bwc9876.dev
Flake for my NixOS devices
1{...}: {
2 pkgs,
3 inputs,
4 config,
5 lib,
6 ...
7}: {
8 time.timeZone = lib.mkDefault "America/New_York";
9
10 environment.etc."machine-id".text = lib.mkDefault (
11 builtins.hashString "md5" config.networking.hostName
12 );
13
14 environment.variables."HOSTNAME" = lib.mkDefault config.networking.hostName;
15 environment.systemPackages = with pkgs; [
16 uutils-coreutils-noprefix
17 nh
18 nix-output-monitor
19 git
20 just
21 ];
22 environment.etc."flake-src".source = inputs.self;
23
24 programs.ssh.startAgent = true;
25 documentation.man.generateCaches = false;
26 services.upower.enable = true;
27 services.udisks2.enable = true;
28
29 boot.tmp.cleanOnBoot = lib.mkDefault true;
30 services.logind.settings.Login.RuntimeDirectorySize = lib.mkDefault "100M";
31
32 # Make Nix builder lower OOM priority so it's killed before other stuff
33 systemd.services.nix-daemon.serviceConfig.OOMScoreAdjust = lib.mkDefault 250;
34
35 # Keep flake inputs when GC-ing
36 system.extraDependencies = with builtins; let
37 flakeDeps = flake:
38 [flake.outPath] ++ (foldl' (a: b: a ++ b) [] (map flakeDeps (attrValues flake.inputs or {})));
39 in
40 flakeDeps inputs.self;
41
42 boot = {
43 initrd.systemd = {
44 enable = lib.mkDefault true;
45 };
46
47 # Use latest kernel with sysrqs and lockdown enabled
48 kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
49 kernelParams = lib.mkDefault ["lockdown=confidentiality"];
50 kernel.sysctl."kernel.sysrq" = lib.mkDefault 1;
51 };
52
53 nix = {
54 channel.enable = false;
55 registry.p.flake = inputs.self;
56 package = pkgs.lix;
57 settings = {
58 # So we can do `import <nixpkgs>`
59 nix-path = "nixpkgs=${inputs.nixpkgs}";
60 experimental-features = [
61 "nix-command"
62 "flakes"
63 "pipe-operator"
64 ];
65 auto-optimise-store = true;
66 fallback = true;
67 };
68 gc = {
69 automatic = lib.mkDefault false;
70 dates = lib.mkDefault "weekly";
71 };
72 };
73}