dotfiles.nix/nixos/lavender/configuration.nix
2023-07-30 09:13:40 +08:00

172 lines
4.8 KiB
Nix
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# This is your system's configuration file.
# Use this to configure your system environment (it replaces /etc/nixos/configuration.nix)
{ inputs, outputs, lib, config, pkgs, ... }: {
# You can import other NixOS modules here
imports = [
# If you want to use modules your own flake exports (from modules/nixos):
# outputs.nixosModules.example
# Or modules from other flakes (such as nixos-hardware):
# inputs.hardware.nixosModules.common-cpu-amd
# inputs.hardware.nixosModules.common-ssd
# You can also split up your configuration and import pieces of it here:
./containers
# Import common configurations
../common/system-tools.nix
# Import your generated (nixos-generate-config) hardware configuration
./hardware-configuration.nix
];
nixpkgs = {
# You can add overlays here
overlays = [
# Add overlays your own flake exports (from overlays and pkgs dir):
outputs.overlays.additions
outputs.overlays.modifications
outputs.overlays.unstable-packages
# You can also add overlays exported from other flakes:
# neovim-nightly-overlay.overlays.default
# Or define it inline, for example:
# (final: prev: {
# hi = final.hello.overrideAttrs (oldAttrs: {
# patches = [ ./change-hello-to-hi.patch ];
# });
# })
];
# Configure your nixpkgs instance
config = {
# Disable if you don't want unfree packages
allowUnfree = true;
};
};
nix = {
gc = {
#Automatically run the garbage collector at a specific time.
automatic = true;
dates = "weekly";
options = "--delete-older-than 30d";
};
# This will add each flake input as a registry
# To make nix commands consistent with your flake
registry = lib.mapAttrs (_: value: { flake = value; }) inputs;
# This will additionally add your inputs to the system's legacy channels
# Making legacy nix commands consistent as well, awesome!
nixPath = lib.mapAttrsToList (key: value: "${key}=${value.to.path}") config.nix.registry;
settings = {
# Enable flakes and new 'nix' command
experimental-features = "nix-command flakes";
# Deduplicate and optimize nix store
auto-optimise-store = true;
};
# Free up to 1GiB whenever there is less than 100MiB left.
extraOptions = ''
min-free = ${toString (100 * 1024 * 1024)}
max-free = ${toString (1024 * 1024 * 1024)}
'';
};
# Select internationalisation properties
i18n.defaultLocale = "en_AU.UTF-8";
# Set timezone
time.timeZone = "Australia/Perth";
boot = {
# Kernel to install
kernelPackages = pkgs.linuxPackages_rpi4;
# ttyAMA0 is the serial console broken out to the GPIO
kernelParams = [
"8250.nr_uarts=1"
"console=ttyAMA0,115200"
"console=tty1"
# A lot of GUI programs need this, nearly all wayland applications
"cma=128M"
];
loader = {
# Use the extlinux boot loader. (NixOS wants to enable GRUB by default)
grub.enable = false;
# Enables the generation of /boot/extlinux/extlinux.conf
generic-extlinux-compatible.enable = true;
};
};
hardware = {
# Required for the Wireless firmware
enableRedistributableFirmware = true;
};
networking = {
hostName = "lavender";
domain = "kanto.dev";
networkmanager.enable = true;
firewall = {
enable = true;
allowedTCPPorts = [
53 # pihole-FTL (DNS)
80 # traefik (HTTP)
443 # traefik (HTTPS)
32400 # plex
32372 # qbittorrent
];
allowedUDPPorts = [
53 # pihole-FTL (DNS)
80 # traefik (HTTP)
443 # traefik (HTTPS)
32400 # plex
32372 # qbittorrent
];
};
};
environment = {
# Completions for system packages
pathsToLink = [ "/share/zsh" ];
};
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
programs = {
zsh.enable = true;
gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
};
# List services that you want to enable:
services = {
# Enable the OpenSSH daemon.
openssh = {
enable = true;
settings = {
# Disable root login.
PermitRootLogin = "no";
# Disable password login (Require keys).
PasswordAuthentication = false;
};
};
};
# Define a user account. Don't forget to set a password with passwd.
users.users.admin = {
isNormalUser = true;
extraGroups = [ "networkmanager" "wheel" "docker" ];
shell = pkgs.zsh;
openssh.authorizedKeys.keyFiles = [ ../fuchsia/id_ed25519_sk.pub ];
};
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
system.stateVersion = "22.11";
}