aegis/configuration.nix

105 lines
2.6 KiB
Nix
Raw Normal View History

2021-03-31 16:41:27 +02:00
{ config, pkgs, lib, ... }: {
# NixOS wants to enable GRUB by default
boot.loader.grub.enable = false;
# Enables the generation of /boot/extlinux/extlinux.conf
boot.loader.generic-extlinux-compatible.enable = true;
# A bunch of boot parameters needed for optimal runtime on RPi 3B
boot.kernelParams = [ "cma=32M" "zfs.zfs_arc_max=134217728" ];
boot.loader.raspberryPi = {
enable = true;
version = 3;
uboot.enable = true;
firmwareConfig = ''
hdmi_force_hotplug=1
'';
};
environment.systemPackages = with pkgs; [ libraspberrypi htop vim ];
# !!! Adding a swap file is optional, but strongly recommended!
swapDevices = [{
device = "/swapfile";
size = 1024;
}];
# Configure basic SSH access
services.openssh = {
enable = true;
permitRootLogin = "yes";
};
# Cleanup tmp on startup
boot.cleanTmpDir = true;
# Set hostname
2021-04-06 11:10:09 +02:00
networking.hostName = "aegis";
2021-03-31 16:41:27 +02:00
2021-04-06 11:10:09 +02:00
# Create coace user
users.users.coace = {
2021-03-31 16:41:27 +02:00
isNormalUser = true;
2021-04-06 11:10:09 +02:00
extraGroups = [ "wheel" ];
openssh.authorizedKeys.keys = [''
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINNmNckWBxa2fQkUjWLHgQd32C272yB+f9kTcnooszd5 coolneng@panacea
''];
2021-03-31 16:41:27 +02:00
shell = "${pkgs.fish}/bin/fish";
};
# Set vim as default editor
programs.vim.defaultEditor = true;
# Set timezone and synchronize NTP
time.timeZone = "Europe/Brussels";
services.timesyncd.enable = true;
# Enable ZFS support
boot.supportedFilesystems = [ "zfs" ];
# Scrub zpool monthly
services.zfs.autoScrub = {
enable = true;
interval = "monthly";
};
# Auto-upgrade the system and reboot if needed
system.autoUpgrade = {
enable = true;
allowReboot = true;
2021-04-06 11:11:02 +02:00
dates = "Sat *-*-* 04:40:00";
2021-03-31 16:41:27 +02:00
};
# Run Nix garbage collector, while avoiding recompilation
nix = {
autoOptimiseStore = true;
gc = {
automatic = true;
options = "--delete-older-than 14d";
};
extraOptions = ''
keep-outputs = true
keep-derivations = true
gc-keep-outputs = true
'';
};
# Configure fish shell
programs.fish.enable = true;
users.users.root = {
shell = "${pkgs.fish}/bin/fish";
2021-04-06 11:10:26 +02:00
openssh.authorizedKeys.keys = [''
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINNmNckWBxa2fQkUjWLHgQd32C272yB+f9kTcnooszd5 coolneng@panacea
''];
2021-03-31 16:41:27 +02:00
};
# Rotate logs after 7 days
services.journald.extraConfig = "SystemMaxFiles=7";
# Increase inotify limits
boot.kernel.sysctl = { "fs.inotify.max_user_watches" = 204800; };
# Import other configuration modules
2021-04-06 11:09:51 +02:00
imports = [ ./modules/hardware-configuration.nix ./modules/networking.nix ];
2021-03-31 16:41:27 +02:00
}