chn/nixos
1
0
Fork 0
mirror of https://github.com/CHN-beta/nixos.git synced 2024-10-23 05:18:44 +08:00
Code Issues Packages Projects Releases Wiki Activity

整理 systemd.security

Browse Source
This commit is contained in:
陈浩南 2023-09-02 21:39:01 +08:00
parent 438d1181ff
commit 289ed2fb27
2 changed files with 34 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
modules/system/default.nix
View File

@ -11,6 +11,7 @@ inputs:
./gui.nix
./nixpkgs.nix
./networking.nix
./systemd.nix
];
config =
let
@ -30,7 +31,6 @@ inputs:
ACTION=="add|change", KERNEL=="nvme[0-9]n[0-9]", ATTR{queue/rotational}=="0", ATTR{queue/scheduler}="bfq"
'';
dbus.implementation = "broker";
journald.extraConfig = "MaxRetentionSec=7d";
};
time.timeZone = "Asia/Shanghai";
boot =
@ -47,36 +47,21 @@ inputs:
consoleLogLevel = 7;
};
hardware.enableAllFirmware = true;
systemd =
environment.sessionVariables = rec
{
extraConfig =
''
DefaultTimeoutStopSec=10s
DefaultLimitNOFILE=1048576:1048576
'';
user.extraConfig = "DefaultTimeoutStopSec=10s";
services.systemd-tmpfiles-setup = { environment = { SYSTEMD_TMPFILES_FORCE_SUBVOL = "0"; }; };
timers.systemd-tmpfiles-clean.enable = false;
coredump.enable = false;
};
environment =
{
sessionVariables = rec
{
XDG_CACHE_HOME = "$HOME/.cache";
XDG_CONFIG_HOME = "$HOME/.config";
XDG_DATA_HOME = "$HOME/.local/share";
XDG_STATE_HOME = "$HOME/.local/state";
# ANDROID_HOME = "${XDG_DATA_HOME}/android";
HISTFILE= "${XDG_STATE_HOME}/bash/history";
CUDA_CACHE_PATH = "${XDG_CACHE_HOME}/nv";
DOCKER_CONFIG = "${XDG_CONFIG_HOME}/docker";
GNUPGHOME = "${XDG_DATA_HOME}/gnupg";
GTK2_RC_FILES = "${XDG_CONFIG_HOME}/gtk-2.0/gtkrc";
XCOMPOSECACHE = "${XDG_CACHE_HOME}/X11/xcompose";
MATHEMATICA_USERBASE = "${XDG_CONFIG_HOME}/mathematica";
_JAVA_OPTIONS = "-Djava.util.prefs.userRoot=${XDG_CONFIG_HOME}/java";
};
XDG_CACHE_HOME = "$HOME/.cache";
XDG_CONFIG_HOME = "$HOME/.config";
XDG_DATA_HOME = "$HOME/.local/share";
XDG_STATE_HOME = "$HOME/.local/state";
# ANDROID_HOME = "${XDG_DATA_HOME}/android";
HISTFILE= "${XDG_STATE_HOME}/bash/history";
CUDA_CACHE_PATH = "${XDG_CACHE_HOME}/nv";
DOCKER_CONFIG = "${XDG_CONFIG_HOME}/docker";
GNUPGHOME = "${XDG_DATA_HOME}/gnupg";
GTK2_RC_FILES = "${XDG_CONFIG_HOME}/gtk-2.0/gtkrc";
XCOMPOSECACHE = "${XDG_CACHE_HOME}/X11/xcompose";
MATHEMATICA_USERBASE = "${XDG_CONFIG_HOME}/mathematica";
_JAVA_OPTIONS = "-Djava.util.prefs.userRoot=${XDG_CONFIG_HOME}/java";
};
i18n =
{

19
modules/system/systemd.nix Normal file
View File

@ -0,0 +1,19 @@
inputs: { config =
{
# only preserve the last 7 days of logs
services.journald.extraConfig = "MaxRetentionSec=7d";
systemd =
{
extraConfig =
''
DefaultTimeoutStopSec=10s
DefaultLimitNOFILE=1048576:1048576
'';
user.extraConfig = "DefaultTimeoutStopSec=10s";
# do not create /var/lib/machines and /var/lib/portables as subvolumes
services.systemd-tmpfiles-setup.environment.SYSTEMD_TMPFILES_FORCE_SUBVOL = "0";
# do not clean /tmp
timers.systemd-tmpfiles-clean.enable = false;
coredump.enable = false;
};
};}