diff --git a/profiles/core/default.nix b/profiles/core/default.nix index d2801d89..c1aed3fa 100644 --- a/profiles/core/default.nix +++ b/profiles/core/default.nix @@ -2,12 +2,21 @@ let inherit (lib) fileContents; in { + # Sets nrdxp.cachix.org binary cache which just speeds up some builds imports = [ ../cachix ]; + # For rage encryption, all hosts need a ssh key pair + services.openssh = { + enable = true; + openFirewall = lib.mkDefault false; + }; + + # This is just a representation of the nix default nix.systemFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ]; environment = { + # Selection of sysadmin tools that can come in handy systemPackages = with pkgs; [ binutils coreutils @@ -33,6 +42,8 @@ in whois ]; + # Starship is a fast and featureful shell prompt + # starship.toml has sane defaults that can be changed there shellInit = '' export STARSHIP_CONFIG=${ pkgs.writeText "starship.toml" @@ -113,18 +124,18 @@ in nix = { + # Improve nix store disk usage autoOptimiseStore = true; - gc.automatic = true; - optimise.automatic = true; + # Prevents impurities in builds useSandbox = true; - allowedUsers = [ "@wheel" ]; - + # give root and @wheel special privileges with nix trustedUsers = [ "root" "@wheel" ]; + # Generally useful nix option defaults extraOptions = '' min-free = 536870912 keep-outputs = true @@ -135,20 +146,17 @@ in }; programs.bash = { + # Enable starship promptInit = '' eval "$(${pkgs.starship}/bin/starship init bash)" ''; + # Enable direnv, a tool for managing shell environments interactiveShellInit = '' eval "$(${pkgs.direnv}/bin/direnv hook bash)" ''; }; - # For rage encryption, all hosts need a ssh key pair - services.openssh = { - enable = true; - openFirewall = lib.mkDefault false; - }; - + # Service that makes Out of Memory Killer more effective services.earlyoom.enable = true; }