nixosModules/base.nix at main · bwc9876.dev/nixos-config

bwc9876.dev / nixos-config
fork
this repo has no description
fork
nixos-config / nixosModules / base.nix
at main 88 lines 3.1 kB view raw
wrap content
Ben C Get rid of some utils 3w ago
d7b137d5
 1{
 2  pkgs,
 3  inputs,
 4  config,
 5  lib,
 6  ...
 7}: {
 8  options.cow.base = let
 9    mkDefaultOption = d: (lib.mkEnableOption d) // {default = true;};
10  in {
11    enable = lib.mkEnableOption "Base niceties and system tweaks. Also sets up some defaults specific to me, but can be easily changed.";
12    env = mkDefaultOption "a nice environment setup, sets /etc/machine-id, HOSTNAME, and links flake source code in /etc/flake-src";
13    util = mkDefaultOption "Programs needed to rebuild the flake and run just recipes";
14    tmp = mkDefaultOption "Clear /tmp on boot and limit RuntimeDirectorySize";
15    nix = mkDefaultOption "Nix tweaks: use Lix, mark flake inputs as extra deps, adjust OOM score of the build daemon, expose nixpkgs instance as 'p' in flake registry, turn off channels, etc.";
16    boot = mkDefaultOption "systemd in initrd, set kernel lockdown";
17    linux-latest = mkDefaultOption "latest Linux kernel";
18    sysrqs = lib.mkEnableOption "sysrqs";
19  };
20
21  config = let
22    conf = config.cow.base;
23  in
24    lib.mkIf conf.enable (
25      lib.mkMerge [
26        {
27          time.timeZone = lib.mkDefault "America/New_York";
28          programs.ssh.startAgent = true;
29        }
30        (lib.mkIf conf.env {
31          environment.etc = {
32            "machine-id".text = builtins.hashString "md5" config.networking.hostName;
33          };
34          environment.variables.HOSTNAME = config.networking.hostName;
35        })
36        (lib.mkIf conf.util {
37          environment.systemPackages = with pkgs; [
38            uutils-coreutils-noprefix
39            nh
40            nix-output-monitor
41            git
42            just
43          ];
44        })
45        (lib.mkIf conf.tmp {
46          boot.tmp.cleanOnBoot = lib.mkDefault true;
47          services.logind.settings.Login.RuntimeDirectorySize = lib.mkDefault "100M";
48        })
49        (lib.mkIf conf.nix {
50          # Make Nix builder lower OOM priority so it's killed before other stuff
51          systemd.services.nix-daemon.serviceConfig.OOMScoreAdjust = lib.mkDefault 250;
52
53          nix = {
54            channel.enable = false;
55            registry.p.flake = inputs.self;
56            package = pkgs.lix;
57            settings = {
58              # So we can do `import <nixpkgs>`
59              nix-path = "nixpkgs=${inputs.nixpkgs}";
60              experimental-features = [
61                "nix-command"
62                "flakes"
63                "pipe-operator"
64              ];
65              auto-optimise-store = true;
66              fallback = true;
67            };
68            gc = {
69              automatic = lib.mkDefault false;
70              dates = lib.mkDefault "weekly";
71            };
72          };
73        })
74        (lib.mkIf conf.boot {
75          boot = {
76            initrd.systemd.enable = lib.mkDefault true;
77            kernelParams = ["lockdown=confidentiality"];
78          };
79        })
80        (lib.mkIf conf.linux-latest {
81          boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
82        })
83        (lib.mkIf conf.sysrqs {
84          boot.kernel.sysctl."kernel.sysrq" = lib.mkDefault 1;
85        })
86      ]
87    );
88}
Configure Feed

Configure Feed
