forked from tuxcord/tuxcord.nix
134 lines
2.4 KiB
Nix
134 lines
2.4 KiB
Nix
{
|
|
inputs',
|
|
inputs,
|
|
lib,
|
|
pkgs,
|
|
self,
|
|
...
|
|
}:
|
|
let
|
|
inherit (lib)
|
|
mkDefault
|
|
mkIf
|
|
;
|
|
in
|
|
{
|
|
imports = with inputs; [
|
|
agenix.nixosModules.default
|
|
impermanence.nixosModules.default
|
|
nix-index-database.nixosModules.nix-index
|
|
|
|
./hardware.nix
|
|
./impermanence.nix
|
|
./modules
|
|
./programs.nix
|
|
./users.nix
|
|
./vm.nix
|
|
];
|
|
|
|
nix = {
|
|
package = inputs'.nix-super.packages.default;
|
|
|
|
settings = {
|
|
auto-optimise-store = true;
|
|
experimental-features = [
|
|
"ca-derivations"
|
|
"flakes"
|
|
"nix-command"
|
|
];
|
|
log-lines = 500;
|
|
show-trace = true;
|
|
trusted-users = [
|
|
"@wheel"
|
|
];
|
|
|
|
min-free = 10 * 1024 * 1024 * 1024;
|
|
max-free = 50 * 1024 * 1024 * 1024;
|
|
};
|
|
|
|
registry =
|
|
let
|
|
mappedRegistry = lib.mapAttrs' (name: flake: lib.nameValuePair name { inherit flake; }) inputs;
|
|
in
|
|
mappedRegistry // { default = mappedRegistry.nixpkgs; };
|
|
|
|
gc = {
|
|
automatic = true;
|
|
dates = "weekly";
|
|
options = "--delete-older-than 90d";
|
|
};
|
|
|
|
daemonCPUSchedPolicy = "idle";
|
|
daemonIOSchedClass = "idle";
|
|
};
|
|
|
|
boot = {
|
|
loader = {
|
|
grub = {
|
|
enable = mkDefault true;
|
|
efiSupport = true;
|
|
efiInstallAsRemovable = true;
|
|
device = "nodev";
|
|
splashImage = null;
|
|
configurationLimit = 100;
|
|
};
|
|
timeout = 5;
|
|
};
|
|
|
|
kernelParams = [
|
|
"boot.shell_on_fail"
|
|
"zswap.enabled=0"
|
|
];
|
|
|
|
binfmt = {
|
|
emulatedSystems = mkIf pkgs.stdenv.hostPlatform.isx86 [ "aarch64-linux" ];
|
|
preferStaticEmulators = true;
|
|
};
|
|
|
|
supportedFilesystems = [ "nfs" ];
|
|
};
|
|
|
|
networking = {
|
|
networkmanager.enable = true;
|
|
|
|
firewall = {
|
|
enable = true;
|
|
|
|
allowedTCPPorts = [
|
|
22
|
|
];
|
|
};
|
|
};
|
|
|
|
services = {
|
|
openssh = {
|
|
enable = true;
|
|
|
|
settings = {
|
|
ClientAliveInterval = 300;
|
|
KbdInteractiveAuthentication = false;
|
|
PasswordAuthentication = false;
|
|
PermitRootLogin = "no";
|
|
};
|
|
};
|
|
};
|
|
|
|
virtualisation.podman.enable = true;
|
|
|
|
zramSwap = {
|
|
enable = true;
|
|
|
|
algorithm = mkDefault "lzo-rle";
|
|
memoryPercent = 100;
|
|
};
|
|
|
|
nixpkgs.config.allowUnfree = true;
|
|
|
|
system = {
|
|
configurationRevision = self.rev or self.dirtyRev;
|
|
stateVersion = "25.11";
|
|
};
|
|
|
|
environment.etc."nixos/current".source = lib.cleanSource ./..;
|
|
}
|