nixos-config/sets/base.nix

97 lines
2 KiB
Nix

{
config,
lib,
inputs,
...
}:
{
imports = [
inputs.lix-module.nixosModules.default
inputs.private.nixosModules.base
];
nix = {
settings = {
auto-optimise-store = true;
experimental-features = [
"nix-command"
"flakes"
"ca-derivations"
];
use-xdg-base-directories = true;
};
};
nixpkgs = {
overlays = [
inputs.artemist.overlays.default
inputs.fonts.overlays.default
];
config.allowUnfreePredicate =
pkg:
(pkg ? passthru && pkg.passthru ? font && pkg.passthru.font)
|| (builtins.elem (lib.getName pkg) [
"1password"
"brscan5"
"brscan5-etc-files"
"celeste64"
"corefonts"
"google-chrome"
"jlink"
"makemkv"
"steam"
"steam-jupiter-original"
"steam-unwrapped"
"steam-jupiter-unwrapped"
"steam-original"
"steam-run"
"steamdeck-hw-theme"
"uhk-agent"
"uhk-udev-rules"
"unrar"
]);
# oh god, i guess i only use matrix for public stuff though
config.permittedInsecurePackages = [ "olm-3.2.16" ];
};
console = {
keyMap = "us";
earlySetup = true;
};
time.timeZone = "Etc/UTC";
environment.shellAliases.cp = "cp --reflink=auto --sparse=always";
networking.firewall.enable = false;
programs.fish.enable = true;
users = {
users.artemis = {
isNormalUser = true;
description = "Artemis Tosini";
uid = 1000;
extraGroups = [
"wheel"
"artemis"
];
shell = "/run/current-system/sw/bin/fish";
# hashedPassword set in private
};
groups.artemis.gid = config.users.users.artemis.uid;
mutableUsers = false;
};
security.sudo.execWheelOnly = true;
systemd.extraConfig = "DefaultLimitCORE=infinity";
security.pam.loginLimits = [
{
domain = "*";
item = "core";
type = "hard";
value = "infinity";
}
];
}