2020-12-05 14:18:57 +01:00
|
|
|
{ config, lib, pkgs, ... }:
|
|
|
|
|
|
|
|
{
|
|
|
|
# Options that affect multiple modules
|
|
|
|
options.sbruder = {
|
2020-12-05 15:44:58 +01:00
|
|
|
gui.enable = lib.mkEnableOption "gui";
|
2020-12-05 14:18:57 +01:00
|
|
|
};
|
|
|
|
|
|
|
|
# All modules are imported but non-essential modules are activated by
|
|
|
|
# configuration options
|
|
|
|
imports = [
|
2020-12-05 16:00:34 +01:00
|
|
|
./cpu
|
2020-12-05 14:18:57 +01:00
|
|
|
./cups.nix
|
|
|
|
./docker.nix
|
|
|
|
./fonts.nix
|
2020-12-05 15:57:23 +01:00
|
|
|
./gpu
|
2020-12-05 14:18:57 +01:00
|
|
|
./grub.nix
|
2021-01-01 12:32:55 +01:00
|
|
|
./gui.nix
|
2020-12-05 15:37:44 +01:00
|
|
|
./libvirt.nix
|
2020-12-05 14:18:57 +01:00
|
|
|
./locales.nix
|
2020-12-31 15:44:24 +01:00
|
|
|
./media-proxy.nix
|
2020-12-05 14:18:57 +01:00
|
|
|
./network-manager.nix
|
|
|
|
./office.nix
|
|
|
|
./prometheus/node_exporter.nix
|
2020-12-05 16:42:49 +01:00
|
|
|
./pubkeys.nix
|
2020-12-05 14:18:57 +01:00
|
|
|
./pulseaudio.nix
|
2020-12-05 14:19:34 +01:00
|
|
|
./restic.nix
|
2021-01-06 13:09:29 +01:00
|
|
|
./secrets.nix
|
2020-12-05 15:33:36 +01:00
|
|
|
./ssd.nix
|
2020-12-05 14:18:57 +01:00
|
|
|
./ssh.nix
|
|
|
|
./tools.nix
|
|
|
|
./udev.nix
|
2021-01-03 16:28:35 +01:00
|
|
|
./unfree.nix
|
2020-12-05 14:39:36 +01:00
|
|
|
./wireguard
|
2020-12-05 14:18:57 +01:00
|
|
|
];
|
|
|
|
|
|
|
|
config = {
|
|
|
|
# Essential system tools
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
|
|
git
|
|
|
|
git-crypt # used to store secrets in configuration
|
|
|
|
git-lfs # not so essential, but required to clone config
|
|
|
|
htop
|
|
|
|
tmux
|
|
|
|
vim
|
|
|
|
];
|
|
|
|
|
|
|
|
# Clean temporary files on boot
|
|
|
|
boot.cleanTmpDir = true;
|
|
|
|
|
|
|
|
# Disable firewall
|
|
|
|
networking.firewall.enable = lib.mkDefault false;
|
|
|
|
|
|
|
|
# Set zsh as default shell
|
|
|
|
programs.zsh.enable = true;
|
|
|
|
users.defaultUserShell = pkgs.zsh;
|
|
|
|
|
2020-12-25 16:41:48 +01:00
|
|
|
# command-not-found does not work without channels
|
|
|
|
programs.command-not-found.enable = false;
|
|
|
|
|
2020-12-05 14:18:57 +01:00
|
|
|
# Sane swapping
|
|
|
|
boot.kernel.sysctl."vm.swapiness" = 10;
|
|
|
|
|
|
|
|
# Store logs persistently
|
|
|
|
services.journald.extraConfig = "Storage = persistent";
|
|
|
|
|
|
|
|
# Hard drive monitoring
|
|
|
|
services.smartd.enable = true;
|
|
|
|
# Network monitoring
|
|
|
|
services.vnstat.enable = true;
|
|
|
|
|
|
|
|
# Authentication/Encryption agents
|
|
|
|
programs.gnupg.agent.enable = true;
|
|
|
|
programs.ssh.startAgent = true;
|
|
|
|
|
|
|
|
# NixOS state version (see https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion)
|
|
|
|
system.stateVersion = "20.03";
|
|
|
|
|
|
|
|
nix = {
|
2020-12-12 16:15:43 +01:00
|
|
|
nixPath = [
|
|
|
|
"/var/src" # pinned nixpkgs and configuration
|
2020-12-12 17:20:06 +01:00
|
|
|
"nixpkgs=/var/src/nixpkgs" # for nix run
|
2020-12-12 16:15:43 +01:00
|
|
|
];
|
2020-12-05 14:18:57 +01:00
|
|
|
# Make sudoers trusted nix users
|
|
|
|
trustedUsers = [ "@wheel" ];
|
|
|
|
|
|
|
|
# On-the-fly optimisation of nix store
|
|
|
|
autoOptimiseStore = true;
|
2020-12-05 23:08:24 +01:00
|
|
|
# Keep output of derivations with gc root
|
|
|
|
extraOptions = ''
|
|
|
|
keep-outputs = true
|
|
|
|
keep-derivations = true
|
|
|
|
'';
|
2020-12-05 14:18:57 +01:00
|
|
|
|
|
|
|
# Make nix build in background less noticeable
|
|
|
|
daemonIONiceLevel = 5; # 0-7
|
|
|
|
};
|
|
|
|
systemd.services.nix-daemon.serviceConfig.CPUSchedulingPolicy = "batch";
|
|
|
|
|
|
|
|
nixpkgs.config = {
|
|
|
|
# Add unstable channel
|
|
|
|
packageOverrides = pkgs: {
|
2020-12-12 17:13:17 +01:00
|
|
|
unstable = import (import ../nix/sources.nix).nixpkgs-unstable {
|
2020-12-05 14:18:57 +01:00
|
|
|
config = config.nixpkgs.config;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
}
|