]> Git — Sourcephile - julm/julm-nix.git/blob - nixos/profiles/system.nix
patate: wireguard: get encrypted credential
[julm/julm-nix.git] / nixos / profiles / system.nix
1 { pkgs, lib, inputs, ... }:
2 with lib;
3 {
4 boot.cleanTmpDir = mkDefault true;
5 boot.tmpOnTmpfs = mkDefault true;
6 services.logrotate.enable = true;
7 # NOTE: mostly useless on a server, and CPU intensive.
8 documentation = {
9 enable = mkDefault true;
10 dev.enable = mkDefault false;
11 doc.enable = mkDefault true;
12 info.enable = mkDefault false;
13 man.enable = mkDefault true;
14 nixos.enable = mkDefault false;
15 };
16 environment.variables = {
17 EDITOR = "vim";
18 PAGER = "less -R";
19 SYSTEMD_LESS = "FKMRX";
20 NIXPKGS_CONFIG = mkForce "";
21 };
22 home-manager.users.root = {
23 imports = [
24 ../../home-manager/options.nix
25 ../../home-manager/profiles/essential.nix
26 ];
27 };
28 systemd.services.home-manager-root.postStart = ''
29 ${pkgs.nix}/bin/nix-env --delete-generations +1 --profile /nix/var/nix/profiles/per-user/root/home-manager
30 '';
31 nix = {
32 settings.auto-optimise-store = mkDefault true;
33 gc.automatic = mkDefault true;
34 gc.dates = mkDefault "weekly";
35 gc.options = mkDefault "--delete-older-than 7d";
36 nixPath = mkForce [ ];
37 registry.nixpkgs = mkDefault { flake = inputs.nixpkgs; };
38 package = pkgs.nixFlakes;
39 extraOptions = "experimental-features = nix-command flakes";
40 };
41 security.lockKernelModules = false;
42 services.journald = {
43 extraConfig = ''
44 Compress=true
45 MaxRetentionSec=1month
46 Storage=persistent
47 SystemMaxUse=100M
48 '';
49 };
50 /*
51 system.nixos.versionSuffix = ".${
52 substring 0 8 (inputs.self.lastModifiedDate or inputs.self.lastModified)}.${
53 inputs.self.shortRev or "dirty"}";
54 system.nixos.revision = mkIf (inputs.self ? rev) inputs.self.rev;
55 */
56 # Let 'nixos-version --json' know about the Git revision of this flake.
57 system.configurationRevision = mkIf (inputs.self ? rev) inputs.self.rev;
58 /*
59 system.configurationRevision =
60 if inputs.self ? rev
61 then inputs.self.rev
62 else throw "Refusing to build from a dirty Git tree!";
63 */
64 users.mutableUsers = false;
65 }