# Settings that most of my hosts can agree on, but # some of these settings are overriden on a per-host basis. { pkgs, lib, config, ... }: let cfg = config.settings; mkDefault = lib.mkDefault; in { imports = [ ./photoprism.nix ./7-days-to-die.nix ./grafana.nix ./radicale.nix ./restic.nix ./wakeup.nix ./hdparm.nix ./malte.nix ./marie.nix ./taskserver.nix ]; options.settings = with lib; { nvidiaUsed = mkEnableOption "NVIDIA graphic card usage"; minimalGnome.enable = mkEnableOption "basic gnome stuff"; }; config = { # Allow joypixels' license and unfree licenses in general nixpkgs.config = { allowUnfree = true; joypixels.acceptLicense = true; }; # This includes the firmware, oc hardware.enableAllFirmware = true; hardware.enableRedistributableFirmware = true; # Use some binary caches nix.settings = { # add binary caches trusted-public-keys = [ "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" "nixpkgs-wayland.cachix.org-1:3lwxaILxMRkVhehr5StQprHdEo4IrE8sRho9R9HOLYA=" "2a-emulator.cachix.org-1:ijJDEqNsMqhamxxWvqOiaCQNoYhWNw7A+gGICgAH1mE=" "colmena.cachix.org-1:7BzpDnjjH8ki2CT3f6GdOk7QAzPOl+1t3LvTLXqYcSg=" "nickel.cachix.org-1:ABoCOGpTJbAum7U6c+04VbjvLxG9f0gJP5kYihRRdQs=" # Currently running hydra "elysia-clarki:/ioV+oXpVgxDOZJvXIWmnyL83ERT4W6eW4SDEpnRbxU=" ]; substituters = [ "https://cache.nixos.org" "https://nixpkgs-wayland.cachix.org" "https://2a-emulator.cachix.org" "https://colmena.cachix.org" "https://nickel.cachix.org" ]; trusted-users = [ # Hand the wheel group extra nix daemon rights "@wheel" ]; }; # Make sure that I can login over the tailscale infrastructure # while increasing security # TODO: Restrict openssh interface, move port services.openssh.enable = pkgs.lib.mkDefault true; users.users.root = { openssh.authorizedKeys.keyFiles = [../users/malte/yubikey.pub]; }; # Enable mosh for some SSH superpower programs.mosh.enable = pkgs.lib.mkDefault true; # Basic packages environment.systemPackages = with pkgs; [ # I might need git for rebuilding this flake on the remote machine git # Sops is for security sops # top is lacking pizzazz htop # An initial `tailscale up` is necessary to get the network going tailscale # I will need to have access to kakoune kakoune # I much rather use some tools other than the default fd du-dust ripgrep ]; # Language and timezone defaults time.timeZone = "Europe/Berlin"; i18n.defaultLocale = pkgs.lib.mkDefault "en_US.UTF-8"; # Use the latest kernel, this is altered on some hosts with zfs requirements boot.kernelPackages = pkgs.lib.mkDefault pkgs.linuxPackages_latest; boot.loader.timeout = pkgs.lib.mkDefault 1; # This setting is fine, on hosts with x/wayland, I'll want to increase this boot.loader.systemd-boot.configurationLimit = 10; # Network configuration with tailscale networking.useDHCP = false; # Enable tailscale! services.tailscale = { enable = true; interfaceName = "looking-glas"; }; networking.firewall.allowedUDPPorts = [config.services.tailscale.port]; # Regularly clear the store nix.gc = { automatic = true; dates = lib.mkDefault "weekly"; }; # Enable store optimiser nix.optimise = { automatic = true; dates = ["04:00"]; }; # GNOME # Don't forget to import DISPLAY into dbus variables programs.dconf.enable = mkDefault cfg.minimalGnome.enable; programs.seahorse.enable = mkDefault cfg.minimalGnome.enable; services.gnome.at-spi2-core.enable = mkDefault cfg.minimalGnome.enable; services.gnome.gnome-keyring.enable = mkDefault cfg.minimalGnome.enable; services.dbus.packages = lib.optional cfg.minimalGnome.enable [pkgs.gcr]; }; }