{ config, pkgs, lib, ... }: let sshPubkeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE+X4vceRi79FLwwyzFzxNvaQlolQFrpYn0N4bgdLLaI root@hardlyworking" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFyGaBZIZYjiBhOFD2drvG316B9NUVSbMpTIhOCQur8P arch" ]; in { users.users = { root.openssh.authorizedKeys.keys = sshPubkeys; mc-fucker = { isNormalUser = true; openssh.authorizedKeys.keys = sshPubkeys; hashedPassword = "$6$VlNqS5D2uxmzs$AXEEg63iQ5bMQDtU9.Cy4cd/UfQCHk9QNo2RuQmucNz6Y4Z2l0qM5lvr6KFcEdJi6vO7mYd761LrVrQ8J7nPw1"; extraGroups = [ "wheel" ]; }; }; time.timeZone = "Europe/Berlin"; i18n = { defaultLocale = "en_GB.UTF-8"; extraLocaleSettings = { LC_TIME = "de_DE.UTF-8"; }; }; zramSwap = { enable = true; memoryPercent = 200; algorithm = "lzo-rle"; }; programs = { zsh = import ./zsh.nix; atop = { enable = true; netatop.enable = true; }; vim.defaultEditor = true; }; systemd.services.atop.environment = { LOGINTERVAL = "60"; LOGGENERATIONS = "14"; }; services.logrotate = { enable = true; }; users.defaultUserShell = pkgs.zsh; security.sudo.wheelNeedsPassword = false; system.autoUpgrade = { enable = true; allowReboot = lib.mkDefault true; dates = "04:00"; randomizedDelaySec = "30min"; }; services = { openssh = { enable = true; passwordAuthentication = false; extraConfig = "ClientAliveInterval 60"; }; tailscale.enable = true; }; networking.firewall = { trustedInterfaces = [ "tailscale0" ]; allowedUDPPorts = [ config.services.tailscale.port ]; }; boot.loader.timeout = 1; environment.systemPackages = with pkgs; [ wget htop git screen rxvt-unicode-unwrapped.terminfo nmap dig rclone pv exa (import ./vim.nix) ]; nix.gc = { automatic = true; options = "--delete-older-than 2d"; }; boot.cleanTmpDir = true; imports = [ ./zabbix-agent.nix ]; } # vim: set et ts=2 sw=2 ai: