Wroclaw
cdd5121026
waypipe is provided through core module because maybe I'll want to use it on servers without desktop who knows
107 lines
2.9 KiB
Nix
107 lines
2.9 KiB
Nix
# Edit this configuration file to define what should be installed on
|
|
# your system. Help is available in the configuration.nix(5) man page
|
|
# and in the NixOS manual (accessible by running 'nixos-help').
|
|
|
|
{ inputs, lib, pkgs, ... }:
|
|
|
|
let
|
|
inherit (pkgs) mkWrappedExecutable;
|
|
|
|
# bool -> nixpkgs[]
|
|
wrappedNixExecutables = inEnvironment: assert builtins.isBool inEnvironment; [
|
|
(mkWrappedExecutable {pkg = pkgs.nix; exe = "nix-build"; wrapperArgs = ["--add-flags" "\"--log-format\"" "--add-flags" "bar${lib.optionalString inEnvironment "-with-logs"}"];})
|
|
(mkWrappedExecutable {pkg = pkgs.nix; exe = "nix-shell"; wrapperArgs = ["--add-flags" "\"--log-format\"" "--add-flags" "bar"];})
|
|
];
|
|
wrappedNixosExecutables = [
|
|
(mkWrappedExecutable {pkg = pkgs.nixos-rebuild; wrapperArgs = ["--add-flags" "\"--log-format\"" "--add-flags" "bar"];})
|
|
];
|
|
wrappedNix = (pkgs.buildEnv {
|
|
name = "wrappedNix-${pkgs.nix.version}";
|
|
paths = [ pkgs.nix ] ++ wrappedNixExecutables false;
|
|
}).overrideAttrs {
|
|
version = pkgs.nix.version;
|
|
passthru.meta = pkgs.nix.meta;
|
|
};
|
|
in
|
|
{
|
|
imports = [
|
|
./module-overrides.nix
|
|
];
|
|
|
|
# kernel
|
|
# FIXME: current cosmic-greeter (2024-12-02) fails to start with kernel 6.12
|
|
boot.kernelPackages = pkgs.linuxPackages_6_11;
|
|
|
|
# Enable networking
|
|
networking.networkmanager.enable = true;
|
|
|
|
# Allow unfree packages
|
|
nixpkgs.config.allowUnfree = true;
|
|
nix = {
|
|
package = wrappedNix;
|
|
channel.enable = false;
|
|
settings.experimental-features = [
|
|
"no-url-literals"
|
|
];
|
|
nixPath = [
|
|
"nixpkgs=${pkgs.selfExpr { useConfig = false; }}"
|
|
"systemNixpkgs=${pkgs.selfExpr { useConfig = true; name = "systemNixpkgs-self"; }}"
|
|
# don't garbage collect the nixpkgs input
|
|
"inputsNixpkgs=${inputs.nixpkgs}"
|
|
];
|
|
};
|
|
|
|
# List packages installed in system profile. To search, run:
|
|
# $ nix search wget
|
|
environment.systemPackages = with pkgs; [
|
|
waypipe
|
|
wget
|
|
ffmpeg
|
|
yt-dlp
|
|
htop
|
|
btop
|
|
fastfetch
|
|
smartmontools
|
|
ddrescue
|
|
] ++ wrappedNixExecutables true
|
|
++ wrappedNixosExecutables;
|
|
|
|
programs.git.enable = true;
|
|
programs.git.config = {
|
|
commit.verbose = true;
|
|
init.defaultBranch = "main";
|
|
merge.conflictstyle = "diff3";
|
|
rerere.enabled = true;
|
|
};
|
|
|
|
# Use nix-index for command-not-found handler
|
|
programs.command-not-found.enable = false;
|
|
programs.nix-index = {
|
|
package = pkgs.nix-index.override {
|
|
nix-index-unwrapped = pkgs.nix-index-unwrapped.overrideAttrs (oldAttrs: {
|
|
patches = oldAttrs.patches or [] ++ [
|
|
../pkgs/by-name/ni/nix-index/cnfOutput.patch
|
|
];
|
|
});
|
|
|
|
};
|
|
enable = true;
|
|
enableBashIntegration = true;
|
|
};
|
|
|
|
# Enable fail2ban because of the OpenSSH server
|
|
services.fail2ban = {
|
|
enable = true;
|
|
maxretry = 10;
|
|
bantime = "7d";
|
|
};
|
|
|
|
# Enable the OpenSSH daemon.
|
|
services.openssh = {
|
|
enable = true;
|
|
ports = [
|
|
22
|
|
8022
|
|
];
|
|
};
|
|
}
|