Harald Hoyer
707550547e
Increased the file descriptor limit (NOFILE) from 32000 to 32768 in systemd and PAM settings. This adjustment aligns system limits with higher resource demands.
59 lines
1.2 KiB
Nix
59 lines
1.2 KiB
Nix
{ pkgs, lib, ... }:
|
|
with lib;
|
|
with lib.metacfg;
|
|
{
|
|
imports = [ ./hardware-configuration.nix ];
|
|
|
|
metacfg = {
|
|
base.enable = true;
|
|
gui.enable = true;
|
|
nix-ld.enable = true;
|
|
nix.enable = true;
|
|
podman.enable = true;
|
|
secureboot.enable = true;
|
|
homeprinter.enable = true;
|
|
user.extraGroups = [ "docker" "dialout" ];
|
|
};
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
azure-cli
|
|
cloudflare-warp
|
|
desktop-file-utils
|
|
kubectl
|
|
kubectx
|
|
k9s
|
|
attic-client
|
|
];
|
|
|
|
services.resolved.enable = true;
|
|
services.resolved.dnssec = "allow-downgrade";
|
|
services.resolved.extraConfig = ''
|
|
ResolveUnicastSingleLabel=yes
|
|
'';
|
|
|
|
systemd.packages = [ pkgs.cloudflare-warp ]; # for warp-cli
|
|
|
|
virtualisation = {
|
|
docker.enable = true;
|
|
libvirtd.enable = true;
|
|
podman.dockerCompat = false;
|
|
};
|
|
|
|
system.autoUpgrade = {
|
|
enable = true;
|
|
operation = "boot";
|
|
allowReboot = false;
|
|
};
|
|
|
|
services.trezord.enable = true;
|
|
|
|
systemd.user.extraConfig = "DefaultLimitNOFILE=32768";
|
|
|
|
security.pam.loginLimits = [
|
|
{ domain = "*"; item = "nofile"; type = "-"; value = "32768"; }
|
|
{ domain = "*"; item = "memlock"; type = "-"; value = "32768"; }
|
|
];
|
|
|
|
system.stateVersion = "23.11";
|
|
}
|