summaryrefslogtreecommitdiff
path: root/modules/profiles/headless.nix
diff options
context:
space:
mode:
Diffstat (limited to 'modules/profiles/headless.nix')
-rw-r--r--modules/profiles/headless.nix61
1 files changed, 61 insertions, 0 deletions
diff --git a/modules/profiles/headless.nix b/modules/profiles/headless.nix
new file mode 100644
index 0000000..7733f3e
--- /dev/null
+++ b/modules/profiles/headless.nix
@@ -0,0 +1,61 @@
+{
+ config,
+ lib,
+ pkgs,
+ this,
+ ...
+}:
+with lib;
+let
+ cfg = config.nixfiles.modules.profiles.headless;
+in
+{
+ options.nixfiles.modules.profiles.headless.enable = mkEnableOption "headless profile" // {
+ default = this.isHeadless;
+ };
+
+ config = mkIf cfg.enable {
+ nixfiles.modules = {
+ openssh.server.enable = true;
+ endlessh-go.enable = true;
+
+ fail2ban.enable = true;
+
+ node-exporter.enable = true;
+ promtail.enable = false; # FIXME High RAM usage.
+ };
+
+ hm.home.file = {
+ ".hushlogin".text = "";
+ ".bash_history".source = config.hm.lib.file.mkOutOfStoreSymlink "/dev/null";
+ };
+
+ # Pin version to prevent any surprises. Try keeping this up-to-date[1] with
+ # the latest LTS release + hardened patches (just in case).
+ #
+ # [1]: https://kernel.org
+ boot.kernelPackages = pkgs.linuxPackages_6_6_hardened;
+
+ nix = {
+ gc = {
+ automatic = true;
+ dates = "weekly";
+ options = "--delete-older-than 30d";
+ };
+
+ optimise = {
+ automatic = true;
+ dates = [ "daily" ];
+ };
+ };
+
+ environment.systemPackages = with pkgs; [
+ alacritty.terminfo
+ foot.terminfo
+ ];
+
+ services.udisks2.enable = false;
+
+ xdg.sounds.enable = false;
+ };
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-20 00:44:33 +0000