diff options
Diffstat (limited to 'profiles/default.nix')
| -rw-r--r-- | profiles/default.nix | 150 |
1 files changed, 0 insertions, 150 deletions
diff --git a/profiles/default.nix b/profiles/default.nix deleted file mode 100644 index 814bcdf..0000000 --- a/profiles/default.nix +++ /dev/null @@ -1,150 +0,0 @@ -{ pkgs, config, lib, ... }: -{ - # Users are managed through nix. If a user is added manually, it - # will be removed on system activation. - users.mutableUsers = false; - - boot = { - loader = { - # Use the systemd-boot EFI boot loader. - systemd-boot.enable = true; - # Prohibits gaining root access by passing init=/bin/sh as a - # kernel parameter - systemd-boot.editor = false; - efi.canTouchEfiVariables = true; - }; - - tmp = { - cleanOnBoot = true; - useTmpfs = true; - }; - kernelPackages = pkgs.linuxPackages_latest; - }; - - # Select internationalisation properties. - i18n.defaultLocale = "en_US.UTF-8"; - - time.timeZone = "America/Los_Angeles"; - - # see https://www.man7.org/linux/man-pages/man5/loader.conf.5.html - boot.loader.systemd-boot.consoleMode = "max"; - - console = { - earlySetup = true; - font = "${pkgs.terminus_font}/share/consolefonts/ter-132n.psf.gz"; - packages = with pkgs; [ terminus_font ]; - keyMap = "us"; - }; - - security.sudo.wheelNeedsPassword = false; - security.polkit.enable = true; - - services.fstrim.enable = true; - - services.fwupd.enable = true; - - programs.ssh = { - # $ ssh-keyscan example.com - knownHosts = { - github = { - hostNames = [ "github.com" ]; - publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl"; - }; - rsync = { - hostNames = [ "de2664.rsync.net" ]; - publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIObQN4P/deJ/k4P4kXh6a9K4Q89qdyywYetp9h3nwfPo"; - }; - }; - }; - - nix = { - package = pkgs.nixFlakes; - settings = { - trusted-users = [ "root" "@wheel" ]; - auto-optimise-store = true; - substituters = [ - "https://cachix.cachix.org" - "https://nix-community.cachix.org" - ]; - trusted-public-keys = [ - "cachix.cachix.org-1:eWNHQldwUO7G2VkjpnjDbWwy4KQ/HNxht7H4SSoMckM=" - "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" - ]; - experimental-features = [ "nix-command" "flakes" ]; - # Whether to warn about dirty Git/Mercurial trees - this is not - # useful information to me. - warn-dirty = false; - # The timeout (in seconds) for establishing connections in the binary - # cache substituter. It corresponds to curl’s –connect-timeout option. - # The default is equivalent to 300 seconds, way too long. - connect-timeout = 5; - # The number of lines of the tail of the log to show if a build fails. - # The default is 10 and it's usually too short. - log-lines = 25; - # If set to true, Nix will fall back to building from source if - # a binary substitute fails. This is equivalent to the –fallback - # flag. The default is false. - fallback = true; - }; - - gc = { - automatic = true; - options = "--delete-older-than 14d"; - }; - }; - - environment.shells = with pkgs; [ bashInteractive ]; - - environment.systemPackages = with pkgs; [ - binutils - cacert - curl - dmidecode - ethtool - flamegraph - git - htop - hwdata - iftop - iptraf-ng - linuxPackages.cpupower - config.boot.kernelPackages.perf - lm_sensors - lsb-release - lsof - man-pages - mg - mtr - numactl - parted - pciutils - perf-tools - powertop - rsync - sqlite - strace - tcpdump - tmux - traceroute - unzip - usbutils - vim - wget - wireguard-tools - - # my custom tools - tools.perf-flamegraph-pid - ]; - - programs.bcc.enable = true; - programs.zsh.enable = true; - - # Show installed packages (https://www.reddit.com/r/NixOS/comments/fsummx/comment/fm45htj/?utm_source=share&utm_medium=web2x&context=3) - environment.etc."installed-packages".text = - let - packages = builtins.map (p: "${p.name}") config.environment.systemPackages; - sortedUnique = builtins.sort builtins.lessThan (lib.unique packages); - formatted = builtins.concatStringsSep "\n" sortedUnique; - in - formatted; -} |