harald/nixcfg
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
nixcfg/modules/nixos/services/base/default.nix
Harald Hoyer a7484b3891 feat: Move kernel package override to specific system configs 
This commit moves the kernel package version override from the base nixos service to specific system configurations. Now, the latest linux packages will be used only in the system configurations where the override has been explicitly added. This approach gives us more flexibility to handle different kernel package versions for different systems.
2024-06-03 13:21:50 +02:00

163 lines
4 KiB
Nix
Raw Blame History

{ options
, config
, lib
, pkgs
, ...
}:
with lib;
with lib.metacfg;
let
cfg = config.metacfg.base;
gitconfig = pkgs.writeText "gitconfig" ''
[filter "rot8000"]
smudge = ${pkgs.metacfg.rot8000}/bin/rot8000
clean = ${pkgs.metacfg.rot8000}/bin/rot8000
'';
in
{
options.metacfg.base = with types; {
enable = mkBoolOpt false "Whether or not to enable the base config.";
};
config = mkIf cfg.enable {
# Configure console keymap
console.keyMap = lib.mkDefault "us";
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "de_DE.UTF-8";
LC_IDENTIFICATION = "de_DE.UTF-8";
LC_MEASUREMENT = "de_DE.UTF-8";
LC_MESSAGES = "en_US.UTF-8";
LC_MONETARY = "de_DE.UTF-8";
LC_NAME = "de_DE.UTF-8";
LC_NUMERIC = "de_DE.UTF-8";
LC_TELEPHONE = "de_DE.UTF-8";
LC_TIME = "de_DE.UTF-8";
};
environment = {
sessionVariables = { PATH = "$HOME/bin"; };
systemPackages = with pkgs; [
age
bash
cifs-utils
clevis
delta
efibootmgr
git
git-crypt
git-delete-merged-branches
home-manager
htop
mosh
nixpkgs-fmt
openssl
restic
rrsync
sbctl
sops
strace
tmux
tpm2-pkcs11
tpm2-pkcs11.out
tpm2-tools
vim
virt-manager
wget
];
shells = [ pkgs.fish pkgs.bash ];
};
hardware = {
cpu = {
amd.updateMicrocode = lib.mkDefault true;
intel.updateMicrocode = lib.mkDefault true;
};
enableRedistributableFirmware = lib.mkDefault true;
enableAllFirmware = true;
opengl.extraPackages = with pkgs; [ intel-compute-runtime ];
};
programs = {
dconf.enable = true;
bash = {
## shellInit = ''
interactiveShellInit = ''
bind '"\e[A": history-search-backward'
bind '"\e[B": history-search-forward'
'';
};
starship.enable = true;
mosh.enable = true;
vim.defaultEditor = true;
fish.enable = true;
};
# powerManagement.cpuFreqGovernor = "ondemand";
services = {
dbus.implementation = "broker";
dbus.packages = [ pkgs.gcr ];
fwupd.enable = true;
openssh = {
enable = true;
settings.PermitRootLogin = "prohibit-password";
settings.X11Forwarding = true;
};
};
security = {
tpm2.enable = lib.mkDefault true;
tpm2.abrmd.enable = lib.mkDefault true;
sudo = {
enable = true;
wheelNeedsPassword = false;
};
};
time.timeZone = "Europe/Berlin";
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMNsmP15vH8BVKo7bdvIiiEjiQboPGcRPqJK0+bH4jKD harald@lenovo.fritz.box"
"sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBACLgT81iB1iWWVuXq6PdQ5GAAGhaZhSKnveQCvcNnAOZ5WKH80bZShKHyAYzrzbp8IGwLWJcZQ7TqRK+qZdfagAAAAEc3NoOg== harald@hoyer.xyz"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIDsb/Tr69YN5MQLweWPuJaRGm+h2kOyxfD6sqKEDTIwoAAAABHNzaDo= harald@fedora.fritz.box"
];
boot = {
tmp.cleanOnBoot = true;
loader = {
systemd-boot.enable = lib.mkDefault true;
efi.canTouchEfiVariables = true;
timeout = 2;
};
initrd.systemd.enable = true;
};
system.autoUpgrade = {
flags = [
"--update-input"
"nixpkgs"
"--update-input"
"unstable"
"--update-input"
"nixsgx-flake"
"--update-input"
"home-manager"
"--no-write-lock-file"
"-L"
];
flake = lib.mkDefault "git+https://git.hoyer.xyz/harald/nixcfg";
};
systemd.services.nixos-upgrade = {
path = [ pkgs.metacfg.rot8000 ];
environment.GIT_CONFIG_GLOBAL = toString gitconfig;
};
virtualisation.libvirtd.enable = true;
};
}
Reference in a new issue View git blame Copy permalink