76 lines
1.7 KiB
Nix
76 lines
1.7 KiB
Nix
{
|
|
config,
|
|
lib,
|
|
pkgs,
|
|
username,
|
|
...
|
|
}:
|
|
{
|
|
# Common Nix daemon settings. Host-specific overrides (binary cache substituters,
|
|
# gc retention) live in the host's default.nix.
|
|
nix = {
|
|
optimise.automatic = true;
|
|
|
|
gc = {
|
|
automatic = true;
|
|
dates = "weekly";
|
|
# Default retention: override per-host via lib.mkForce if different.
|
|
options = lib.mkDefault "--delete-older-than 30d";
|
|
};
|
|
|
|
settings = {
|
|
experimental-features = [
|
|
"nix-command"
|
|
"flakes"
|
|
];
|
|
};
|
|
};
|
|
|
|
# https://nixos.wiki/wiki/Fish#Setting_fish_as_your_shell
|
|
# Login shells stay bash but immediately `exec fish` so fish is the effective shell
|
|
# without breaking scripts that hardcode #!/bin/bash.
|
|
programs.fish.enable = true;
|
|
programs.bash = {
|
|
interactiveShellInit = ''
|
|
if [[ $(${pkgs.procps}/bin/ps --no-header --pid=$PPID --format=comm) != "fish" && -z ''${BASH_EXECUTION_STRING} ]]
|
|
then
|
|
shopt -q login_shell && LOGIN_OPTION='--login' || LOGIN_OPTION=""
|
|
exec ${lib.getExe pkgs.fish} $LOGIN_OPTION
|
|
fi
|
|
'';
|
|
};
|
|
|
|
# doas replaces sudo on every host
|
|
security = {
|
|
doas.enable = true;
|
|
sudo.enable = false;
|
|
doas.extraRules = [
|
|
{
|
|
users = [ username ];
|
|
keepEnv = true;
|
|
persist = true;
|
|
}
|
|
];
|
|
};
|
|
|
|
services.kmscon.enable = true;
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
doas-sudo-shim
|
|
];
|
|
|
|
hardware.enableRedistributableFirmware = true;
|
|
hardware.cpu.amd.updateMicrocode = true;
|
|
|
|
environment.etc = {
|
|
# override default nixos /etc/issue
|
|
"issue".text = "";
|
|
};
|
|
|
|
# for updating firmware
|
|
services.fwupd = {
|
|
enable = true;
|
|
extraRemotes = [ "lvfs-testing" ];
|
|
};
|
|
}
|