
118 lines
3 KiB

{ config, lib, pkgs, ... }:
# Options that affect multiple modules
options.sbruder = {
gui.enable = lib.mkEnableOption "gui";
# All modules are imported but non-essential modules are activated by
# configuration options
imports = [
config = {
# Essential system tools
environment.systemPackages = with pkgs; [
git-crypt # used to store secrets in configuration
git-lfs # not so essential, but required to clone config
# Clean temporary files on boot
boot.cleanTmpDir = true;
# Disable firewall
networking.firewall.enable = lib.mkDefault false;
# Set zsh as default shell
programs.zsh.enable = true;
users.defaultUserShell = pkgs.zsh;
# command-not-found does not work without channels
programs.command-not-found.enable = false;
# Sane swapping
boot.kernel.sysctl."vm.swapiness" = 10;
# Store logs persistently
services.journald.extraConfig = "Storage = persistent";
# Hard drive monitoring
services.smartd.enable = true;
# Network monitoring
services.vnstat.enable = true;
# Authentication/Encryption agents
programs.gnupg.agent.enable = true;
programs.ssh.startAgent = true;
# NixOS state version (see
system.stateVersion = "20.03";
nix = {
nixPath = [
"/var/src" # pinned nixpkgs and configuration
"nixpkgs=/var/src/nixpkgs" # for nix run
# Make sudoers trusted nix users
trustedUsers = [ "@wheel" ];
# On-the-fly optimisation of nix store
autoOptimiseStore = true;
# Keep output of derivations with gc root
extraOptions = ''
keep-outputs = true
keep-derivations = true
# Make nix build in background less noticeable
daemonIONiceLevel = 5; # 0-7
}; = "batch";
nixpkgs.config = {
# Explicitly allow unfree packages (rule of thumb: assets ok, code not ok)
allowUnfreePredicate = (
pkg: builtins.elem (lib.getName pkg) [
"wallpaper-unfree" # defined in users/simon/modules/sway.nix
"p7zip" # exception: rar source code is not free, but available; p7zip with `enableUnfree` includes it
# Add unstable channel
packageOverrides = pkgs: {
unstable = import (import ../nix/sources.nix).nixpkgs-unstable {
config = config.nixpkgs.config;