nixosModules/base.nix at silly-iso · bwc9876.dev/nixos-config

bwc9876.dev / nixos-config
fork atom
Flake for my NixOS devices
fork atom
nixos-config / nixosModules / base.nix
at silly-iso 96 lines 3.5 kB view raw
wrap content
bwc9876.dev Wireshark ISO 2mo ago
b96b9ebf
 1{...}: {
 2  pkgs,
 3  inputs,
 4  config,
 5  lib,
 6  ...
 7}: {
 8  options.cow.base = let
 9    mkDefaultOption = d: (lib.mkEnableOption d) // {default = true;};
10  in {
11    enable = lib.mkEnableOption "Base niceties and system tweaks. Also sets up some defaults specific to me, but can be easily changed.";
12    env = mkDefaultOption "a nice environment setup, sets /etc/machine-id, HOSTNAME, and links flake source code in /etc/flake-src";
13    util = mkDefaultOption "Programs needed to rebuild the flake and run just recipes";
14    tmp = mkDefaultOption "Clear /tmp on boot and limit RuntimeDirectorySize";
15    nix = mkDefaultOption "Nix tweaks: use Lix, mark flake inputs as extra deps, adjust OOM score of the build daemon, expose nixpkgs instance as 'p' in flake registry, turn off channels, etc.";
16    boot = mkDefaultOption "systemd in initrd, set kernel lockdown";
17    linux-latest = mkDefaultOption "latest Linux kernel";
18    sysrqs = lib.mkEnableOption "sysrqs";
19  };
20
21  config = let
22    conf = config.cow.base;
23  in
24    lib.mkIf conf.enable (
25      lib.mkMerge [
26        {
27          time.timeZone = lib.mkDefault "America/New_York";
28          programs.ssh.startAgent = lib.mkDefault true;
29        }
30        (lib.mkIf conf.env {
31          environment.etc = {
32            "machine-id".text = builtins.hashString "md5" config.networking.hostName;
33            "flake-src".source = inputs.self;
34          };
35          environment.variables.HOSTNAME = config.networking.hostName;
36        })
37        (lib.mkIf conf.util {
38          environment.systemPackages = with pkgs; [
39            uutils-coreutils-noprefix
40            nh
41            nix-output-monitor
42            git
43            just
44          ];
45        })
46        (lib.mkIf conf.tmp {
47          boot.tmp.cleanOnBoot = lib.mkDefault true;
48          services.logind.settings.Login.RuntimeDirectorySize = lib.mkDefault "100M";
49        })
50        (lib.mkIf conf.nix {
51          # Make Nix builder lower OOM priority so it's killed before other stuff
52          systemd.services.nix-daemon.serviceConfig.OOMScoreAdjust = lib.mkDefault 250;
53
54          # Keep flake inputs when GC-ing
55          system.extraDependencies = with builtins; let
56            flakeDeps = flake:
57              [flake.outPath] ++ (foldl' (a: b: a ++ b) [] (map flakeDeps (attrValues flake.inputs or {})));
58          in
59            flakeDeps inputs.self;
60
61          nix = {
62            channel.enable = false;
63            registry.p.flake = inputs.self;
64            package = pkgs.lix;
65            settings = {
66              # So we can do `import <nixpkgs>`
67              nix-path = "nixpkgs=${inputs.nixpkgs}";
68              experimental-features = [
69                "nix-command"
70                "flakes"
71                "pipe-operator"
72              ];
73              auto-optimise-store = true;
74              fallback = true;
75            };
76            gc = {
77              automatic = lib.mkDefault false;
78              dates = lib.mkDefault "weekly";
79            };
80          };
81        })
82        (lib.mkIf conf.boot {
83          boot = {
84            initrd.systemd.enable = lib.mkDefault true;
85            kernelParams = lib.mkDefault ["lockdown=confidentiality"];
86          };
87        })
88        (lib.mkIf conf.linux-latest {
89          boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
90        })
91        (lib.mkIf conf.sysrqs {
92          boot.kernel.sysctl."kernel.sysrq" = lib.mkDefault 1;
93        })
94      ]
95    );
96}