygs5As//ZYtxvnn0gA02gOnXJsNjOW9irlxOUeP7IOU6Ye3WRKFRR0+7PS+w8IJLag2xb" ];
+ boot.tmpOnTmpfs = true;
+ programs.bash.enableCompletion = true;
+ services.journald.extraConfig = ''
+ SystemMaxUse=1G
+ RuntimeMaxUse=128M
+ '';
+
+ # minimal
+ programs.command-not-found.enable = false;
+ time.timeZone = "Europe/Berlin";
+ programs.ssh.startAgent = false;
+ nix.useSandbox = true;
+ users.mutableUsers = false;
+ networking.firewall.rejectPackets = true;
+ networking.firewall.allowPing = true;
+ services.openssh.enable = true;
+ i18n = {
+ consoleKeyMap = "us";
+ defaultLocale = "en_US.UTF-8";
+ };
+ boot.kernel.sysctl = {
+ "net.ipv6.conf.all.use_tempaddr" = 2;
+ "net.ipv6.conf.default.use_tempaddr" = 2;
+ };
+ services.nscd.enable = false;
+}