2023-02-26 02:46:35 +01:00
{ config , pkgs , lib , inputs , . . . }:
2023-02-25 04:39:30 +01:00
{
imports = [
./cachix.nix
( if builtins . pathExists ./hardware-configuration.nix
2023-02-26 02:46:35 +01:00
then ./hardware-configuration.nix # results of ‘ nixos-generate-config
2023-02-25 04:39:30 +01:00
else { }
)
] ;
nixpkgs . config . allowUnfree = true ;
nixpkgs . config . allowUnfreePredicate = ( pkg : true ) ;
2023-03-03 02:24:07 +01:00
nixpkgs . config . nonfreeLicensing = true ; # used by ffmpeg
2023-02-25 04:39:30 +01:00
2023-02-26 02:46:35 +01:00
# 'nixos-rebuild switch --upgrade', by default daily with no reboot
2023-02-26 21:15:08 +01:00
system . autoUpgrade . enable = true ;
2023-02-26 02:46:35 +01:00
#system.autoUpgrade.allowReboot = true; # reboot after a kernel (module) or initrd upgrade, consider also setting `rebootWindow`
2023-02-26 21:15:08 +01:00
/* * /
2023-02-26 03:53:55 +01:00
# TODO: this doesn't work during 'nix eval' on a non-nixos machine
2023-02-26 21:15:08 +01:00
system . autoUpgrade . flake = " / e t c / n i x o s " ;
system . autoUpgrade . flags = [
" - - r e c r e a t e - l o c k - f i l e " # fetch new inputs
#"--commit-lock-file" # commit new lock to local git repo
# TODO: can i somehow first do a git pull --rebase --autostash with proper abort handling ?
" - L " # print build logs
] ;
2023-02-26 02:46:35 +01:00
#assertions = [
# { assertion = builtins.pathExists "/etc/nixos/flake.nix"; message = "You have yet to test systems without a flake in /etc/nixos"; }
#];
2023-02-26 21:15:08 +01:00
/* */
system . autoUpgrade . flake = inputs . self . outPath ; # a nix store path
#system.autoUpgrade.flake = "github:pbsds/nix-config"; # TODO: use this instead?
system . autoUpgrade . flags = [
" - - r e c r e a t e - l o c k - f i l e " # fetch new inputs
" - - n o - w r i t e - l o c k - f i l e " # no write new flakelock, as the in-store flake is read-only
" - L " # print build logs
] ;
2023-03-03 02:24:07 +01:00
environment . etc . " c u r r e n t - s y s t e m - f l a k e " . source = inputs . self ; # the plan was to allow me to locate the new flake.lock, but alas https://github.com/NixOS/nix/issues/6895
2023-02-26 21:15:08 +01:00
/* */
2023-02-25 04:39:30 +01:00
2023-03-03 02:24:07 +01:00
2023-02-26 02:46:35 +01:00
nix . settings . trusted-users = [ " r o o t " ] ; # default, but will stick around after a mergins with ./users
2023-02-25 04:39:30 +01:00
nix . settings . auto-optimise-store = true ; # deduplicate with hardlinks, expensive. Alternative: nix-store --optimise
#nix.optimize.automatic = true; # periodic optimization
nix . gc . automatic = true ;
nix . gc . dates = " w e e k l y " ;
nix . gc . options = " - - d e l e t e - o l d e r - t h a n 3 0 d " ;
# TODO: can i make this non-string?
nix . extraOptions = ''
experimental-features = nix-command flakes
'' ;
# TODO: only if x86_64?
services . thermald . enable = true ;
# firewall
services . fail2ban . enable = config . services . openssh . enable ;
networking . firewall . enable = true ; # default
# Time zone and internationalisation properties.
2023-02-26 02:46:35 +01:00
time . timeZone = " E u r o p e / O s l o " ;
2023-02-25 04:39:30 +01:00
i18n . defaultLocale = " e n _ U S . u t f 8 " ;
i18n . extraLocaleSettings . LC_ADDRESS = " n b _ N O . u t f 8 " ;
i18n . extraLocaleSettings . LC_IDENTIFICATION = " n b _ N O . u t f 8 " ;
i18n . extraLocaleSettings . LC_MEASUREMENT = " n b _ N O . u t f 8 " ;
i18n . extraLocaleSettings . LC_MONETARY = " n b _ N O . u t f 8 " ;
i18n . extraLocaleSettings . LC_NAME = " n b _ N O . u t f 8 " ;
i18n . extraLocaleSettings . LC_NUMERIC = " n b _ N O . u t f 8 " ;
i18n . extraLocaleSettings . LC_PAPER = " n b _ N O . u t f 8 " ;
i18n . extraLocaleSettings . LC_TELEPHONE = " n b _ N O . u t f 8 " ;
i18n . extraLocaleSettings . LC_TIME = " n b _ N O . u t f 8 " ;
console . keyMap = " n o " ;
services . xserver . layout = " n o " ;
services . xserver . xkbVariant = " " ;
}