Configuration for my NixOS based systems and Home Manager
ngp.computer
1{ enableNFTables, lib, ... }:
2{
3
4 # Some programs need SUID wrappers, can be configured further or are
5 # started in user sessions.
6 programs.mtr.enable = true;
7
8 # Fish shell, the best
9 programs.fish.enable = true;
10
11 # Tailscale
12 services.tailscale = {
13 enable = true;
14 openFirewall = true;
15 };
16 # Don't wait for networks on boot, should speed up boot
17 systemd.network.wait-online.enable = false;
18 boot.initrd.systemd.network.wait-online.enable = false;
19 networking.firewall.trustedInterfaces = [ "tailscale0" ];
20
21 # Enable the OpenSSH daemon.
22 services.openssh = {
23 enable = true;
24 openFirewall = true;
25 settings.PasswordAuthentication = false;
26 };
27
28 # MOSH, SSH over flakey connections
29 programs.mosh.enable = true;
30}
31// lib.optionalAttrs enableNFTables {
32 # Use nftables
33 networking.nftables.enable = true;
34 # Support native nftables in tailscale
35 systemd.services.tailscaled.serviceConfig.Environment = [
36 "TS_DEBUG_FIREWALL_MODE=nftables"
37 ];
38}