36 lines
940 B
Nix
36 lines
940 B
Nix
{ pkgs, config, ... }:
|
|
{
|
|
# boot, networking, locale, stateVersion
|
|
boot.loader.systemd-boot.enable = true;
|
|
boot.loader.efi.canTouchEfiVariables = true;
|
|
boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
|
|
fileSystems."/boot".options = [ "umask=0077" ];
|
|
|
|
nix.settings.experimental-features = [ "nix-command" "flakes" ];
|
|
|
|
networking = {
|
|
firewall.enable = false;
|
|
firewall.trustedInterfaces = [
|
|
"tailscale0"
|
|
];
|
|
nameservers = [ "192.168.4.3" "1.1.1.1" ];
|
|
useDHCP = true;
|
|
firewall.allowedTCPPorts = [22 80 443 2456 2457 9000 9001 9002];
|
|
};
|
|
|
|
services.resolved = {
|
|
enable = true;
|
|
dnssec = "true";
|
|
domains = [ "~." ];
|
|
fallbackDns = [ "192.168.4.3" "1.0.0.1#one.one.one.one" ];
|
|
dnsovertls = "true";
|
|
};
|
|
|
|
environment.variables.EDITOR = "vim";
|
|
|
|
time.timeZone = "America/New_York";
|
|
i18n.defaultLocale = "en_US.UTF-8";
|
|
|
|
system.stateVersion = "24.11";
|
|
}
|
|
|