Merge pull request #407 from Pacman99/core-comments

profiles/core: add comments for each option
This commit is contained in:
Parthiv Seetharaman 2022-01-29 11:07:43 -08:00 committed by GitHub
commit d834598dba
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -2,12 +2,21 @@
let inherit (lib) fileContents; let inherit (lib) fileContents;
in in
{ {
# Sets nrdxp.cachix.org binary cache which just speeds up some builds
imports = [ ../cachix ]; imports = [ ../cachix ];
# For rage encryption, all hosts need a ssh key pair
services.openssh = {
enable = true;
openFirewall = lib.mkDefault false;
};
# This is just a representation of the nix default
nix.systemFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ]; nix.systemFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
environment = { environment = {
# Selection of sysadmin tools that can come in handy
systemPackages = with pkgs; [ systemPackages = with pkgs; [
binutils binutils
coreutils coreutils
@ -33,6 +42,8 @@ in
whois whois
]; ];
# Starship is a fast and featureful shell prompt
# starship.toml has sane defaults that can be changed there
shellInit = '' shellInit = ''
export STARSHIP_CONFIG=${ export STARSHIP_CONFIG=${
pkgs.writeText "starship.toml" pkgs.writeText "starship.toml"
@ -113,18 +124,18 @@ in
nix = { nix = {
# Improve nix store disk usage
autoOptimiseStore = true; autoOptimiseStore = true;
gc.automatic = true; gc.automatic = true;
optimise.automatic = true; optimise.automatic = true;
# Prevents impurities in builds
useSandbox = true; useSandbox = true;
allowedUsers = [ "@wheel" ]; # give root and @wheel special privileges with nix
trustedUsers = [ "root" "@wheel" ]; trustedUsers = [ "root" "@wheel" ];
# Generally useful nix option defaults
extraOptions = '' extraOptions = ''
min-free = 536870912 min-free = 536870912
keep-outputs = true keep-outputs = true
@ -135,20 +146,17 @@ in
}; };
programs.bash = { programs.bash = {
# Enable starship
promptInit = '' promptInit = ''
eval "$(${pkgs.starship}/bin/starship init bash)" eval "$(${pkgs.starship}/bin/starship init bash)"
''; '';
# Enable direnv, a tool for managing shell environments
interactiveShellInit = '' interactiveShellInit = ''
eval "$(${pkgs.direnv}/bin/direnv hook bash)" eval "$(${pkgs.direnv}/bin/direnv hook bash)"
''; '';
}; };
# For rage encryption, all hosts need a ssh key pair # Service that makes Out of Memory Killer more effective
services.openssh = {
enable = true;
openFirewall = lib.mkDefault false;
};
services.earlyoom.enable = true; services.earlyoom.enable = true;
} }