pederbs/config
pederbs
/
config
1
1
Fork 0
Code Issues Pull Requests Releases Activity
config/base.nix

79 lines
3.0 KiB
Nix
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{ config, pkgs, lib, inputs, ... }:
{
imports = [
./cachix.nix
(if builtins.pathExists ./hardware-configuration.nix
then ./hardware-configuration.nix # results of nixos-generate-config
else {}
)
];
nixpkgs.config.allowUnfree = true;
nixpkgs.config.allowUnfreePredicate = (pkg: true);
# 'nixos-rebuild switch --upgrade', by default daily with no reboot
#system.autoUpgrade.allowReboot = true; # reboot after a kernel (module) or initrd upgrade, consider also setting `rebootWindow`
# TODO: this check is not pure
system.autoUpgrade = if builtins.pathExists "/etc/nixos/flake.nix" then { #TODO: should i check for .git instead?
enable = true;
flake = "/etc/nixos";
flags = [
"--recreate-lock-file" # fetch new inputs
#"--commit-lock-file" # commit new lock to local git repo
# TODO: can i somehow first do a git pull --rebase --autostash with proper abort handling ?
"-L" # print build logs
];
} else {
enable = true;
flake = inputs.self.outPath; # a nix store path
flags = [
"--recreate-lock-file" # fetch new inputs
"--no-write-lock-file" # no write new flakelock, as the in-store flake is read-only
"-L" # print build logs
];
};
#assertions = [
# { assertion = builtins.pathExists "/etc/nixos/flake.nix"; message = "You have yet to test systems without a flake in /etc/nixos"; }
#];
nix.settings.trusted-users = [ "root" ]; # default, but will stick around after a mergins with ./users
nix.settings.auto-optimise-store = true; # deduplicate with hardlinks, expensive. Alternative: nix-store --optimise
#nix.optimize.automatic = true; # periodic optimization
nix.gc.automatic = true;
nix.gc.dates = "weekly";
nix.gc.options = "--delete-older-than 30d";
# TODO: can i make this non-string?
nix.extraOptions = ''
experimental-features = nix-command flakes
'';
# TODO: only if x86_64?
services.thermald.enable = true;
# Bootloader
boot.loader.grub.enable = true;
boot.loader.grub.device = "/dev/sda"; # TODO: host-specific
boot.loader.grub.useOSProber = true;
# firewall
services.fail2ban.enable = config.services.openssh.enable;
networking.firewall.enable = true; # default
# Time zone and internationalisation properties.
time.timeZone = "Europe/Oslo";
i18n.defaultLocale = "en_US.utf8";
i18n.extraLocaleSettings.LC_ADDRESS = "nb_NO.utf8";
i18n.extraLocaleSettings.LC_IDENTIFICATION = "nb_NO.utf8";
i18n.extraLocaleSettings.LC_MEASUREMENT = "nb_NO.utf8";
i18n.extraLocaleSettings.LC_MONETARY = "nb_NO.utf8";
i18n.extraLocaleSettings.LC_NAME = "nb_NO.utf8";
i18n.extraLocaleSettings.LC_NUMERIC = "nb_NO.utf8";
i18n.extraLocaleSettings.LC_PAPER = "nb_NO.utf8";
i18n.extraLocaleSettings.LC_TELEPHONE = "nb_NO.utf8";
i18n.extraLocaleSettings.LC_TIME = "nb_NO.utf8";
console.keyMap = "no";
services.xserver.layout = "no";
services.xserver.xkbVariant = "";
}
Reference in New Issue View Git Blame Copy Permalink