-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathdefault.nix
139 lines (127 loc) · 3.77 KB
/
default.nix
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
{ inputs, lib, pkgs, ... }:
with lib;
with lib.my;
with inputs;
{
imports =
# I use home-manager to deploy files to $HOME; little else
[ home-manager.nixosModules.home-manager ]
# All my personal modules
++ (mapModulesRec' (toString ./modules) import);
# Common config for all NixOS machines; and to ensure the flake operates
# soundly
environment.variables = {
DOTFILES = dotFilesDir;
# Configure nix and nixpkgs
NIXPKGS_ALLOW_UNFREE = "1";
};
nix = {
package = pkgs.lix;
extraOptions = "experimental-features = nix-command flakes";
nixPath = [
"nixpkgs=${nixos}"
"nixpkgs-overlays=${dotFilesDir}/overlays"
"home-manager=${home-manager}"
"dotfiles=${dotFilesDir}"
];
settings = {
substituters = [
"https://cache.nixos.org/"
"https://nix-community.cachix.org"
];
trusted-public-keys = [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
};
registry = {
nixos.flake = nixos;
};
# Take out the garbage every once in a while
gc = {
automatic = mkDefault true;
dates = mkDefault "weekly";
options = mkDefault "--delete-older-than 30d";
};
# useSandbox = true;
};
system = {
stateVersion = mkDefault "23.05";
configurationRevision = mkIf (self ? rev) self.rev;
# Present information of what is being updated on nixos-rebuild
activationScripts = {
diff = {
supportsDryActivation = true;
# text = ''
# if [[ -e /run/current-system ]]; then
# ${pkgs.nix}/bin/nix store diff-closures /run/current-system "$systemConfig"
# fi
# '';
text = ''
if [[ -e /run/current-system ]]; then
echo -e "\e[36mPackage version diffs:\e[0m"
${pkgs.nvd}/bin/nvd --nix-bin-dir=${pkgs.nix}/bin diff /run/current-system "$systemConfig"
fi
'';
};
needsreboot = {
supportsDryActivation = true;
text = ''
if [[ -e /run/current-system ]]; then
echo -e "\e[36mSystem changes requiring a reboot:\e[0m"
/run/current-system/sw/bin/nixos-needsreboot
fi
'';
};
};
};
## Some reasonable, global defaults
# This is here to appease 'nix flake check' for generic hosts with no
# hardware-configuration.nix or fileSystem config.
fileSystems."/".device = mkDefault "/dev/disk/by-label/nixos";
boot = {
# Use the latest kernel by default
kernelPackages = mkDefault pkgs.linuxPackages_latest;
loader = {
systemd-boot = {
enable = mkDefault true;
configurationLimit = mkDefault 10;
consoleMode = mkDefault "auto";
};
efi.canTouchEfiVariables = mkDefault true;
};
};
# Let's you run AppImages directly binfmt and appimage-run
# Available since NixOS 24.05
# See https://nixos.wiki/wiki/Appimage for more information
programs.appimage.binfmt = true;
services = {
# Start a systemd service for each incoming SSH connection
openssh.startWhenNeeded = mkDefault true;
# Enable periodic SSD TRIM to extend life of mounted SSDs
fstrim.enable = mkDefault true;
};
# Do not start a sulogin shell if mounting a filesystem fails
systemd.enableEmergencyMode = mkDefault false;
systemd.services.NetworkManager-wait-online.enable = lib.mkForce false;
security.polkit = {
enable = true;
adminIdentities = [
"unix-group:wheel"
"unix-group:admin"
];
};
# Just the bear necessities...
environment.systemPackages = with pkgs; [
cached-nix-shell
coreutils
git
micro
curl
wget
gnumake
unzip
# Needed for alternative diff activationScript
nvd
inputs.nixos-needsreboot.packages.${system}.default
];
}