forked from pub-solar/os
Merge pull request #407 from Pacman99/core-comments
profiles/core: add comments for each option
This commit is contained in:
commit
d834598dba
|
@ -2,12 +2,21 @@
|
|||
let inherit (lib) fileContents;
|
||||
in
|
||||
{
|
||||
# Sets nrdxp.cachix.org binary cache which just speeds up some builds
|
||||
imports = [ ../cachix ];
|
||||
|
||||
# For rage encryption, all hosts need a ssh key pair
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
openFirewall = lib.mkDefault false;
|
||||
};
|
||||
|
||||
# This is just a representation of the nix default
|
||||
nix.systemFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
|
||||
|
||||
environment = {
|
||||
|
||||
# Selection of sysadmin tools that can come in handy
|
||||
systemPackages = with pkgs; [
|
||||
binutils
|
||||
coreutils
|
||||
|
@ -33,6 +42,8 @@ in
|
|||
whois
|
||||
];
|
||||
|
||||
# Starship is a fast and featureful shell prompt
|
||||
# starship.toml has sane defaults that can be changed there
|
||||
shellInit = ''
|
||||
export STARSHIP_CONFIG=${
|
||||
pkgs.writeText "starship.toml"
|
||||
|
@ -113,18 +124,18 @@ in
|
|||
|
||||
nix = {
|
||||
|
||||
# Improve nix store disk usage
|
||||
autoOptimiseStore = true;
|
||||
|
||||
gc.automatic = true;
|
||||
|
||||
optimise.automatic = true;
|
||||
|
||||
# Prevents impurities in builds
|
||||
useSandbox = true;
|
||||
|
||||
allowedUsers = [ "@wheel" ];
|
||||
|
||||
# give root and @wheel special privileges with nix
|
||||
trustedUsers = [ "root" "@wheel" ];
|
||||
|
||||
# Generally useful nix option defaults
|
||||
extraOptions = ''
|
||||
min-free = 536870912
|
||||
keep-outputs = true
|
||||
|
@ -135,20 +146,17 @@ in
|
|||
};
|
||||
|
||||
programs.bash = {
|
||||
# Enable starship
|
||||
promptInit = ''
|
||||
eval "$(${pkgs.starship}/bin/starship init bash)"
|
||||
'';
|
||||
# Enable direnv, a tool for managing shell environments
|
||||
interactiveShellInit = ''
|
||||
eval "$(${pkgs.direnv}/bin/direnv hook bash)"
|
||||
'';
|
||||
};
|
||||
|
||||
# For rage encryption, all hosts need a ssh key pair
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
openFirewall = lib.mkDefault false;
|
||||
};
|
||||
|
||||
# Service that makes Out of Memory Killer more effective
|
||||
services.earlyoom.enable = true;
|
||||
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue