ljdsalkjdsalkjdaj
This commit is contained in:
@@ -6,6 +6,7 @@
|
||||
imports = let ifExists = p: if builtins.pathExists p then p else {}; in [
|
||||
./../../secrets
|
||||
./cachix.nix # update with `nix run nixpkgs#cachix -- use --mode nixos -d . FOOBAR`
|
||||
./nix.nix
|
||||
./lix.nix
|
||||
./locale-no.nix
|
||||
./upgrade-diff.nix
|
||||
@@ -64,7 +65,7 @@
|
||||
|
||||
boot.initrd.systemd.enable = true; # systemd manages initfs boot, systemd-analyse can see what happened
|
||||
# https://discourse.nixos.org/t/what-to-do-with-a-full-boot-partition/2049
|
||||
# raise to 15 if auto upgrading
|
||||
# raised to 15 if auto upgrading by auto-upgrade.nix
|
||||
boot.loader.grub.configurationLimit = lib.mkDefault 5;
|
||||
boot.loader.systemd-boot.configurationLimit = lib.mkDefault 5;
|
||||
boot.loader.generic-extlinux-compatible.configurationLimit = lib.mkDefault 5;
|
||||
@@ -75,38 +76,6 @@
|
||||
#networking.networkmanager.wifi.backend = "iwd"; # default is wpa_supplicant, iwd doesn't support eduroam
|
||||
networking.firewall.logRefusedConnections = false; # too spammy, rotates dmesg too quickly
|
||||
|
||||
sops.secrets.nix-access-tokens = {};
|
||||
sops.secrets.nix-access-tokens-all.mode = "0440";
|
||||
sops.secrets.nix-access-tokens-all.group = config.users.groups."keys".name;
|
||||
nix.extraOptions = ''
|
||||
!include ${config.sops.secrets.nix-access-tokens.path}
|
||||
!include ${config.sops.secrets.nix-access-tokens-all.path}
|
||||
'';
|
||||
|
||||
nix.settings.experimental-features = [
|
||||
"nix-command"
|
||||
"flakes"
|
||||
/* "pipe-operator" # not supported on lix 2.91 */
|
||||
];
|
||||
#nix.settings.allowed-users = [ "@builders" ]; # TODO: this
|
||||
nix.settings.allowed-users = [ "root" "@wheel" ]; # default is [ "*" ]
|
||||
nix.settings.trusted-users = [ "root" "@wheel" ];
|
||||
nix.settings.keep-derivations = true; # keep .drv in store, great with nix-diff
|
||||
nix.settings.auto-optimise-store = true; # deduplicate with hardlinks, expensive. Alternative: nix-store --optimise
|
||||
nix.settings.max-silent-time = 3600;
|
||||
nix.settings.connect-timeout = 5; # seconds timeout for binary caches
|
||||
#nix.settings.keep-failed = true; # fills up $TMPDIR
|
||||
nix.settings.log-lines = 35;
|
||||
#nix.optimize.automatic = true; # periodic optimization
|
||||
nix.gc.automatic = true;
|
||||
nix.gc.dates = "weekly";
|
||||
nix.gc.options = lib.mkIf config.system.autoUpgrade.enable "--delete-older-than 15d";
|
||||
nix.settings.min-free = 3 * 1024 * 1024 * 1024; # starts cg
|
||||
nix.settings.max-free = 20 * 1024 * 1024 * 1024; # condition to end gc triggered by min-free
|
||||
|
||||
# should not be needed since https://github.com/NixOS/nixpkgs/pull/383052
|
||||
nix.settings.system-features = lib.mkIf (pkgs.stdenv.hostPlatform.system == "x86_64-linux" && (lib.versionOlder (lib.versions.majorMinor lib.version) "25.05")) [ "nixos-test" "big-parallel" "kvm" ];
|
||||
|
||||
security.sudo.execWheelOnly = true;
|
||||
|
||||
services.thermald.enable = lib.all (x: x) [
|
||||
@@ -135,7 +104,7 @@
|
||||
};
|
||||
|
||||
# System fonts
|
||||
# Nice to have when X-forwading on headless machines
|
||||
# Nice to have when X-forwarding on headless machines
|
||||
fonts.fontDir.enable = true; # creates /run/current-system/sw/share/X11/fonts
|
||||
fonts.enableDefaultPackages = true; # dejavu, freefont, gyre, liberation, unifont, noto-fonts-emoji
|
||||
fonts.packages = with pkgs; [
|
||||
|
||||
63
profiles/base/nix.nix
Normal file
63
profiles/base/nix.nix
Normal file
@@ -0,0 +1,63 @@
|
||||
{
|
||||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
...
|
||||
}:
|
||||
|
||||
{
|
||||
sops.secrets.nix-access-tokens = { };
|
||||
sops.secrets.nix-access-tokens-all.mode = "0440";
|
||||
sops.secrets.nix-access-tokens-all.group = config.users.groups."keys".name;
|
||||
nix.extraOptions = ''
|
||||
!include ${config.sops.secrets.nix-access-tokens.path}
|
||||
!include ${config.sops.secrets.nix-access-tokens-all.path}
|
||||
'';
|
||||
|
||||
nix.settings = {
|
||||
experimental-features = [
|
||||
"nix-command"
|
||||
"flakes"
|
||||
# "pipe-operator" # not supported on lix 2.91
|
||||
];
|
||||
#nix.settings.allowed-users = [ "@builders" ]; # TODO: this
|
||||
allowed-users = [
|
||||
# default is [ "*" ]
|
||||
"root"
|
||||
"@wheel"
|
||||
];
|
||||
trusted-users = [
|
||||
"root"
|
||||
"@wheel"
|
||||
];
|
||||
keep-derivations = true; # keep .drv in store, great with nix-diff
|
||||
auto-optimise-store = true; # deduplicate with hardlinks, expensive. Alternative: nix-store --optimise
|
||||
max-silent-time = 3600;
|
||||
connect-timeout = 5; # seconds timeout for binary caches
|
||||
#nix.settings.keep-failed = true; # fills up $TMPDIR
|
||||
log-lines = 35;
|
||||
min-free = 3 * 1024 * 1024 * 1024; # starts cg
|
||||
max-free = 20 * 1024 * 1024 * 1024; # condition to end gc triggered by min-free
|
||||
|
||||
# should not be needed since https://github.com/NixOS/nixpkgs/pull/383052
|
||||
system-features =
|
||||
lib.mkIf
|
||||
(
|
||||
pkgs.stdenv.hostPlatform.system == "x86_64-linux"
|
||||
&& (lib.versionOlder (lib.versions.majorMinor lib.version) "25.05")
|
||||
)
|
||||
[
|
||||
"nixos-test"
|
||||
"big-parallel"
|
||||
"kvm"
|
||||
];
|
||||
};
|
||||
|
||||
nix.gc = {
|
||||
#nix.optimize.automatic = true; # periodic optimization
|
||||
automatic = true;
|
||||
dates = "weekly";
|
||||
options = lib.mkIf config.system.autoUpgrade.enable "--delete-older-than 15d";
|
||||
};
|
||||
|
||||
}
|
||||
Reference in New Issue
Block a user