2023-09-02 15:33:36 +02:00
{ config , pkgs , . . . }:
{
2023-09-20 23:02:49 +02:00
# Firmware.
2023-09-25 22:52:32 +02:00
#
2023-09-20 23:02:49 +02:00
# Enables e.g. Intel microcode updates.
2023-09-25 22:52:32 +02:00
# Defaults to `config.hardware.enableAllFirmware`.
#hardware.enableRedistributableFirmware = true;
hardware . enableAllFirmware = true ;
# Allow unfree packages.
nixpkgs . config . allowUnfree = true ;
2023-09-20 23:02:49 +02:00
2023-09-02 15:33:36 +02:00
# Bootloader.
boot . loader . systemd-boot . enable = true ;
boot . loader . efi . canTouchEfiVariables = true ;
# Setup keyfile.
boot . initrd . secrets = {
" / c r y p t o _ k e y f i l e . b i n " = null ;
} ;
# Enables wireless support via wpa_supplicant.
# networking.wireless.enable = true;
# Enable networking.
networking . networkmanager . enable = true ;
2023-09-16 12:53:10 +02:00
networking . nameservers = [
# https://www.kuketz-blog.de/empfehlungsecke/#dns
# dot.ffmuc.net (supports DNSSEC)
" 5 . 1 . 6 6 . 2 5 5 " " 1 8 5 . 1 5 0 . 9 9 . 2 5 5 "
# https://www.kuketz-blog.de/empfehlungsecke/#dns
# unfiltered.adguard-dns.com (supports DNSSEC)
" 9 4 . 1 4 0 . 1 4 . 1 4 0 " " 9 4 . 1 4 0 . 1 4 . 1 4 1 "
] ;
2023-09-02 15:33:36 +02:00
# Set your time zone.
time . timeZone = " E u r o p e / B e r l i n " ;
# Select internationalisation properties.
i18n . defaultLocale = " e n _ U S . U T F - 8 " ;
i18n . extraLocaleSettings = {
LC_ADDRESS = " d e _ D E . U T F - 8 " ;
LC_IDENTIFICATION = " d e _ D E . U T F - 8 " ;
LC_MEASUREMENT = " d e _ D E . U T F - 8 " ;
LC_MONETARY = " d e _ D E . U T F - 8 " ;
LC_NAME = " d e _ D E . U T F - 8 " ;
LC_NUMERIC = " d e _ D E . U T F - 8 " ;
LC_PAPER = " d e _ D E . U T F - 8 " ;
LC_TELEPHONE = " d e _ D E . U T F - 8 " ;
LC_TIME = " d e _ D E . U T F - 8 " ;
} ;
# Configure console keymap.
console . keyMap = " d e - l a t i n 1 - n o d e a d k e y s " ;
# Define a user account. Don't forget to set a password with `passwd`.
users . users . yoda = {
isNormalUser = true ;
description = " Y o d a " ;
extraGroups = [ " n e t w o r k m a n a g e r " " w h e e l " ] ;
packages = with pkgs ; [
# Nix dependency management.
niv
] ;
} ;
# List packages installed in system profile. To search, run:
# $ nix search wget
environment . systemPackages = with pkgs ; [
] ;
2023-09-17 15:34:06 +02:00
# SystemMaxFileSize: Defaults to one eighth of the values configured with SystemMaxUse= and RuntimeMaxUse=, so that usually seven rotated journal files are kept as history.
# MaxFileSec: To ensure that not too much data is lost at once when old journal files are deleted, it might make sense to change this value from the default of one month.
# https://www.freedesktop.org/software/systemd/man/journald.conf.html
services . journald . extraConfig = ''
SystemMaxUse = 8 0 0 M
MaxFileSec = 7 day
'' ;
2023-09-23 22:30:13 +02:00
# BTRFS mount options.
#
2023-09-24 21:57:17 +02:00
# compress=
2023-09-23 22:30:13 +02:00
# `nixos-generate-config` does not detect mount options, so we add them here.
# https://nixos.wiki/wiki/Btrfs#Compression
#
# noatime
# Under read intensive work-loads, specifying noatime significantly improves performance because no new access time information needs to be written.
# https://man.archlinux.org/man/btrfs.5#NOTES_ON_GENERIC_MOUNT_OPTIONS
2023-09-16 14:03:26 +02:00
#
2023-09-24 21:57:17 +02:00
# commit=
# The number of seconds between periodic commits to the filesystem. This is 30 seconds by default. Increasing this value reduces the frequency of periodic writes which can reduce wear on the disk. However, this also increases the risk of data loss during the event of an untimely crash.
# https://www.jwillikers.com/btrfs-mount-options
#
2023-09-16 14:03:26 +02:00
fileSystems = {
2023-09-24 21:57:17 +02:00
" / " . options = [ " c o m p r e s s = z s t d " " n o a t i m e " " c o m m i t = 1 2 0 " ] ;
2023-09-16 14:03:26 +02:00
} ;
2023-09-02 15:33:36 +02:00
nix . settings . auto-optimise-store = true ;
2023-10-08 21:09:25 +02:00
# https://nixos.wiki/wiki/Storage_optimization#Automation
nix . gc = {
automatic = true ;
dates = " w e e k l y " ;
options = " - - d e l e t e - o l d e r - t h a n 7 d " ;
} ;
2023-09-20 15:38:13 +02:00
# Firewall.
# https://nixos.wiki/wiki/Firewall
# -> Firewall rules may be overwritten by docker, as per https://github.com/NixOS/nixpkgs/issues/111852
networking . firewall . enable = true ;
2023-09-02 15:33:36 +02:00
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. It's perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system . stateVersion = " 2 3 . 0 5 " ; # Did you read the comment?
}