uku/flake
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
flake/configs/common.nix

222 lines
4.6 KiB
Nix
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
lib,
pkgs,
config,
_utils,
agenix,
camasca,
hjem,
nixpkgs,
nix-index-database,
vencord,
...
}:
let
rootPassword = _utils.setupSingleSecret config "rootPassword" { };
secrets = _utils.setupSharedSecrets config {
secrets = [ "userPassword" ];
};
in
{
imports = [
agenix.nixosModules.default
hjem.nixosModules.default
nix-index-database.nixosModules.nix-index
(lib.mkAliasOptionModule [ "hj" ] [ "hjem" "users" "leo" "files" ])
rootPassword.generate
secrets.generate
../programs/fish.nix
../programs/git.nix
../programs/neovim
];
age = {
ageBin = lib.getExe pkgs.rage;
identityPaths = [ "/etc/age/key" ];
};
boot = {
# see ./server.nix and ./client.nix for kernel versions
kernelParams = [
"quiet"
"loglevel=3"
];
# faster tcp !!!
kernel.sysctl = {
"net.core.default_qdisc" = "fq";
"net.ipv4.tcp_congestion_control" = "bbr";
};
tmp.cleanOnBoot = true;
};
console.keyMap = "fr";
environment.systemPackages = with pkgs; [
btop
curl
fd
git
htop
jq
ncdu
ripgrep
wget
];
hjem = {
clobberByDefault = true;
users.leo.files = {
".ssh/config".text = ''
Host *
ForwardAgent yes
AddKeysToAgent yes
'';
};
};
i18n.defaultLocale = "en_US.UTF-8";
networking = {
useNetworkd = lib.mkDefault true;
nameservers = [
"1.1.1.1"
"1.0.0.1"
];
};
nix = {
# package = pkgs.nixVersions.nix_2_24;
channel.enable = false;
# The `flake:` syntax in `$NIX_PATH` seems to do some weird copying on Nix 2.24
nixPath = [ "nixpkgs=${config.nixpkgs.flake.source}" ];
gc = {
automatic = true;
dates = "weekly";
options = "-d";
};
registry = {
n.flake = nixpkgs;
nixpkgs.flake = nixpkgs;
u.flake = camasca;
};
# give nix daemon lower priority
daemonCPUSchedPolicy = "batch";
daemonIOSchedClass = "idle";
settings = {
auto-optimise-store = true;
experimental-features = [
"nix-command"
"flakes"
];
trusted-users = [
"root"
"@wheel"
];
connect-timeout = 5; # fail fast if substituters are not available
builders-use-substitutes = true;
log-lines = 25;
min-free = 512 * 1024 * 1024; # if free space drops under min, gc
substituters = [
"https://uku3lig.cachix.org"
];
trusted-public-keys = [
"uku3lig.cachix.org-1:C1/9DNUadh2pueAo+LUkVNUKyIVjF/CREd9RS9E+F2A="
];
};
};
nixpkgs = {
config.allowUnfree = true;
flake.setNixPath = false;
overlays = [ (import ../exprs/overlay.nix { inherit vencord; }) ];
};
programs = {
direnv.enable = true;
nix-index-database.comma.enable = true;
};
security = {
rtkit.enable = true;
polkit.enable = true;
sudo = {
execWheelOnly = true;
extraConfig = ''
Defaults lecture = never
'';
};
};
services = {
openssh = {
enable = true;
openFirewall = lib.mkDefault false;
};
resolved = {
enable = true;
dnssec = lib.mkDefault "true";
dnsovertls = lib.mkDefault "true";
};
tailscale = {
enable = true;
useRoutingFeatures = "both";
};
};
systemd = {
services.NetworkManager-wait-online.enable = lib.mkForce false;
# NixOS/nixpkgs#267101
tmpfiles.rules = [
"L /usr/lib/locale/locale-archive - - - - /run/current-system/sw/lib/locale/locale-archive"
];
};
time.timeZone = "Europe/Paris";
users.users = {
leo = {
isNormalUser = true;
shell = pkgs.fish;
extraGroups = [
"networkmanager"
"wheel"
"video"
"libvirtd"
"input"
"docker"
];
hashedPasswordFile = secrets.get "userPassword";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN+7+KfdOrhcnHayxvOENUeMx8rE4XEIV/AxMHiaNUP8"
];
};
root = {
shell = pkgs.fish;
hashedPasswordFile = rootPassword.path;
};
};
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = lib.mkDefault "24.11"; # Did you read the comment?
}
Reference in a new issue View git blame Copy permalink