blob: 2c7d42dc9a148d752a8cfacdb0261be375c7c01a (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
|
{
inputs,
config,
pkgs,
...
}: {
imports = [
./hardware.nix
./sshd.nix
];
# allow flakes
nix.settings.experimental-features = ["nix-command" "flakes"];
# allow unfree packages
nixpkgs.config.allowUnfree = true;
# hostname
networking.hostName = config.hostName;
# common system packages
environment.systemPackages = with pkgs; [
# editor
vim
# lib
libz
openssl
shared-mime-info
# shell
bash
zsh
# utility
acpi
curl
dig
file
fd
htop
jq
killall
openssh
p7zip
ripgrep
rsync
sbctl
sl
tree
unzip
wget
];
# nix-ld
programs.nix-ld.enable = true;
# appimage
programs.appimage = {
enable = true;
binfmt = true;
};
# use the latest kernel
boot.kernelPackages = pkgs.linuxPackages_latest;
# sysrq
boot.kernel.sysctl."kernel.sysrq" = 246;
# timezone
time.timeZone = "America/New_York";
# docs
documentation = {
info.enable = false;
dev.enable = false;
nixos.enable = false;
};
# locale
i18n.defaultLocale = "en_US.UTF-8";
# networking
networking.networkmanager.enable = true;
networking.networkmanager.dns = "systemd-resolved";
networking.firewall.enable = true;
services.resolved.enable = true;
# hardware
services.dbus.implementation = "broker";
services.fwupd.enable = true;
services.libinput.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
pulse.enable = true;
jack.enable = true;
};
# power
services.upower = {
enable = true;
percentageLow = 20;
percentageCritical = 10;
percentageAction = 4;
criticalPowerAction = "Hibernate";
};
services.tlp = {
enable = true;
settings = {
CPU_SCALING_GOVERNOR_ON_AC = "performance";
CPU_SCALING_GOVERNOR_ON_BAT = "powersave";
CPU_ENERGY_PERF_POLICY_ON_BAT = "power";
CPU_ENERGY_PERF_POLICY_ON_AC = "performance";
CPU_MIN_PERF_ON_AC = 0;
CPU_MAX_PERF_ON_AC = 100;
CPU_MIN_PERF_ON_BAT = 0;
CPU_MAX_PERF_ON_BAT = 20;
};
};
# printing
services.printing.enable = true;
services.avahi = {
enable = true;
nssmdns4 = true;
openFirewall = true;
};
# create user account
users.users.${config.user} = {
isNormalUser = true;
description = config.fullName;
extraGroups = ["networkmanager" "wheel" "sys" "video" "audio"];
home = config.homePath;
shell = pkgs.zsh;
};
# certs
security.pki.certificateFiles = [
../files/certs/freyanet.crt
../files/certs/tinternet.crt
];
}
|
