mirror of
https://github.com/CHN-beta/nixos.git
synced 2024-10-23 09:08:45 +08:00
整理 systemd.security
This commit is contained in:
parent
438d1181ff
commit
289ed2fb27
@ -11,6 +11,7 @@ inputs:
|
|||||||
./gui.nix
|
./gui.nix
|
||||||
./nixpkgs.nix
|
./nixpkgs.nix
|
||||||
./networking.nix
|
./networking.nix
|
||||||
|
./systemd.nix
|
||||||
];
|
];
|
||||||
config =
|
config =
|
||||||
let
|
let
|
||||||
@ -30,7 +31,6 @@ inputs:
|
|||||||
ACTION=="add|change", KERNEL=="nvme[0-9]n[0-9]", ATTR{queue/rotational}=="0", ATTR{queue/scheduler}="bfq"
|
ACTION=="add|change", KERNEL=="nvme[0-9]n[0-9]", ATTR{queue/rotational}=="0", ATTR{queue/scheduler}="bfq"
|
||||||
'';
|
'';
|
||||||
dbus.implementation = "broker";
|
dbus.implementation = "broker";
|
||||||
journald.extraConfig = "MaxRetentionSec=7d";
|
|
||||||
};
|
};
|
||||||
time.timeZone = "Asia/Shanghai";
|
time.timeZone = "Asia/Shanghai";
|
||||||
boot =
|
boot =
|
||||||
@ -47,21 +47,7 @@ inputs:
|
|||||||
consoleLogLevel = 7;
|
consoleLogLevel = 7;
|
||||||
};
|
};
|
||||||
hardware.enableAllFirmware = true;
|
hardware.enableAllFirmware = true;
|
||||||
systemd =
|
environment.sessionVariables = rec
|
||||||
{
|
|
||||||
extraConfig =
|
|
||||||
''
|
|
||||||
DefaultTimeoutStopSec=10s
|
|
||||||
DefaultLimitNOFILE=1048576:1048576
|
|
||||||
'';
|
|
||||||
user.extraConfig = "DefaultTimeoutStopSec=10s";
|
|
||||||
services.systemd-tmpfiles-setup = { environment = { SYSTEMD_TMPFILES_FORCE_SUBVOL = "0"; }; };
|
|
||||||
timers.systemd-tmpfiles-clean.enable = false;
|
|
||||||
coredump.enable = false;
|
|
||||||
};
|
|
||||||
environment =
|
|
||||||
{
|
|
||||||
sessionVariables = rec
|
|
||||||
{
|
{
|
||||||
XDG_CACHE_HOME = "$HOME/.cache";
|
XDG_CACHE_HOME = "$HOME/.cache";
|
||||||
XDG_CONFIG_HOME = "$HOME/.config";
|
XDG_CONFIG_HOME = "$HOME/.config";
|
||||||
@ -77,7 +63,6 @@ inputs:
|
|||||||
MATHEMATICA_USERBASE = "${XDG_CONFIG_HOME}/mathematica";
|
MATHEMATICA_USERBASE = "${XDG_CONFIG_HOME}/mathematica";
|
||||||
_JAVA_OPTIONS = "-Djava.util.prefs.userRoot=${XDG_CONFIG_HOME}/java";
|
_JAVA_OPTIONS = "-Djava.util.prefs.userRoot=${XDG_CONFIG_HOME}/java";
|
||||||
};
|
};
|
||||||
};
|
|
||||||
i18n =
|
i18n =
|
||||||
{
|
{
|
||||||
defaultLocale = "C.UTF-8";
|
defaultLocale = "C.UTF-8";
|
||||||
|
19
modules/system/systemd.nix
Normal file
19
modules/system/systemd.nix
Normal file
@ -0,0 +1,19 @@
|
|||||||
|
inputs: { config =
|
||||||
|
{
|
||||||
|
# only preserve the last 7 days of logs
|
||||||
|
services.journald.extraConfig = "MaxRetentionSec=7d";
|
||||||
|
systemd =
|
||||||
|
{
|
||||||
|
extraConfig =
|
||||||
|
''
|
||||||
|
DefaultTimeoutStopSec=10s
|
||||||
|
DefaultLimitNOFILE=1048576:1048576
|
||||||
|
'';
|
||||||
|
user.extraConfig = "DefaultTimeoutStopSec=10s";
|
||||||
|
# do not create /var/lib/machines and /var/lib/portables as subvolumes
|
||||||
|
services.systemd-tmpfiles-setup.environment.SYSTEMD_TMPFILES_FORCE_SUBVOL = "0";
|
||||||
|
# do not clean /tmp
|
||||||
|
timers.systemd-tmpfiles-clean.enable = false;
|
||||||
|
coredump.enable = false;
|
||||||
|
};
|
||||||
|
};}
|
Loading…
Reference in New Issue
Block a user