nixos-configuration/nix-os/core.nix

# Edit this configuration file to define what should be installed on
# your system.  Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running 'nixos-help').

{ config, pkgs, lib, ... }:

let
  /*
   * pkgs: package - nixpkgs package
   * exe: string - executable (under bin) in pkgs
   * wrapperArgs: string[] - arguments to pass to the wrapper
   */
  mkWrappedExecutable = {pkg, exe ? pkg.meta.mainProgram, wrapperArgs}: let inherit (pkgs) lib makeWrapper; in pkgs.stdenv.mkDerivation {
    name = "${pkg.name}-wrap-${exe}";
    nativeBuildInputs = [ makeWrapper ];
    phases = ["installPhase"];
    installPhase = ''
      mkdir -p $out/bin
      makeWrapper ${pkg}/bin/${exe} $out/bin/${exe} ${lib.concatStringsSep " " wrapperArgs}
    '';
  };
  wrapedNixPrograms = [
    (mkWrappedExecutable {pkg = pkgs.nix; exe = "nix-build"; wrapperArgs = ["--add-flags" "\"--log-format\"" "--add-flags" "bar-with-logs"];})
    (mkWrappedExecutable {pkg = pkgs.nix; exe = "nix-shell"; wrapperArgs = ["--add-flags" "\"--log-format\"" "--add-flags" "bar"];})
  ];
in
{
  # kernel
  boot.kernelPackages = pkgs.linuxPackages_latest;

  # Enable networking
  networking.networkmanager.enable = true;

  # Allow unfree packages
  nixpkgs.config.allowUnfree = true;

  # List packages installed in system profile. To search, run:
  # $ nix search wget
  environment.systemPackages = with pkgs; [
    wget
    ffmpeg
    yt-dlp
    htop
    btop
    fastfetch
    smartmontools
    ddrescue
  ] ++ wrapedNixPrograms;

  programs.git.enable = true;
  programs.git.config = {
    init.defaultBranch = "main";
    merge.conflictstyle = "diff3";
    rerere.enabled = true;
  };

  # Enable fail2ban because of the OpenSSH server
  services.fail2ban = {
    enable = true;
    maxretry = 10;
    bantime = "7d";
  };

  # Enable the OpenSSH daemon.
  services.openssh = {
    enable = true;
    ports = [
      22
      8022
    ];
  };
}