nixos/system/default.nix

263 lines
6.5 KiB
Nix

{
config,
lib,
pkgs,
inputs,
username,
hostName,
...
}:
{
imports = [
inputs.home-manager.nixosModules.home-manager
inputs.stylix.nixosModules.stylix
./${hostName}.nix
./hardware-configuration/${hostName}.nix
];
nix = {
enable = true;
package = pkgs.nixVersions.latest;
settings = {
cores = 0;
max-jobs = "auto";
trusted-users = [
"root"
username
];
experimental-features = [
"nix-command"
"flakes"
];
auto-optimise-store = true;
substituters = [ "https://nix.xenia.me.uk" ];
trusted-public-keys = [ "nix.xenia.me.uk:tlgwOaG5KMLjQUk2YaErS8mAG69ZCr3PaHXZYi+Y5eI=" ];
};
channel.enable = true;
gc = {
automatic = true;
options = "--delete-older-than 7d";
};
optimise.automatic = true;
registry.my-nixos = {
from = {
type = "indirect";
id = "my-nixos";
};
to = {
type = "git";
url = "https://git.xenia.me.uk/pixelifytica/nixos.git?ref=main";
};
};
extraOptions = ''
keep-outputs = false
keep-derivations = false
min-free = ${toString (100 * 1024 * 1024)}
max-free = ${toString (1024 * 1024 * 1024)}
'';
};
nixpkgs = {
config.allowUnfreePredicate =
pkg:
builtins.elem (lib.getName pkg) [
"steam"
"steam-original"
"steam-run"
"steamcmd"
"nomachine-client"
];
overlays = [
(final: prev: {
inherit (inputs.plasma-manager.packages.${prev.system}) rc2nix;
protonmail-bridge-gui = pkgs.symlinkJoin {
name = "protonmail-bridge-gui";
paths = [ prev.protonmail-bridge-gui ];
buildInputs = [ pkgs.makeWrapper ];
postBuild = ''
wrapProgram $out/bin/protonmail-bridge-gui --set PASSWORD_STORE_DIR /dev/null
'';
};
})
];
};
system.autoUpgrade = {
enable = true;
operation = lib.mkDefault "boot";
persistent = true;
allowReboot = false;
flake = "git+${config.nix.registry.my-nixos.to.url}";
dates = "02:00";
randomizedDelaySec = "5min";
fixedRandomDelay = true;
flags = [
"--option"
"extra-binary-caches"
"https://nix.xenia.me.uk"
];
};
systemd.services = lib.mkIf config.system.autoUpgrade.enable {
nixos-upgrade.serviceConfig = {
CPUQuota = "75%";
CPUWeight = 20;
IOWeight = 20;
};
};
boot.loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
networking = {
inherit hostName;
networkmanager.enable = true;
firewall.enable = true;
nameservers = [ "9.9.9.9" ];
};
users.users =
let
authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINI1dWlS16Keil0MGPWmMsBzx8F9ylfz+fRwxUr8/tZ/ ion"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC4M1zV3yLMMI1tYwdY9QDXJDlOBugm7UXKC+Xk89yHq pixelifytica@Vanguard"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICPypUUGVAdpl0SHrUDVw0RureuFNsljrXQvrf0uc055 pixelifytica@Northstar"
];
in
{
root.openssh = {
inherit authorizedKeys;
};
${username} = {
isNormalUser = true;
group = "users";
description = "Evie Litherland-Smith";
extraGroups = [
"networkmanager"
"wheel"
"video"
"input"
"uinput"
"dialout"
];
initialHashedPassword = "$y$j9T$tHIPQt09Kf3KH2eIRze3g/$2mwSlcq27DTGvHNPJ5EP9/1CfL3bXP0F6oS/Vuffmn3";
openssh = {
inherit authorizedKeys;
};
};
};
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
backupFileExtension = "backup";
users.${username} = {
imports = [ ./home/default.nix ];
home = {
inherit username;
homeDirectory = "/home/${username}";
};
};
extraSpecialArgs = {
inherit inputs;
};
};
environment = {
sessionVariables = {
XDG_CONFIG_HOME = "$HOME/.config";
XDG_CACHE_HOME = "$HOME/.cache";
XDG_DATA_HOME = "$HOME/.local/share";
XDG_STATE_HOME = "$HOME/.local/state";
};
systemPackages = with pkgs; [
coreutils-full
gnumake
git
file
zip
unzip
curl
wget
dig
wireguard-tools
quickemu
distrobox
];
localBinInPath = true;
};
programs = {
command-not-found.enable = false;
ssh.startAgent = true;
nano = {
enable = true;
syntaxHighlight = true;
nanorc = ''
set nowrap
set tabstospaces
set tabsize 2
'';
};
};
services = {
upower.enable = true;
power-profiles-daemon.enable = true;
system76-scheduler = {
enable = true;
useStockConfig = true;
};
};
security.rtkit.enable = true;
virtualisation.podman.enable = true;
time.timeZone = "Europe/London";
i18n.defaultLocale = "en_GB.UTF-8";
console.useXkbConfig = true;
stylix = {
enable = true;
image = ./home/wallpapers/landscapes/tropic_island_day.jpg;
base16Scheme = "${pkgs.base16-schemes}/share/themes/one-light.yaml";
opacity.popups = 0.8;
cursor = {
package = pkgs.volantes-cursors;
name = "volantes_cursors";
size = 32;
};
fonts = {
serif = {
package = inputs.iosevka-custom.outputs.packages.${pkgs.system}.iosevka-custom-etoile;
name = inputs.iosevka-custom.outputs.names.iosevka-custom-etoile;
};
sansSerif = {
package = inputs.iosevka-custom.outputs.packages.${pkgs.system}.iosevka-custom-aile;
name = inputs.iosevka-custom.outputs.names.iosevka-custom-aile;
};
monospace = {
package = inputs.iosevka-custom.outputs.packages.${pkgs.system}.iosevka-custom-nerdfont;
name = inputs.iosevka-custom.outputs.names.iosevka-custom-nerdfont;
};
sizes = {
applications = 12;
desktop = 14;
popups = 16;
terminal = 12;
};
};
};
fonts = {
packages =
(with config.stylix.fonts; [
serif.package
sansSerif.package
monospace.package
emoji.package
])
++ (with pkgs; [
liberation_ttf # General compatibility
lmodern # LaTeX
(nerdfonts.override { fonts = [ "NerdFontsSymbolsOnly" ]; })
]);
fontconfig = {
enable = true;
defaultFonts = with config.stylix.fonts; {
serif = [ serif.name ];
sansSerif = [ sansSerif.name ];
monospace = [ monospace.name ];
emoji = [ emoji.name ];
};
};
};
}