46 lines
1.0 KiB
Nix
46 lines
1.0 KiB
Nix
{
|
|
lib,
|
|
pkgs,
|
|
...
|
|
}: {
|
|
boot.tmp.cleanOnBoot = lib.mkDefault true;
|
|
|
|
console.font = "${pkgs.spleen}/share/consolefonts/spleen-16x32.psfu";
|
|
|
|
environment = {
|
|
ldso32 = null;
|
|
memoryAllocator.provider = "mimalloc";
|
|
variables = {
|
|
LESS = "-R --mouse";
|
|
};
|
|
};
|
|
|
|
networking.networkmanager.enable = true;
|
|
|
|
services.openssh = {
|
|
settings.X11Forwarding = false;
|
|
settings.KbdInteractiveAuthentication = false;
|
|
settings.PasswordAuthentication = false;
|
|
settings.UseDns = false;
|
|
# unbind gnupg sockets if they exists
|
|
settings.StreamLocalBindUnlink = true;
|
|
|
|
# Use key exchange algorithms recommended by `nixpkgs#ssh-audit`
|
|
settings.KexAlgorithms = [
|
|
"curve25519-sha256"
|
|
"curve25519-sha256@libssh.org"
|
|
"diffie-hellman-group16-sha512"
|
|
"diffie-hellman-group18-sha512"
|
|
"sntrup761x25519-sha512@openssh.com"
|
|
];
|
|
};
|
|
|
|
services.journald.extraConfig = ''
|
|
SystemMaxUse=1G
|
|
'';
|
|
systemd.coredump.extraConfig = ''
|
|
Storage=none
|
|
ProcessSizeMax=0
|
|
'';
|
|
}
|