1 { config, pkgs, lib, inputs, ... }:
4 boot.tmp.cleanOnBoot = mkDefault true;
5 boot.tmp.useTmpfs = mkDefault true;
6 services.logrotate.enable = true;
7 # NOTE: mostly useless on a server, and CPU intensive.
9 enable = mkDefault true;
10 dev.enable = mkDefault false;
11 doc.enable = mkDefault true;
12 info.enable = mkDefault false;
13 man.enable = mkDefault true;
14 nixos.enable = mkDefault false;
16 programs.vim.defaultEditor = mkDefault true;
17 environment.variables = {
19 NIXPKGS_CONFIG = mkForce "";
21 SYSTEMD_LESS = "FKMRX";
22 # Setting TZ= avoids a lot of useless syscalls reading /etc/localtime
23 # but requires to restart the session to change the time zone for all programs.
24 TZ = config.time.timeZone;
26 home-manager.users.root = {
28 ../../home-manager/options.nix
29 ../../home-manager/profiles/essential.nix
31 services.gpg-agent.pinentryFlavor = "curses";
33 systemd.services.home-manager-root.postStart = ''
34 ${pkgs.nix}/bin/nix-env --delete-generations +1 --profile /nix/var/nix/profiles/per-user/root/home-manager
37 settings.auto-optimise-store = mkDefault true;
38 gc.automatic = mkDefault true;
39 gc.dates = mkDefault "weekly";
40 gc.options = mkDefault "--delete-older-than 7d";
41 nixPath = mkForce [ ];
42 registry.nixpkgs = mkDefault { flake = inputs.nixpkgs; };
43 package = pkgs.nixFlakes;
44 settings.experimental-features = [ "nix-command" "flakes" ];
46 security.lockKernelModules = false;
50 MaxRetentionSec=1month
56 enable = mkDefault true;
57 enableRootSlice = mkDefault true;
58 enableSystemSlice = mkDefault true;
59 enableUserServices = mkDefault true;
61 systemd.services.openssh = {
63 ManagedOOMPreference = "omit";
67 system.nixos.versionSuffix = ".${
68 substring 0 8 (inputs.self.lastModifiedDate or inputs.self.lastModified)}.${
69 inputs.self.shortRev or "dirty"}";
70 system.nixos.revision = mkIf (inputs.self ? rev) inputs.self.rev;
72 # Let 'nixos-version --json' know about the Git revision of this flake.
73 system.configurationRevision = mkIf (inputs.self ? rev) inputs.self.rev;
75 system.configurationRevision =
78 else throw "Refusing to build from a dirty Git tree!";
80 users.mutableUsers = false;