{ config, pkgs, lib, inputs, ... }: { imports = let ifExists = p: if builtins.pathExists p then p else {}; in [ ./cachix.nix # update with `cachix use --mode nixos -d . FOOBAR` ./profiles/locale-no.nix ./profiles/upgrade-diff.nix # results of 'nixos-generate-config' # nice to have if i just dump this flake into /etc/nixos on a clean install (ifExists ./configuration.nix ) (ifExists ./hardware-configuration.nix ) ]; nixpkgs.config.permittedInsecurePackages = [ pkgs.pulsar.name pkgs.zotero.name pkgs.gitea.name ]; environment.systemPackages = with pkgs; [ ddrescue gptfdisk ms-sys nvme-cli parted pciutils smartmontools testdisk usbutils ] ++ lib.optionals (builtins.elem config.nixpkgs.system [ "x86_64-linux" "aarch64_linux"]) [ cage weston ]; # TODO: selectively whitelist nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfreePredicate = (pkg: true); nixpkgs.config.nonfreeLicensing = true; # used by ffmpeg hardware.enableRedistributableFirmware = true; sops.secrets.nix-access-tokens.mode = "0440"; sops.secrets.nix-access-tokens.group = config.users.groups.keys.name; nix.extraOptions = '' !include ${config.sops.secrets.nix-access-tokens.path} ''; nix.settings.experimental-features = [ "nix-command" "flakes" ]; nix.settings.allowed-users = [ "*" ]; # default #nix.settings.allowed-users = [ "@nixbld" "@builders" ]; # TODO: this nix.settings.trusted-users = [ "root" "@wheel" ]; nix.settings.keep-derivations = true; # great with nix-diff nix.settings.auto-optimise-store = true; # deduplicate with hardlinks, expensive. Alternative: nix-store --optimise nix.settings.max-silent-time = 3600; #nix.settings.keep-failed = true; #nix.settings.log-lines = 35; #nix.optimize.automatic = true; # periodic optimization nix.gc.automatic = true; nix.gc.dates = "weekly"; nix.gc.options = lib.mkIf config.system.autoUpgrade.enable "--delete-older-than 15d"; nix.settings.min-free = 3 * 1024 * 1024 * 1024; nix.settings.max-free = 20 * 1024 * 1024 * 1024; services.thermald.enable = lib.mkIf (config.nixpkgs.system == "x86_64-linux") true; # System fonts # Nice to have when X-forwading on headless machines fonts.fontDir.enable = true; # creates /run/current-system/sw/share/X11/fonts fonts.enableDefaultPackages = true; # dejavu, freefont, gyre, liberation, unifont, noto-fonts-emoji fonts.packages = with pkgs; [ noto-fonts # includes Cousine noto-fonts-cjk noto-fonts-emoji noto-fonts-extra ]; networking.firewall.enable = true; # default # https://discourse.nixos.org/t/what-to-do-with-a-full-boot-partition/2049 boot.loader.grub.configurationLimit = 15; boot.loader.systemd-boot.configurationLimit = 15; boot.loader.raspberryPi.uboot.configurationLimit = 15; boot.loader.generic-extlinux-compatible.configurationLimit = 15; }