mirror of
https://git.pvv.ntnu.no/Drift/pvv-nixos-config.git
synced 2026-02-04 09:10:01 +01:00
139 lines
3.3 KiB
Nix
139 lines
3.3 KiB
Nix
{
|
|
pkgs,
|
|
lib,
|
|
fp,
|
|
...
|
|
}:
|
|
|
|
{
|
|
imports = [
|
|
(fp /users)
|
|
(fp /modules/snakeoil-certs.nix)
|
|
|
|
./networking.nix
|
|
./nix.nix
|
|
./vm.nix
|
|
./flake-input-exporter.nix
|
|
|
|
./services/acme.nix
|
|
./services/auto-upgrade.nix
|
|
./services/dbus.nix
|
|
./services/fwupd.nix
|
|
./services/irqbalance.nix
|
|
./services/journald-upload.nix
|
|
./services/logrotate.nix
|
|
./services/nginx.nix
|
|
./services/openssh.nix
|
|
./services/polkit.nix
|
|
./services/postfix.nix
|
|
./services/prometheus-node-exporter.nix
|
|
./services/prometheus-systemd-exporter.nix
|
|
./services/promtail.nix
|
|
./services/roowho2.nix
|
|
./services/smartd.nix
|
|
./services/thermald.nix
|
|
./services/uptimed.nix
|
|
./services/userborn.nix
|
|
./services/userdbd.nix
|
|
];
|
|
|
|
boot.tmp.cleanOnBoot = lib.mkDefault true;
|
|
boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
|
|
|
|
time.timeZone = "Europe/Oslo";
|
|
|
|
i18n.defaultLocale = "en_US.UTF-8";
|
|
console = {
|
|
font = "Lat2-Terminus16";
|
|
keyMap = "no";
|
|
};
|
|
|
|
environment.enableAllTerminfo = true;
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
# Debug dns outside resolvectl
|
|
dig
|
|
|
|
# Debug and find files
|
|
file
|
|
|
|
# Check computer specs
|
|
lshw
|
|
|
|
# Scan for open ports with netstat
|
|
net-tools
|
|
|
|
# Grep for files quickly
|
|
ripgrep
|
|
|
|
# Copy files over the network
|
|
rsync
|
|
|
|
# Access various state, often in /var/lib
|
|
sqlite-interactive
|
|
|
|
# Debug software which won't debug itself
|
|
strace
|
|
|
|
# Download files from the internet
|
|
wget
|
|
];
|
|
|
|
# Clone/push nix config and friends
|
|
programs.git.enable = true;
|
|
|
|
# Gitea gpg, oysteikt sops, etc.
|
|
programs.gnupg.agent.enable = true;
|
|
|
|
# Monitor the wellbeing of the machines
|
|
programs.htop.enable = true;
|
|
|
|
# Keep sessions running during work over SSH
|
|
programs.tmux.enable = true;
|
|
|
|
# Same reasoning as tmux
|
|
programs.screen.enable = true;
|
|
|
|
# Edit files on the system without resorting to joe(1)
|
|
programs.nano.enable = true;
|
|
# Same reasoning as nano
|
|
programs.vim.enable = true;
|
|
|
|
# Some people like this shell for some reason
|
|
programs.zsh.enable = true;
|
|
|
|
# .bash_profile already works, but lets also use .bashrc like literally every other distro
|
|
# https://man.archlinux.org/man/core/bash/bash.1.en#INVOCATION
|
|
# home-manager usually handles this for you: https://github.com/nix-community/home-manager/blob/22a36aa709de7dd42b562a433b9cefecf104a6ee/modules/programs/bash.nix#L203-L209
|
|
# btw, programs.bash.shellInit just goes into environment.shellInit which in turn goes into /etc/profile, spooky shit
|
|
programs.bash.shellInit = ''
|
|
if [ -n "''${BASH_VERSION:-}" ]; then
|
|
if [[ ! -f ~/.bash_profile && ! -f ~/.bash_login ]]; then
|
|
[[ -f ~/.bashrc ]] && . ~/.bashrc
|
|
fi
|
|
fi
|
|
'';
|
|
|
|
# security.lockKernelModules = true;
|
|
security.protectKernelImage = true;
|
|
security.sudo.execWheelOnly = true;
|
|
security.sudo.extraConfig = ''
|
|
Defaults lecture = never
|
|
'';
|
|
|
|
# These are servers, sleep is for the weak
|
|
systemd.sleep.extraConfig = lib.mkDefault ''
|
|
AllowSuspend=no
|
|
AllowHibernation=no
|
|
'';
|
|
|
|
fonts.fontconfig.enable = lib.mkDefault false;
|
|
|
|
users.mutableUsers = lib.mkDefault false;
|
|
|
|
users.groups."drift".name = "drift";
|
|
|
|
# Trusted users on the nix builder machines
|
|
users.groups."nix-builder-users".name = "nix-builder-users";
|
|
}
|