os/modules/core/default.nix

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

39 lines
795 B
Nix
Raw Permalink Normal View History

{
2022-11-20 22:28:23 +00:00
config,
lib,
...
}:
with lib; let
cfg = config.pub-solar.core;
2024-01-06 09:46:10 +00:00
psCfg = config.pub-solar;
2022-11-20 22:28:23 +00:00
in {
imports = [
./boot.nix
2022-08-14 18:09:38 +00:00
./hibernation.nix
./i18n.nix
./networking.nix
./packages.nix
];
2024-01-06 09:46:10 +00:00
# Service that makes Out of Memory Killer more effective
services.earlyoom.enable = true;
2024-01-06 09:46:10 +00:00
services.logind.lidSwitch = "hibernate";
2024-01-06 09:46:10 +00:00
services.tor.settings = {
UseBridges = true;
};
2024-01-06 09:46:10 +00:00
# The options below are directly taken from or inspired by
# https://xeiaso.net/blog/paranoid-nixos-2021-07-18
# Limit the use of sudo to the group wheel
security.sudo.execWheelOnly = true;
# Remove the complete default environment of packages like
# nano, perl and rsync
environment.defaultPackages = lib.mkForce [];
# fileSystems."/".options = [ "noexec" ];
}