nixos-config/modules/default.nix

144 lines
3.6 KiB
Nix
Raw Normal View History

2020-12-05 14:18:57 +01:00
{ config, lib, pkgs, ... }:
2021-01-07 17:07:28 +01:00
let
# Taken from https://nixos.wiki/wiki/Overlays
overlaysCompat = pkgs.writeTextFile {
name = "overlays-compat";
destination = "/overlays.nix";
text = ''
self: super:
with super.lib;
let
# Load the system config and get the `nixpkgs.overlays` option
overlays = (import <nixpkgs/nixos> { }).config.nixpkgs.overlays;
in
# Apply all overlays to the input of the current "main" overlay
foldl' (flip extends) (_: super) overlays self
'';
};
in
2020-12-05 14:18:57 +01:00
{
# Options that affect multiple modules
options.sbruder = {
full = lib.mkOption {
type = lib.types.bool;
description = ''
Whether to build the full system. If disabled, the system closure will
be smaller, but some features will not be available.
'';
default = true;
};
gui.enable = lib.mkEnableOption "gui";
2021-01-07 18:29:18 +01:00
games.enable = lib.mkEnableOption "games";
2020-12-05 14:18:57 +01:00
};
# All modules are imported but non-essential modules are activated by
# configuration options
imports = [
../pkgs/modules.nix
2020-12-05 14:18:57 +01:00
./cups.nix
./docker.nix
./fonts.nix
./grub.nix
2021-01-01 12:32:55 +01:00
./gui.nix
2021-01-07 13:39:25 +01:00
./initrd-ssh.nix
2020-12-05 15:37:44 +01:00
./libvirt.nix
2020-12-05 14:18:57 +01:00
./locales.nix
./media-proxy.nix
2020-12-05 14:18:57 +01:00
./network-manager.nix
./office.nix
./prometheus/node_exporter.nix
2020-12-05 16:42:49 +01:00
./pubkeys.nix
2020-12-05 14:18:57 +01:00
./pulseaudio.nix
2020-12-05 14:19:34 +01:00
./restic.nix
2021-01-06 13:09:29 +01:00
./secrets.nix
2020-12-05 14:18:57 +01:00
./ssh.nix
./tools.nix
./udev.nix
./unfree.nix
2020-12-05 14:39:36 +01:00
./wireguard
2020-12-05 14:18:57 +01:00
];
config = {
# Essential system tools
environment.systemPackages = with pkgs; [
git
git-crypt # used to store secrets in configuration
git-lfs # not so essential, but required to clone config
htop
tmux
vim
];
# Clean temporary files on boot
boot.cleanTmpDir = true;
# Set zsh as default shell
programs.zsh.enable = true;
users.defaultUserShell = pkgs.zsh;
2020-12-25 16:41:48 +01:00
# command-not-found does not work without channels
programs.command-not-found.enable = false;
2020-12-05 14:18:57 +01:00
# Sane swapping
boot.kernel.sysctl."vm.swapiness" = 10;
# Store logs persistently
services.journald.extraConfig = "Storage = persistent";
# Hard drive monitoring
services.smartd.enable = lib.mkDefault true;
2020-12-05 14:18:57 +01:00
# Network monitoring
services.vnstat.enable = true;
# Authentication/Encryption agents
programs.gnupg.agent.enable = true;
programs.ssh.startAgent = true;
# When this is set to true (default), routing everything through a
# wireguard tunnel does not work.
networking.firewall.checkReversePath = "loose";
2020-12-05 14:18:57 +01:00
nix = {
2020-12-12 16:15:43 +01:00
nixPath = [
"/var/src" # pinned nixpkgs and configuration
"nixpkgs=/var/src/nixpkgs" # for nix run
2021-01-07 17:07:28 +01:00
"nixpkgs-overlays=${overlaysCompat}"
2020-12-12 16:15:43 +01:00
];
2020-12-05 14:18:57 +01:00
# Make sudoers trusted nix users
trustedUsers = [ "@wheel" ];
# On-the-fly optimisation of nix store
autoOptimiseStore = true;
# Keep output of derivations with gc root
extraOptions = ''
keep-outputs = true
keep-derivations = true
'';
2020-12-05 14:18:57 +01:00
# Make nix build in background less noticeable
daemonIONiceLevel = 5; # 0-7
};
systemd.services.nix-daemon.serviceConfig.CPUSchedulingPolicy = "batch";
nixpkgs.config = {
# Add unstable channel
packageOverrides = pkgs: {
2020-12-12 17:13:17 +01:00
unstable = import (import ../nix/sources.nix).nixpkgs-unstable {
2020-12-05 14:18:57 +01:00
config = config.nixpkgs.config;
2021-01-07 17:07:28 +01:00
overlays = config.nixpkgs.overlays;
2020-12-05 14:18:57 +01:00
};
};
};
2021-01-07 17:07:28 +01:00
nixpkgs.overlays = [
(import ../pkgs)
];
# Globally set Lets Encrypt requirements
security.acme = {
acceptTerms = true;
email = "security@sbruder.de";
};
2020-12-05 14:18:57 +01:00
};
}