nixos-config/sets/base.nix

85 lines
2 KiB
Nix

{ config, pkgs, lib, inputs, ... }:
{
imports = [ inputs.private.nixosModules.base ];
systemd.tmpfiles.rules = lib.mapAttrsToList
(key: value: "L+ /etc/channels/${key} - - - - ${value.outPath}") inputs;
nix = {
nixPath = [ "/etc/channels" ];
registry.nixpkgs.to = {
type = "path";
path = inputs.nixpkgs.outPath;
};
settings = {
auto-optimise-store = true;
experimental-features = [ "nix-command" "flakes" "ca-derivations" ];
trusted-users = [ "@wheel" ];
use-xdg-base-directories = true;
};
gc = {
automatic = true;
dates = "8:00";
options = "--delete-older-than 14d";
};
};
nixpkgs = {
overlays =
[ inputs.artemist.overlays.default inputs.fonts.overlays.default ];
config.allowUnfreePredicate = pkg:
(pkg ? passthru && pkg.passthru ? font && pkg.passthru.font)
|| (builtins.elem (lib.getName pkg) [
"1password"
"brscan5"
"brscan5-etc-files"
"celeste64"
"corefonts"
"google-chrome"
"jlink"
"makemkv"
"steam"
"steam-jupiter-original"
"steam-original"
"steam-run"
"steamdeck-hw-theme"
"unrar"
]);
};
console = {
keyMap = "us";
earlySetup = true;
};
time.timeZone = "Etc/UTC";
environment.shellAliases.cp = "cp --reflink=auto --sparse=always";
networking.firewall.enable = false;
programs.fish.enable = true;
users = {
users.artemis = {
isNormalUser = true;
description = "Artemis Tosini";
uid = 1000;
extraGroups = [ "wheel" "artemis" ];
shell = pkgs.fish;
# hashedPassword set in private
};
groups.artemis.gid = config.users.users.artemis.uid;
mutableUsers = false;
};
security.sudo.execWheelOnly = true;
systemd.extraConfig = "DefaultLimitCORE=infinity";
security.pam.loginLimits = [{
domain = "*";
item = "core";
type = "hard";
value = "infinity";
}];
}