186 lines
4.8 KiB
Nix
Executable file
186 lines
4.8 KiB
Nix
Executable file
{
|
|
config,
|
|
lib,
|
|
pkgs,
|
|
flakeSelf,
|
|
...
|
|
}: {
|
|
environment = {
|
|
# As of the 1st of May 2023, the default packages are nano, perl, rsync and strace
|
|
# I don't need any of them, so I just empty the list
|
|
defaultPackages = [];
|
|
};
|
|
|
|
# Set up /tmp
|
|
boot.tmp = {
|
|
useTmpfs = false;
|
|
# Cleaning out /tmp at boot if it's a tmpfs is quite stupid
|
|
cleanOnBoot = !config.boot.tmp.useTmpfs;
|
|
};
|
|
|
|
environment.localBinInPath = lib.mkDefault true;
|
|
|
|
# Set up zram
|
|
zramSwap = {
|
|
enable = true;
|
|
priority = 100;
|
|
memoryPercent = 60;
|
|
# zstd my beloved <3
|
|
algorithm = "zstd";
|
|
};
|
|
# zswap with zram is not a good idea
|
|
boot.kernelParams = ["zswap.enabled=0"];
|
|
|
|
# Set up keyboard layout
|
|
services.xserver.xkb.layout = "es";
|
|
|
|
# Set up console
|
|
console = {
|
|
packages = [pkgs.terminus_font];
|
|
earlySetup = true;
|
|
# mkDefault has 1000 priority, so that way I don't conflict with nixos-hardware
|
|
font = lib.mkOverride 999 "ter-i16n";
|
|
# Make the console use X's keyboard configuration
|
|
useXkbConfig = true;
|
|
};
|
|
|
|
boot.supportedFilesystems = ["nfs"];
|
|
|
|
security.pki.certificates = [
|
|
# Caddy
|
|
''
|
|
-----BEGIN CERTIFICATE-----
|
|
MIIBqTCCAU+gAwIBAgIQceh0ZUBNrOmqLVsDr+2HBjAKBggqhkjOPQQDAjAzMTEw
|
|
LwYDVQQDEyhDYWRkeSAoRXZlcmVzdCkgbG9jYWwgQ0EgLSAyMDI0IEVDQyBSb290
|
|
MB4XDTI0MDcxODAwMDEwM1oXDTM0MDUyNzAwMDEwM1owMzExMC8GA1UEAxMoQ2Fk
|
|
ZHkgKEV2ZXJlc3QpIGxvY2FsIENBIC0gMjAyNCBFQ0MgUm9vdDBZMBMGByqGSM49
|
|
AgEGCCqGSM49AwEHA0IABJjrY8x6iDXncxG8exwLyaEq8N0XnCIbga8PVYiz3VLS
|
|
07++i0Dey9k68ag6KUZICfc8dX1uZ6/ozUZb4YO3xCSjRTBDMA4GA1UdDwEB/wQE
|
|
AwIBBjASBgNVHRMBAf8ECDAGAQH/AgEBMB0GA1UdDgQWBBTQAqZS9KeiAr9mSPV9
|
|
RIJbSvRsTzAKBggqhkjOPQQDAgNIADBFAiBIgHrD2cUfNEctVx0WzHb0cLAsrK4Q
|
|
3QbyxPLyenR+dAIhAMOIAyxlKKKvAJMOzAg0r+csSVRdP1YHsHiE7U1GeHWx
|
|
-----END CERTIFICATE-----
|
|
''
|
|
];
|
|
|
|
# Set up localisation
|
|
i18n = {
|
|
defaultLocale = "en_US.UTF-8";
|
|
supportedLocales = [
|
|
"es_US.UTF-8/UTF-8"
|
|
"es_ES.UTF-8/UTF-8"
|
|
"en_US.UTF-8/UTF-8"
|
|
];
|
|
extraLocaleSettings = {
|
|
LC_NUMERIC = "es_ES.UTF-8";
|
|
# am/pm is nice but mm/dd/yy is yucky
|
|
LC_TIME = "es_US.UTF-8";
|
|
LC_MONETARY = "es_ES.UTF-8";
|
|
LC_MEASUREMENT = "es_ES.UTF-8";
|
|
LC_PAPER = "es_ES.UTF-8";
|
|
LC_ADDRESS = "es_US.UTF-8";
|
|
LC_NAME = "es_ES.UTF-8";
|
|
LC_TELEPHONE = "es_ES.UTF-8";
|
|
};
|
|
};
|
|
|
|
services = {
|
|
fstrim.enable = true;
|
|
fwupd.enable = true;
|
|
};
|
|
|
|
# Set up my user
|
|
users.users.toast = {
|
|
isNormalUser = true;
|
|
description = "Toast";
|
|
extraGroups = ["wheel"];
|
|
};
|
|
|
|
# Set up time zone.
|
|
time.timeZone = lib.mkDefault "Europe/Madrid";
|
|
services.automatic-timezoned.enable = true;
|
|
|
|
nixpkgs.overlays = [
|
|
flakeSelf.outputs.overlays.default
|
|
(
|
|
final: prev: {
|
|
catppuccin = prev.catppuccin.override {
|
|
accent = "mauve";
|
|
variant = "mocha";
|
|
themeList = [
|
|
"bat"
|
|
"btop"
|
|
"starship"
|
|
"grub"
|
|
];
|
|
};
|
|
}
|
|
)
|
|
];
|
|
|
|
catppuccin = {
|
|
flavor = "mocha";
|
|
accent = "mauve";
|
|
};
|
|
|
|
programs.iotop.enable = true;
|
|
|
|
home-manager = {
|
|
backupFileExtension = "hm-backup";
|
|
useGlobalPkgs = true;
|
|
verbose = true;
|
|
sharedModules = with flakeSelf; [
|
|
inputs.catppuccin.homeModules.catppuccin
|
|
inputs.sops-nix.homeManagerModules.sops
|
|
];
|
|
users.toast = {osConfig, ...}: {
|
|
catppuccin.flavor = osConfig.catppuccin.flavor;
|
|
catppuccin.accent = osConfig.catppuccin.accent;
|
|
home.stateVersion = "25.05";
|
|
manual = {
|
|
manpages.enable = true;
|
|
html.enable = true;
|
|
};
|
|
xdg = {
|
|
enable = true;
|
|
userDirs = {
|
|
enable = true;
|
|
createDirectories = true;
|
|
publicShare = null; # Disable the public folder
|
|
};
|
|
};
|
|
systemd.user.startServices = true;
|
|
};
|
|
};
|
|
|
|
# Set up secrets
|
|
age = {
|
|
identityPaths = [
|
|
"/persist/id_host"
|
|
];
|
|
};
|
|
sops = {
|
|
age.sshKeyPaths = ["/persist/id_host"];
|
|
defaultSopsFile = "${flakeSelf.inputs.secrets}/${config.networking.hostName}.yaml";
|
|
};
|
|
|
|
catppuccin.grub.enable = true;
|
|
|
|
/*
|
|
I used to keep the host keys in the repo as a secret, but since I use the
|
|
host keys for decrypting too I'm not sure encrypting a key with itself
|
|
is a good idea. Now the host keys will need to be placed manually where they are needed
|
|
For first time installs they are generated by services.openssh.hostKeys on servers, and
|
|
manually on everything else
|
|
*/
|
|
|
|
system = {
|
|
stateVersion = "25.05";
|
|
# Nix on nixos 23.05 does not have dirtyRev
|
|
configurationRevision = flakeSelf.sourceInfo.rev or flakeSelf.sourceInfo.dirtyRev or "dirty";
|
|
nixos.variant_id = lib.mkDefault (lib.strings.toLower config.networking.hostName);
|
|
};
|
|
image.modules.iso = {
|
|
system.nixos.variant_id = "${lib.strings.toLower config.networking.hostName}-iso";
|
|
};
|
|
}
|