simon
/
nixos-config
1
1
Fork 0
Code Issues 8 Pull Requests Projects Releases Activity
nixos-config/modules/default.nix

156 lines
4.3 KiB
Nix
Raw Blame History

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

{ config, lib, pkgs, ... }:
let
# Taken from https://nixos.wiki/wiki/Overlays
overlaysCompat = pkgs.writeTextFile {
name = "overlays-compat";
destination = "/overlays.nix";
text = ''
self: super:
with super.lib;
let
# Load the system config and get the `nixpkgs.overlays` option
overlays = (import <nixpkgs/nixos> { }).config.nixpkgs.overlays;
in
# Apply all overlays to the input of the current "main" overlay
foldl' (flip extends) (_: super) overlays self
'';
};
in
{
# Options that affect multiple modules
options.sbruder = {
full = lib.mkOption {
type = lib.types.bool;
description = ''
Whether to build the full system. If disabled, the system closure will
be smaller, but some features will not be available.
'';
default = true;
};
gui.enable = lib.mkEnableOption "gui";
games.enable = lib.mkEnableOption "games";
};
# All modules are imported but non-essential modules are activated by
# configuration options
imports = [
../pkgs/modules.nix
./binfmt.nix
./cups.nix
./docker.nix
./fonts.nix
./grub.nix
./gui.nix
./initrd-ssh.nix
./libvirt.nix
./locales.nix
./mailserver.nix
./media-proxy.nix
./network-manager.nix
./nginx-interactive-index
./nginx.nix
./office.nix
./prometheus/node_exporter.nix
./pubkeys.nix
./pulseaudio.nix
./restic
./secrets.nix
./ssh.nix
./tools.nix
./udev.nix
./unfree.nix
./wireguard
];
config = lib.mkMerge [
{
# Essential system tools
environment.systemPackages = with pkgs; [
git
git-crypt # used to store secrets in configuration
git-lfs # not so essential, but required to clone config
htop
tmux
vim
];
# Clean temporary files on boot
boot.cleanTmpDir = true;
# Set zsh as default shell
programs.zsh.enable = true;
users.defaultUserShell = pkgs.zsh;
environment.etc."zshrc.local".source = "${pkgs.grml-zsh-config}/etc/zsh/zshrc";
# command-not-found does not work without channels
programs.command-not-found.enable = false;
# Hard drive monitoring
services.smartd.enable = lib.mkDefault true;
# Network monitoring
services.vnstat.enable = true;
# Authentication/Encryption agents
programs.gnupg.agent.enable = true;
programs.ssh.startAgent = true;
# When this is set to true (default), routing everything through a
# wireguard tunnel does not work.
networking.firewall.checkReversePath = false;
# Open ports for quick tests
networking.firewall = {
allowedTCPPortRanges = lib.singleton { from = 9990; to = 9999; };
allowedUDPPortRanges = lib.singleton { from = 9990; to = 9999; };
};
nix = {
nixPath = [
"/var/src" # pinned nixpkgs and configuration
"nixpkgs=/var/src/nixpkgs" # for nix run
"nixpkgs-overlays=${overlaysCompat}"
];
# Make sudoers trusted nix users
trustedUsers = [ "@wheel" ];
# On-the-fly optimisation of nix store
autoOptimiseStore = true;
# Keep output of derivations with gc root
extraOptions = lib.optionalString config.sbruder.full ''
keep-outputs = true
keep-derivations = true
'';
# Make nix build in background less noticeable
daemonIONiceLevel = 5; # 0-7
};
systemd.services.nix-daemon.serviceConfig.CPUSchedulingPolicy = "batch";
nixpkgs.overlays = [
(import ../pkgs)
(final: prev: {
unstable = import (import ../nix/sources.nix).nixpkgs-unstable {
config = config.nixpkgs.config;
overlays = config.nixpkgs.overlays;
};
})
];
# Globally set Lets Encrypt requirements
security.acme = {
acceptTerms = true;
email = "security@sbruder.de";
};
}
(lib.mkIf (!config.sbruder.full) {
# Adapted from nixpkgs/nixos/modules/profiles/minimal.nix
i18n.supportedLocales = map
(locale: locale + "/UTF-8")
((lib.singleton config.i18n.defaultLocale)
++ (lib.attrValues config.i18n.extraLocaleSettings));
documentation.enable = lib.mkDefault false;
})
];
}
Reference in New Issue View Git Blame Copy Permalink