homefree/homefree
1
0
Fork 0
Code Issues 66 Pull requests Projects 2 Releases Packages Wiki Activity Actions
homefree/profiles/common.nix
Ellis Rahhal b51aff6757 * Several updates to support NUC hardware
2024-11-13 15:25:54 -08:00

261 lines
8 KiB
Nix
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{ config, homefree-inputs, pkgs, system, ...}:
{
# --------------------------------------------------------------------------------------
# Base Nix config
# --------------------------------------------------------------------------------------
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "24.11"; # Did you read the comment?
# @TODO: Could this be useful for auto-upgrading systems out there?
# system.autoUpgrade = {
# enable = true;
# allowReboot = true;
# flake = "github:erahhal/nixcfg";
# flags = [
# "--recreate-lock-file"
# "-no-write-lock-file"
# "-L" # print build logs
# ];
# dates = "daily";
# };
nix = {
nixPath = [ "nixpkgs=${homefree-inputs.nixpkgs}" "nixos-config=/home/${config.homefree.system.adminUsername}/nixcfg" ];
# Which package collection to use system-wide.
package = pkgs.nixVersions.stable;
# package = pkgs.nixFlakes;
settings = {
# sets up an isolated environment for each build process to improve reproducibility.
# Disallow network callsoutside of fetch* and files outside of the Nix store.
sandbox = true;
# Automatically clean out old entries from nix store by detecting duplicates and creating hard links.
# Only starts with new derivations, so run "nix-store --optimise" to clear out older cruft.
# optimise.automatic = true below should handle this.
auto-optimise-store = true;
# Users with additional Nix daemon rights.
# Can specify additional binary caches, import unsigned NARs (Nix Archives).
trusted-users = [ "@wheel" "root" ];
# Users allowed to connect to Nix daemon
allowed-users = [ "@wheel" ];
substituters = [
"https://nix-community.cachix.org"
"https://cache.nixos.org/"
];
trusted-public-keys = [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
];
};
# Additional text appended to nix.conf
extraOptions =
let empty_registry = builtins.toFile "empty-flake-registry.json" ''{"flakes":[],"version":2}''; in
''
# Enable flakes
experimental-features = nix-command flakes recursive-nix
flake-registry = ${empty_registry}
builders-use-substitutes = true
# Prevents garbage collector from deleting derivations.
# Useful for querying and tracing options and dependencies for a store path.
# https://ianthehenry.com/posts/how-to-learn-nix/saving-your-shell/
keep-derivations = true
# Prevents garbage collector from deleting outputs of derivations.
keep-outputs = true
'';
# registry.nixpkgs.flake = homefree-inputs.nixpkgs;
# Garbage collection - deletes all unreachable paths in Nix store.
gc = {
# Run garbage collection automatically
automatic = true;
# Run once a week
dates = "weekly";
# Delete older than 7 days, stopping after "max-freed" bytes
options = "--delete-older-than 7d --max-freed $((64 * 1024**3))";
};
# Optimiser settings
# It seems that this is a scheduled job, as opposed to "autoOptimiseStore", which runs just in time.
optimise = {
automatic = true;
dates = [ "weekly" ];
};
};
# --------------------------------------------------------------------------------------
# User config
# --------------------------------------------------------------------------------------
users.users."${config.homefree.system.adminUsername}" = {
isNormalUser = true;
home = "/home/${config.homefree.system.adminUsername}";
description = "Homefree Admin";
extraGroups = [ "wheel" ];
openssh.authorizedKeys.keys= config.homefree.system.authorizedKeys;
hashedPassword = config.homefree.system.adminHashedPassword;
};
security.sudo.extraRules = [
{
groups = [ "wheel" ];
commands = [ { command = "ALL"; options = [ "NOPASSWD" ]; } ];
}
];
# --------------------------------------------------------------------------------------
# Package config
# --------------------------------------------------------------------------------------
nixpkgs = {
hostPlatform = system;
};
# --------------------------------------------------------------------------------------
# Boot / Kernel
# --------------------------------------------------------------------------------------
# Disables writing to Nix store by mounting read-only. "false" should only be used as a last resort.
# Nix mounts read-write automatically when it needs to write to it.
boot.readOnlyNixStore = true;
boot.kernelPackages = pkgs.linuxPackages_latest;
# --------------------------------------------------------------------------------------
# Hardware
# --------------------------------------------------------------------------------------
hardware.enableRedistributableFirmware = true;
hardware.enableAllFirmware = true;
# --------------------------------------------------------------------------------------
# Services
# --------------------------------------------------------------------------------------
# Firmware/BIOS updates
services.fwupd.enable = true;
# Setting to true will kill things like tmux on logout
services.logind.killUserProcesses = false;
services.gvfs.enable = true; # SMB mounts, trash, and other functionality
services.tumbler.enable = true; # Thumbnail support for images
# Enable CUPS to print documents.
services.printing.enable = true;
# @TODO: Move to "environment"?
services.printing.drivers = [ pkgs.brlaser ];
# Enable the OpenSSH daemon.
services.openssh.enable = true;
# This will save you money and possibly your life!
services.thermald.enable = true;
services.upower.enable = true;
# Enable power management
powerManagement = {
enable = true;
powertop.enable = true;
};
# Eternal Terminal
services.eternal-terminal.enable = true;
# et port
networking.firewall.allowedTCPPorts = [ 2022 ];
environment.variables = {
ET_NO_TELEMETRY = "1";
};
# --------------------------------------------------------------------------------------
# i18n
# --------------------------------------------------------------------------------------
# @TODO: Make this UI configurable
i18n.defaultLocale = "en_US.UTF-8";
# --------------------------------------------------------------------------------------
# Networking
# --------------------------------------------------------------------------------------
networking.search = [ "localdomain" ];
# --------------------------------------------------------------------------------------
# Base Packages
# --------------------------------------------------------------------------------------
programs.nix-ld.enable = true;
programs.mosh.enable = true;
environment.systemPackages = with pkgs; [
at-spi2-core
backblaze-b2
bashmount
bfg-repo-cleaner
bind
btop
ccze # readable parsed system logs
cpufrequtils
distrobox
dmidecode
dos2unix
exfat
exiftool
ffmpeg
file
fio
fx # Terminal-based JSON viewer and processor
gcc
git
git-lfs
gnumake
htop
hwinfo
iftop
inetutils
iotop
iperf3
luarocks
lshw
lsof
lxqt.lxqt-policykit # For GVFS
iw
iwd
jhead
memtest86plus
minicom
neofetch
nil
nix-index
openssl
# openjdk16-bootstrap
p7zip
pciutils
powertop
sshpass
steampipe
tmux
usbutils
utillinux
vulnix
wireguard-tools
wget
xz
zip
zsh
];
}
Reference in a new issue View git blame Copy permalink