config/base.nix

{ config, pkgs, lib, inputs, ... }:
{
  imports = [
    ./cachix.nix # update with `cachix use --mode nixos -d . FOOBAR`
    ./profiles/locale-no.nix
    # results of 'nixos-generate-config'
    # nice to have if i just dump this flake into /etc/nixos on a clean install
    (if builtins.pathExists ./configuration.nix
      then ./configuration.nix
      else {}
    )
    (if builtins.pathExists ./hardware-configuration.nix
      then ./hardware-configuration.nix
      else {}
    )
  ];

  # TODO: selectively whitelist?
  nixpkgs.config.allowUnfree = true;
  nixpkgs.config.allowUnfreePredicate = (pkg: true);
  nixpkgs.config.nonfreeLicensing = true; # used by ffmpeg

  nix.settings.experimental-features = [
    "nix-command"
    "flakes"
  ];
  nix.settings.allowed-users = [ "*" ]; # default
  #nix.settings.allowed-users = [ "@nixbld" "@builders" ]; # TODO: this
  nix.settings.trusted-users = [ "root" "@wheel" ];
  nix.settings.auto-optimise-store = true; # deduplicate with hardlinks, expensive. Alternative: nix-store --optimise
  #nix.optimize.automatic = true;           # periodic optimization
  nix.gc.automatic = true;
  nix.gc.dates     = "weekly";
  nix.gc.options   = "--delete-older-than 30d";

  services.thermald.enable = lib.mkIf (config.nixpkgs.system == "x86_64-linux") true;

  # firewall
  services.fail2ban.enable = config.services.openssh.enable;
  networking.firewall.enable = true; # default
}
further catogorize profile/web, add python-docs 2023-02-26 02:46:35 +01:00			`{ config, pkgs, lib, inputs, ... }:`
make it snow! 2023-02-25 04:39:30 +01:00			`{`
			`imports = [`
add nix-community cache 2023-06-19 02:44:40 +02:00			./cachix.nix # update with `cachix use --mode nixos -d . FOOBAR`
move locale to pofile still in base however... 2023-03-04 00:11:46 +01:00			`./profiles/locale-no.nix`
split systempackages 2023-03-12 05:14:28 +01:00			`# results of 'nixos-generate-config'`
			`# nice to have if i just dump this flake into /etc/nixos on a clean install`
			`(if builtins.pathExists ./configuration.nix`
			`then ./configuration.nix`
			`else {}`
			`)`
make it snow! 2023-02-25 04:39:30 +01:00			`(if builtins.pathExists ./hardware-configuration.nix`
split systempackages 2023-03-12 05:14:28 +01:00			`then ./hardware-configuration.nix`
make it snow! 2023-02-25 04:39:30 +01:00			`else {}`
			`)`
			`];`

wow 2023-06-24 19:11:49 +02:00			`# TODO: selectively whitelist?`
make it snow! 2023-02-25 04:39:30 +01:00			`nixpkgs.config.allowUnfree = true;`
			`nixpkgs.config.allowUnfreePredicate = (pkg: true);`
lots of unfree and intel acceleration 2023-03-03 02:24:07 +01:00			`nixpkgs.config.nonfreeLicensing = true; # used by ffmpeg`
make it snow! 2023-02-25 04:39:30 +01:00
wow 2023-06-24 19:11:49 +02:00			`nix.settings.experimental-features = [`
			`"nix-command"`
			`"flakes"`
Make flake update automatically 2023-02-26 21:15:08 +01:00			`];`
nord gnome dbus stuff 2023-03-11 00:30:24 +01:00			`nix.settings.allowed-users = [ "*" ]; # default`
			`#nix.settings.allowed-users = [ "@nixbld" "@builders" ]; # TODO: this`
			`nix.settings.trusted-users = [ "root" "@wheel" ];`
make it snow! 2023-02-25 04:39:30 +01:00			`nix.settings.auto-optimise-store = true; # deduplicate with hardlinks, expensive. Alternative: nix-store --optimise`
			`#nix.optimize.automatic = true; # periodic optimization`
			`nix.gc.automatic = true;`
			`nix.gc.dates = "weekly";`
			`nix.gc.options = "--delete-older-than 30d";`

wow 2023-06-24 19:11:49 +02:00			`services.thermald.enable = lib.mkIf (config.nixpkgs.system == "x86_64-linux") true;`
make it snow! 2023-02-25 04:39:30 +01:00
			`# firewall`
			`services.fail2ban.enable = config.services.openssh.enable;`
			`networking.firewall.enable = true; # default`
			`}`