81 lines
1.4 KiB
Nix
81 lines
1.4 KiB
Nix
{ pkgs, lib, ... }:
|
|
with lib;
|
|
with lib.metacfg;
|
|
{
|
|
imports = [
|
|
./hardware-configuration.nix
|
|
];
|
|
|
|
metacfg = {
|
|
base.enable = true;
|
|
gui.enable = true;
|
|
nix-ld.enable = true;
|
|
nix.enable = true;
|
|
podman.enable = true;
|
|
secureboot.enable = false;
|
|
tools = {
|
|
direnv.enable = true;
|
|
#git.enable = true;
|
|
};
|
|
user.extraGroups = [
|
|
"docker"
|
|
"dialout"
|
|
];
|
|
};
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
azure-cli
|
|
cloudflare-warp
|
|
desktop-file-utils
|
|
kubectl
|
|
kubectx
|
|
k9s
|
|
attic-client
|
|
piper
|
|
];
|
|
|
|
security.tpm2.enable = false;
|
|
security.tpm2.abrmd.enable = false;
|
|
|
|
|
|
services.ratbagd.enable = true;
|
|
|
|
services.resolved.enable = true;
|
|
services.resolved.dnssec = "allow-downgrade";
|
|
services.resolved.extraConfig = ''
|
|
ResolveUnicastSingleLabel=yes
|
|
'';
|
|
|
|
systemd.packages = [ pkgs.cloudflare-warp ]; # for warp-cli
|
|
|
|
virtualisation = {
|
|
docker.enable = true;
|
|
podman.dockerCompat = false;
|
|
};
|
|
|
|
system.autoUpgrade = {
|
|
enable = true;
|
|
operation = "boot";
|
|
allowReboot = false;
|
|
};
|
|
|
|
systemd.user.extraConfig = "DefaultLimitNOFILE=32768";
|
|
|
|
security.pam.loginLimits = [
|
|
{
|
|
domain = "*";
|
|
item = "nofile";
|
|
type = "-";
|
|
value = "32768";
|
|
}
|
|
{
|
|
domain = "*";
|
|
item = "memlock";
|
|
type = "-";
|
|
value = "32768";
|
|
}
|
|
];
|
|
|
|
system.stateVersion = "23.11";
|
|
}
|