jasmine/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
nix-config/nixos/common/global/default.nix
jasmine c1d4fa5255
refactor(fuchsia): reorganize audio and bluetooth configuration 
Separated PipeWire audio configuration from bluetooth hardware settings for
better logical organization. Moved bluetooth config to hardware-configuration.nix
alongside kernel module workarounds (disable_ertm, iwlwifi power_save).

Also added documentation for permittedInsecurePackages in global config and
updated flake dependencies.
2025-11-12 14:40:49 +08:00

56 lines
2.2 KiB
Nix
Raw Blame History

# Global NixOS configuration shared across all hosts.
# This module provides base system settings, nixpkgs configuration, and core imports
# that every host in this configuration inherits.
{outputs, lib, ...}: {
imports = [
./age.nix # Secret management with agenix
./env.nix # Environment variables and shell configuration
./nix.nix # Nix daemon settings, features, and garbage collection
./ssh.nix # SSH server configuration and authorized keys
];
# Nixpkgs configuration - applies overlays and sets package acceptance policy
nixpkgs = {
# Apply custom overlays to extend/modify the package set
overlays = [
# Overlays our own flake exports
outputs.overlays.additions # Custom packages from pkgs/
outputs.overlays.modifications # Package patches and modifications
outputs.overlays.unstable-packages # Unstable channel packages
];
config = {
# Default to free software only - unfree packages must be explicitly allowed
allowUnfree = false;
# Centralized unfree package allowlist for NixOS system configuration.
# Note: nixpkgs.config.allowUnfreePredicate doesn't merge across modules - only the
# last definition wins. To maintain explicit control over unfree packages, we list
# all allowed packages here rather than scattering predicates across system modules.
allowUnfreePredicate = pkg:
builtins.elem (lib.getName pkg) [
# Gaming
"steam"
"steam-unwrapped"
# Services
"minecraft-server"
];
# Allow specific packages with known CVEs when required by dependencies.
# Only add packages here when no secure alternative exists.
permittedInsecurePackages = [
"mbedtls-2.28.10" # required for orca-slicer
];
};
};
# Localization settings - Australian English locale and Perth timezone
i18n.defaultLocale = "en_AU.UTF-8";
time.timeZone = "Australia/Perth";
# Network configuration - default domain for host FQDNs
networking.domain = "kanto.dev";
# Enable non-free firmware for hardware compatibility (WiFi, GPU drivers, etc.)
hardware.enableRedistributableFirmware = true;
}
Reference in a new issue View git blame Copy permalink