diff options
Diffstat (limited to 'sys/preset/dmz.nix')
| -rw-r--r-- | sys/preset/dmz.nix | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/sys/preset/dmz.nix b/sys/preset/dmz.nix new file mode 100644 index 0000000..16b125f --- /dev/null +++ b/sys/preset/dmz.nix @@ -0,0 +1,47 @@ +{ config, lib, pkgs, ... }: +with lib; let + cfg = config.local.preset.dmz; +in +{ + options.local.preset.dmz = { + enable = mkEnableOption "dmz preset"; + + container = mkOption { + type = types.bool; + default = false; + }; + }; + + config = lib.mkIf cfg.enable { + local = { + boot = { + enable = mkDefault true; + + kernel = mkDefault pkgs.linuxPackages_hardened; + loader = mkDefault "grub"; + + efi.enable = mkDefault (!cfg.container); + firmware.mode = mkDefault "none"; + namespaced.enable = cfg.container; + + stack.luksExt4FscryptImpermanence = { + enable = mkDefault (!cfg.container); + }; + }; + + mta.enable = mkDefault true; + + net = { + enable = true; + hostname = "dmz"; + }; + + web.enable = true; + }; + + users = { + allowNoPasswordLogin = cfg.container; + mutableUsers = false; + }; + }; +} |