Simon Bruder
05a72217aa
This removes the manual modules that use options to activate hardware configuration. It seems to general (e.g. newer Intel GPUs require different opencl icd) or not flexible enough (in case of the ssd module). Closes #21.
140 lines
3.6 KiB
Nix
140 lines
3.6 KiB
Nix
{ config, lib, pkgs, ... }:
|
|
let
|
|
# Taken from https://nixos.wiki/wiki/Overlays
|
|
overlaysCompat = pkgs.writeTextFile {
|
|
name = "overlays-compat";
|
|
destination = "/overlays.nix";
|
|
text = ''
|
|
self: super:
|
|
with super.lib;
|
|
let
|
|
# Load the system config and get the `nixpkgs.overlays` option
|
|
overlays = (import <nixpkgs/nixos> { }).config.nixpkgs.overlays;
|
|
in
|
|
# Apply all overlays to the input of the current "main" overlay
|
|
foldl' (flip extends) (_: super) overlays self
|
|
'';
|
|
};
|
|
in
|
|
{
|
|
# Options that affect multiple modules
|
|
options.sbruder = {
|
|
full = lib.mkOption {
|
|
type = lib.types.bool;
|
|
description = ''
|
|
Whether to build the full system. If disabled, the system closure will
|
|
be smaller, but some features will not be available.
|
|
'';
|
|
default = true;
|
|
};
|
|
gui.enable = lib.mkEnableOption "gui";
|
|
games.enable = lib.mkEnableOption "games";
|
|
};
|
|
|
|
# All modules are imported but non-essential modules are activated by
|
|
# configuration options
|
|
imports = [
|
|
./cups.nix
|
|
./docker.nix
|
|
./fonts.nix
|
|
./grub.nix
|
|
./gui.nix
|
|
./initrd-ssh.nix
|
|
./libvirt.nix
|
|
./locales.nix
|
|
./media-proxy.nix
|
|
./network-manager.nix
|
|
./office.nix
|
|
./prometheus/node_exporter.nix
|
|
./pubkeys.nix
|
|
./pulseaudio.nix
|
|
./restic.nix
|
|
./secrets.nix
|
|
./ssh.nix
|
|
./tools.nix
|
|
./udev.nix
|
|
./unfree.nix
|
|
./wireguard
|
|
];
|
|
|
|
config = {
|
|
# Essential system tools
|
|
environment.systemPackages = with pkgs; [
|
|
git
|
|
git-crypt # used to store secrets in configuration
|
|
git-lfs # not so essential, but required to clone config
|
|
htop
|
|
tmux
|
|
vim
|
|
];
|
|
|
|
# Clean temporary files on boot
|
|
boot.cleanTmpDir = true;
|
|
|
|
# Set zsh as default shell
|
|
programs.zsh.enable = true;
|
|
users.defaultUserShell = pkgs.zsh;
|
|
|
|
# command-not-found does not work without channels
|
|
programs.command-not-found.enable = false;
|
|
|
|
# Sane swapping
|
|
boot.kernel.sysctl."vm.swapiness" = 10;
|
|
|
|
# Store logs persistently
|
|
services.journald.extraConfig = "Storage = persistent";
|
|
|
|
# Hard drive monitoring
|
|
services.smartd.enable = true;
|
|
# Network monitoring
|
|
services.vnstat.enable = true;
|
|
|
|
# Authentication/Encryption agents
|
|
programs.gnupg.agent.enable = true;
|
|
programs.ssh.startAgent = true;
|
|
|
|
# NixOS state version (see https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion)
|
|
system.stateVersion = "20.03";
|
|
|
|
# When this is set to true (default), routing everything through a
|
|
# wireguard tunnel does not work.
|
|
networking.firewall.checkReversePath = "loose";
|
|
|
|
nix = {
|
|
nixPath = [
|
|
"/var/src" # pinned nixpkgs and configuration
|
|
"nixpkgs=/var/src/nixpkgs" # for nix run
|
|
"nixpkgs-overlays=${overlaysCompat}"
|
|
];
|
|
# Make sudoers trusted nix users
|
|
trustedUsers = [ "@wheel" ];
|
|
|
|
# On-the-fly optimisation of nix store
|
|
autoOptimiseStore = true;
|
|
# Keep output of derivations with gc root
|
|
extraOptions = ''
|
|
keep-outputs = true
|
|
keep-derivations = true
|
|
'';
|
|
|
|
# Make nix build in background less noticeable
|
|
daemonIONiceLevel = 5; # 0-7
|
|
};
|
|
systemd.services.nix-daemon.serviceConfig.CPUSchedulingPolicy = "batch";
|
|
|
|
nixpkgs.config = {
|
|
# Add unstable channel
|
|
packageOverrides = pkgs: {
|
|
unstable = import (import ../nix/sources.nix).nixpkgs-unstable {
|
|
config = config.nixpkgs.config;
|
|
overlays = config.nixpkgs.overlays;
|
|
};
|
|
};
|
|
};
|
|
|
|
nixpkgs.overlays = [
|
|
(import ../pkgs)
|
|
];
|
|
};
|
|
}
|