config/base.nix

72 lines
2.1 KiB
Nix

{ config, pkgs, lib, inputs, ... }:
{
imports = [
./cachix.nix # update with `cachix use --mode nixos -d . FOOBAR`
./profiles/locale-no.nix
# results of 'nixos-generate-config'
# nice to have if i just dump this flake into /etc/nixos on a clean install
(if builtins.pathExists ./configuration.nix
then ./configuration.nix
else {}
)
(if builtins.pathExists ./hardware-configuration.nix
then ./hardware-configuration.nix
else {}
)
];
environment.systemPackages = with pkgs; [
ddrescue
gptfdisk
ms-sys
nvme-cli
parted
pciutils
smartmontools
testdisk
usbutils
];
# TODO: selectively whitelist?
nixpkgs.config.allowUnfree = true;
nixpkgs.config.allowUnfreePredicate = (pkg: true);
nixpkgs.config.nonfreeLicensing = true; # used by ffmpeg
# TODO: per host?
hardware.enableRedistributableFirmware = true;
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
nix.settings.allowed-users = [ "*" ]; # default
#nix.settings.allowed-users = [ "@nixbld" "@builders" ]; # TODO: this
nix.settings.trusted-users = [ "root" "@wheel" ];
nix.settings.auto-optimise-store = true; # deduplicate with hardlinks, expensive. Alternative: nix-store --optimise
#nix.optimize.automatic = true; # periodic optimization
nix.gc.automatic = true;
nix.gc.dates = "weekly";
nix.gc.options = "--delete-older-than 30d";
nix.extraOptions = ''
min-free = ${toString (1 * 1024 * 1024 * 1024)}
max-free = ${toString (5 * 1024 * 1024 * 1024)}
'';
services.thermald.enable = lib.mkIf (config.nixpkgs.system == "x86_64-linux") true;
# System fonts
# Nice to have when X-forwading on headless machines
fonts.fontDir.enable = true; # creates /run/current-system/sw/share/X11/fonts
fonts.enableDefaultFonts = true; # dejavu, freefont, gyre, liberation, unifont, noto-fonts-emoji
fonts.fonts = with pkgs; [
noto-fonts # includes Cousine
noto-fonts-cjk
noto-fonts-emoji
noto-fonts-extra
];
# firewall
services.fail2ban.enable = config.services.openssh.enable;
networking.firewall.enable = true; # default
}