forked from pub-solar/os
profiles/core: add comments for each option
This commit is contained in:
parent
3587d67506
commit
ceffec9392
|
@ -2,12 +2,21 @@
|
||||||
let inherit (lib) fileContents;
|
let inherit (lib) fileContents;
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
|
# Sets nrdxp.cachix.org binary cache which just speeds up some builds
|
||||||
imports = [ ../cachix ];
|
imports = [ ../cachix ];
|
||||||
|
|
||||||
|
# For rage encryption, all hosts need a ssh key pair
|
||||||
|
services.openssh = {
|
||||||
|
enable = true;
|
||||||
|
openFirewall = lib.mkDefault false;
|
||||||
|
};
|
||||||
|
|
||||||
|
# This is just a representation of the nix default
|
||||||
nix.systemFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
|
nix.systemFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
|
||||||
|
|
||||||
environment = {
|
environment = {
|
||||||
|
|
||||||
|
# Selection of sysadmin tools that can come in handy
|
||||||
systemPackages = with pkgs; [
|
systemPackages = with pkgs; [
|
||||||
binutils
|
binutils
|
||||||
coreutils
|
coreutils
|
||||||
|
@ -33,6 +42,8 @@ in
|
||||||
whois
|
whois
|
||||||
];
|
];
|
||||||
|
|
||||||
|
# Starship is a fast and featureful shell prompt
|
||||||
|
# starship.toml has sane defaults that can be changed there
|
||||||
shellInit = ''
|
shellInit = ''
|
||||||
export STARSHIP_CONFIG=${
|
export STARSHIP_CONFIG=${
|
||||||
pkgs.writeText "starship.toml"
|
pkgs.writeText "starship.toml"
|
||||||
|
@ -113,18 +124,18 @@ in
|
||||||
|
|
||||||
nix = {
|
nix = {
|
||||||
|
|
||||||
|
# Improve nix store disk usage
|
||||||
autoOptimiseStore = true;
|
autoOptimiseStore = true;
|
||||||
|
|
||||||
gc.automatic = true;
|
gc.automatic = true;
|
||||||
|
|
||||||
optimise.automatic = true;
|
optimise.automatic = true;
|
||||||
|
|
||||||
|
# Prevents impurities in builds
|
||||||
useSandbox = true;
|
useSandbox = true;
|
||||||
|
|
||||||
allowedUsers = [ "@wheel" ];
|
# give root and @wheel special privileges with nix
|
||||||
|
|
||||||
trustedUsers = [ "root" "@wheel" ];
|
trustedUsers = [ "root" "@wheel" ];
|
||||||
|
|
||||||
|
# Generally useful nix option defaults
|
||||||
extraOptions = ''
|
extraOptions = ''
|
||||||
min-free = 536870912
|
min-free = 536870912
|
||||||
keep-outputs = true
|
keep-outputs = true
|
||||||
|
@ -135,20 +146,17 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
programs.bash = {
|
programs.bash = {
|
||||||
|
# Enable starship
|
||||||
promptInit = ''
|
promptInit = ''
|
||||||
eval "$(${pkgs.starship}/bin/starship init bash)"
|
eval "$(${pkgs.starship}/bin/starship init bash)"
|
||||||
'';
|
'';
|
||||||
|
# Enable direnv, a tool for managing shell environments
|
||||||
interactiveShellInit = ''
|
interactiveShellInit = ''
|
||||||
eval "$(${pkgs.direnv}/bin/direnv hook bash)"
|
eval "$(${pkgs.direnv}/bin/direnv hook bash)"
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
# For rage encryption, all hosts need a ssh key pair
|
# Service that makes Out of Memory Killer more effective
|
||||||
services.openssh = {
|
|
||||||
enable = true;
|
|
||||||
openFirewall = lib.mkDefault false;
|
|
||||||
};
|
|
||||||
|
|
||||||
services.earlyoom.enable = true;
|
services.earlyoom.enable = true;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue