mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Files
cff6cf9eb7f678e7bbca0ff988d349ec5e44643e
nix-config/hosts/default.nix
mjallen18 7bdf93a58c oh boy, disko, updates, etc
2025-05-14 13:20:20 -05:00

223 lines
6.0 KiB
Nix
Executable File
Raw Blame History

This file contains invisible Unicode characters
This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
{ lib, pkgs, ... }:
let
timezone = "America/Chicago";
update-script = pkgs.writeScriptBin "update" ''
#!/usr/bin/env bash
set -euo pipefail
# ===== Config =====
REPO_DIR="/etc/nixos"
HOST=$(hostname)
FLAKE="$REPO_DIR#$HOST"
PROFILE_DIR="/nix/var/nix/profiles/system-profiles"
# ===== Parse arguments =====
MODE=''${1:-"switch"}
VALID_MODES=("boot" "switch" "test" "build")
if [[ ! " ''${VALID_MODES[*]} " =~ " $MODE " ]]; then
echo " Invalid mode: '$MODE'. Use one of: $VALID_MODES[*]"
exit 1
fi
# ===== Git status check =====
cd "$REPO_DIR"
DIRTY_TAG=
if [[ -n "$(git status --porcelain)" ]]; then
echo " Git repo is dirty rebuilding with dirty tag."
DIRTY_TAG="dirty-"
fi
SHORT_HASH=$(git rev-parse --short HEAD)
COMMIT_MSG=$(git log -1 --pretty=%s | tr ' ' '_' | tr -dc '[:alnum:]_-')
TIMESTAMP=$(date -u +%Y%m%dT%H%M%SZ)
PROFILE_NAME=$TIMESTAMP-$DIRTY_TAG$SHORT_HASH-$COMMIT_MSG
echo " Building profile: $PROFILE_NAME"
# Use --profile-name only when MODE is 'switch' or 'boot'
if [[ "$MODE" == "switch" || "$MODE" == "boot" ]]; then
sudo nixos-rebuild "$MODE" --flake "$FLAKE" --profile-name "$PROFILE_NAME"
else
sudo nixos-rebuild "$MODE" --flake "$FLAKE"
fi
'';
in
{
imports = [
../share
];
# Enable nix flakes and nix-command tools
nix = {
settings = {
substituters = [
"https://nix-community.cachix.org"
"https://cache.nixos.org/"
];
trusted-public-keys = [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
warn-dirty = lib.mkForce false;
experimental-features = lib.mkForce [
"nix-command"
"flakes"
];
trusted-users = [ "@wheel" ];
};
# Garbage collect automatically every week
gc.automatic = lib.mkDefault true;
gc.options = lib.mkDefault "--delete-older-than 30d";
optimise.automatic = lib.mkDefault true;
};
# Configure nixpkgs
# Enable non free
nixpkgs.config.allowUnfree = lib.mkForce true;
# Hardware configs
hardware = {
# Bluetooth
bluetooth.enable = lib.mkDefault true;
# Enable all firmware
enableAllFirmware = lib.mkForce true;
};
# Services configs
services = {
openssh.enable = lib.mkDefault true;
# Enable firmware updates
fwupd.enable = lib.mkForce true;
fstrim.enable = lib.mkDefault true;
pcscd.enable = lib.mkDefault true;
# Enable CUPS to print documents.
printing.enable = lib.mkDefault true;
# configure pipewire
pipewire = {
enable = lib.mkDefault true;
alsa.enable = lib.mkDefault true;
alsa.support32Bit = lib.mkDefault true;
pulse.enable = lib.mkDefault true;
};
# Enable Avahi for .local hostname resolution
avahi = {
enable = lib.mkDefault true;
nssmdns4 = lib.mkDefault true; # For modern systems, use nssmdns4 instead of nssmdns
publish = {
enable = lib.mkDefault true;
addresses = lib.mkDefault true;
domain = lib.mkDefault true;
workstation = lib.mkDefault true;
};
};
};
# Time config
time = {
# Set your time zone.
timeZone = timezone;
};
boot = {
# Enable AppImage
binfmt.registrations.appimage = {
wrapInterpreterInShell = lib.mkDefault false;
interpreter = "${pkgs.appimage-run}/bin/appimage-run";
recognitionType = "magic";
offset = 0;
mask = "\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\xff\\xff\\xff";
magicOrExtension = "\\x7fELF....AI\\x02";
};
};
programs = {
zsh.enable = lib.mkDefault true;
gnupg.agent = {
enable = lib.mkDefault true;
enableSSHSupport = lib.mkDefault true;
};
command-not-found.enable = lib.mkForce false;
nix-index = {
enable = true;
enableBashIntegration = false;
enableZshIntegration = true;
};
};
environment.systemPackages = with pkgs; [
uutils-coreutils
uutils-diffutils
uutils-findutils
coreutils
update-script
nixd
pinentry-curses
];
# users.mutableUsers = lib.mkDefault false;
# Security config
security = {
wrappers."mount.nfs" = {
setuid = true;
owner = "root";
group = "root";
source = "${pkgs.nfs-utils.out}/bin/mount.nfs";
};
rtkit.enable = lib.mkDefault true;
# configure sudo
sudo.enable = lib.mkDefault false;
sudo-rs = {
enable = lib.mkDefault true;
extraRules = [
{
commands = [
{
command = "${pkgs.systemd}/bin/systemctl suspend";
options = [ "NOPASSWD" ];
}
{
command = "${pkgs.systemd}/bin/reboot";
options = [ "NOPASSWD" ];
}
{
command = "${pkgs.systemd}/bin/poweroff";
options = [ "NOPASSWD" ];
}
];
groups = [ "wheel" ];
}
];
};
};
# This option defines the first version of NixOS you have installed on this particular machine,
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
#
# Most users should NEVER change this value after the initial install, for any reason,
# even if you've upgraded your system to a new NixOS release.
#
# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
# so changing it will NOT upgrade your system.
#
# This value being lower than the current NixOS release does NOT mean your system is
# out of date, out of support, or vulnerable.
#
# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
# and migrated your data accordingly.
#
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system.stateVersion = "23.11"; # Did you read the comment?
}
Reference in New Issue View Git Blame Copy Permalink