-
-
Notifications
You must be signed in to change notification settings - Fork 99
/
default.nix
100 lines (86 loc) · 3.04 KB
/
default.nix
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
# default.nix
{ hey, lib, options, config, pkgs, ... }:
with lib;
with hey.lib;
{
imports = mapModulesRec' ./modules import;
options = with types; {
modules = {};
# Creates a simpler, polymorphic alias for users.users.$USER.
user = mkOpt attrs { name = ""; };
};
config = {
assertions = [{
assertion = config.user ? name;
message = "config.user.name is not set!";
}];
environment.sessionVariables = mkOrder 10 {
DOTFILES_HOME = hey.dir;
NIXPKGS_ALLOW_UNFREE = "1"; # Forgive me Stallman-senpai.
};
# FIXME: Make this optional
user = {
description = mkDefault "The primary user account";
extraGroups = [ "wheel" ];
isNormalUser = true;
home = "/home/${config.user.name}";
group = "users";
uid = 1000;
};
users.users.${config.user.name} = mkAliasDefinitions options.user;
## Core, universal configuration for all NixOS machines.
# This is here to appease 'nix flake check' for generic hosts with no
# hardware-configuration.nix or fileSystem config.
fileSystems."/".device = mkDefault "/dev/disk/by-label/nixos";
nix =
let filteredInputs = filterAttrs (_: v: v ? outputs) hey.inputs;
nixPathInputs = mapAttrsToList (n: v: "${n}=${v}") filteredInputs;
in {
extraOptions = ''
warn-dirty = false
http2 = true
experimental-features = nix-command flakes
'';
nixPath = nixPathInputs ++ [
"nixpkgs-overlays=${hey.dir}/overlays"
"dotfiles=${hey.dir}"
];
registry = mapAttrs (_: v: { flake = v; }) filteredInputs;
settings = {
substituters = [
"https://nix-community.cachix.org"
"https://hyprland.cachix.org"
];
trusted-public-keys = [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
];
trusted-users = [ "root" config.user.name ];
allowed-users = [ "root" config.user.name ];
auto-optimise-store = true;
};
};
system = {
configurationRevision = with hey.inputs; mkIf (hey ? rev) hey.rev;
stateVersion = "23.11";
};
boot = {
# initrd.systemd.enable = true;
# Prefer the latest kernel; this will be overridden on more security
# conscious systems, among other settings in modules/security.nix.
kernelPackages = mkDefault pkgs.unstable.linuxKernel.packages.linux_6_10;
loader = {
efi.canTouchEfiVariables = mkDefault true;
# To not overwhelm the boot screen.
systemd-boot.configurationLimit = mkDefault 10;
};
};
# For unfree hardware my laptops/refurbed systems will likely have.
hardware.enableRedistributableFirmware = true;
# For `hey sync build-vm` (or `nixos-rebuild build-vm`)
virtualisation.vmVariant.virtualisation = {
memorySize = 2048; # default: 1024
cores = 2; # default: 1
};
};
}