2023-02-21 01:11:30 +00:00
|
|
|
{ lib, pkgs, ... }:
|
2022-06-07 00:51:35 +00:00
|
|
|
{
|
|
|
|
imports = [
|
2023-01-08 05:24:56 +00:00
|
|
|
./feeds.nix
|
2022-11-22 04:29:17 +00:00
|
|
|
./fs.nix
|
2023-09-07 10:29:25 +00:00
|
|
|
./hardware
|
2023-01-27 07:01:23 +00:00
|
|
|
./home
|
2023-09-19 15:32:31 +00:00
|
|
|
./hosts.nix
|
2023-01-08 06:46:07 +00:00
|
|
|
./ids.nix
|
2022-11-22 04:29:17 +00:00
|
|
|
./machine-id.nix
|
|
|
|
./net.nix
|
2023-06-06 07:49:52 +00:00
|
|
|
./nix-path
|
2023-01-31 03:28:59 +00:00
|
|
|
./persist.nix
|
2023-04-25 23:28:21 +00:00
|
|
|
./programs
|
2022-11-22 03:37:57 +00:00
|
|
|
./secrets.nix
|
2022-11-22 04:29:17 +00:00
|
|
|
./ssh.nix
|
2023-06-28 03:21:05 +00:00
|
|
|
./users
|
2022-11-22 03:46:25 +00:00
|
|
|
./vpn.nix
|
2022-06-07 00:51:35 +00:00
|
|
|
];
|
2022-11-22 03:07:11 +00:00
|
|
|
|
|
|
|
sane.nixcache.enable-trusted-keys = true;
|
2023-03-04 08:19:41 +00:00
|
|
|
sane.nixcache.enable = lib.mkDefault true;
|
2023-03-11 08:36:14 +00:00
|
|
|
sane.persist.enable = lib.mkDefault true;
|
2023-11-09 00:15:30 +00:00
|
|
|
sane.root-on-tmpfs = lib.mkDefault true;
|
2023-02-21 01:11:30 +00:00
|
|
|
sane.programs.sysadminUtils.enableFor.system = lib.mkDefault true;
|
|
|
|
sane.programs.consoleUtils.enableFor.user.colin = lib.mkDefault true;
|
2022-11-22 03:09:41 +00:00
|
|
|
|
|
|
|
nixpkgs.config.allowUnfree = true;
|
2023-05-20 08:06:57 +00:00
|
|
|
nixpkgs.config.allowBroken = true; # NIXPKGS_ALLOW_BROKEN
|
2022-11-22 04:51:03 +00:00
|
|
|
|
|
|
|
# time.timeZone = "America/Los_Angeles";
|
|
|
|
time.timeZone = "Etc/UTC"; # DST is too confusing for me => use a stable timezone
|
|
|
|
|
|
|
|
# allow `nix flake ...` command
|
2023-04-06 06:24:01 +00:00
|
|
|
# TODO: is this still required?
|
2022-11-22 04:51:03 +00:00
|
|
|
nix.extraOptions = ''
|
|
|
|
experimental-features = nix-command flakes
|
|
|
|
'';
|
2023-04-06 06:23:27 +00:00
|
|
|
# hardlinks identical files in the nix store to save 25-35% disk space.
|
|
|
|
# unclear _when_ this occurs. it's not a service.
|
|
|
|
# does the daemon continually scan the nix store?
|
|
|
|
# does the builder use some content-addressed db to efficiently dedupe?
|
|
|
|
nix.settings.auto-optimise-store = true;
|
2022-11-22 04:51:03 +00:00
|
|
|
|
2023-10-09 00:09:14 +00:00
|
|
|
services.journald.extraConfig = ''
|
|
|
|
# docs: `man journald.conf`
|
|
|
|
# merged journald config is deployed to /etc/systemd/journald.conf
|
|
|
|
[Journal]
|
|
|
|
# disable journal compression because the underlying fs is compressed
|
|
|
|
Compress=no
|
|
|
|
'';
|
|
|
|
|
2023-06-28 10:47:53 +00:00
|
|
|
systemd.services.nix-daemon.serviceConfig = {
|
|
|
|
# the nix-daemon manages nix builders
|
|
|
|
# kill nix-daemon subprocesses when systemd-oomd detects an out-of-memory condition
|
|
|
|
# see:
|
|
|
|
# - nixos PR that enabled systemd-oomd: <https://github.com/NixOS/nixpkgs/pull/169613>
|
|
|
|
# - systemd's docs on these properties: <https://www.freedesktop.org/software/systemd/man/systemd.resource-control.html#ManagedOOMSwap=auto%7Ckill>
|
|
|
|
#
|
|
|
|
# systemd's docs warn that without swap, systemd-oomd might not be able to react quick enough to save the system.
|
|
|
|
# see `man oomd.conf` for further tunables that may help.
|
|
|
|
#
|
|
|
|
# alternatively, apply this more broadly with `systemd.oomd.enableSystemSlice = true` or `enableRootSlice`
|
|
|
|
# TODO: also apply this to the guest user's slice (user-1100.slice)
|
|
|
|
# TODO: also apply this to distccd
|
|
|
|
ManagedOOMMemoryPressure = "kill";
|
|
|
|
ManagedOOMSwap = "kill";
|
|
|
|
};
|
|
|
|
|
2022-11-22 04:51:03 +00:00
|
|
|
|
2023-07-07 23:34:12 +00:00
|
|
|
system.activationScripts.nixClosureDiff = {
|
|
|
|
supportsDryActivation = true;
|
|
|
|
text = ''
|
|
|
|
# show which packages changed versions or are new/removed in this upgrade
|
|
|
|
# source: <https://github.com/luishfonseca/dotfiles/blob/32c10e775d9ec7cc55e44592a060c1c9aadf113e/modules/upgrade-diff.nix>
|
|
|
|
${pkgs.nvd}/bin/nvd --nix-bin-dir=${pkgs.nix}/bin diff /run/current-system "$systemConfig"
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2022-11-22 04:51:03 +00:00
|
|
|
# disable non-required packages like nano, perl, rsync, strace
|
|
|
|
environment.defaultPackages = [];
|
|
|
|
|
2023-01-30 03:00:55 +00:00
|
|
|
# dconf docs: <https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/desktop_migration_and_administration_guide/profiles>
|
2023-07-11 10:05:46 +00:00
|
|
|
# this lets programs temporarily write user-level dconf settings (aka gsettings).
|
|
|
|
# they're written to ~/.config/dconf/user, unless `DCONF_PROFILE` is set to something other than the default of /etc/dconf/profile/user
|
2023-01-30 03:02:22 +00:00
|
|
|
# find keys/values with `dconf dump /`
|
2023-01-30 03:00:55 +00:00
|
|
|
programs.dconf.enable = true;
|
|
|
|
programs.dconf.packages = [
|
|
|
|
(pkgs.writeTextFile {
|
|
|
|
name = "dconf-user-profile";
|
|
|
|
destination = "/etc/dconf/profile/user";
|
|
|
|
text = ''
|
|
|
|
user-db:user
|
|
|
|
system-db:site
|
|
|
|
'';
|
|
|
|
})
|
|
|
|
];
|
2023-07-11 10:05:46 +00:00
|
|
|
# sane.programs.glib.enableFor.user.colin = true; # for `gsettings`
|
2023-01-30 03:00:55 +00:00
|
|
|
|
2022-11-22 04:51:03 +00:00
|
|
|
# link debug symbols into /run/current-system/sw/lib/debug
|
|
|
|
# hopefully picked up by gdb automatically?
|
|
|
|
environment.enableDebugInfo = true;
|
2022-06-07 00:51:35 +00:00
|
|
|
}
|