forked from pub-solar/os
profiles/core: add comments for each option
This commit is contained in:
parent
d8c8fc35ad
commit
ea8937cd51
|
@ -2,6 +2,7 @@
|
|||
let inherit (lib) fileContents;
|
||||
in
|
||||
{
|
||||
# Sets nrdxp.cachix.org binary cache which just speeds up some builds
|
||||
imports = [ ../cachix ];
|
||||
|
||||
config = {
|
||||
|
@ -86,18 +87,18 @@ in
|
|||
nix = {
|
||||
package = pkgs.nix-dram;
|
||||
|
||||
# Improve nix store disk usage
|
||||
autoOptimiseStore = true;
|
||||
|
||||
gc.automatic = true;
|
||||
|
||||
optimise.automatic = true;
|
||||
|
||||
# Prevents impurities in builds
|
||||
useSandbox = true;
|
||||
|
||||
allowedUsers = [ "@wheel" ];
|
||||
|
||||
# give root and @wheel special privileges with nix
|
||||
trustedUsers = [ "root" "@wheel" ];
|
||||
|
||||
# Generally useful nix option defaults
|
||||
extraOptions = ''
|
||||
min-free = 536870912
|
||||
keep-outputs = true
|
||||
|
@ -108,14 +109,7 @@ in
|
|||
'';
|
||||
};
|
||||
|
||||
system.autoUpgrade.enable = true;
|
||||
|
||||
# For rage encryption, all hosts need a ssh key pair
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
openFirewall = lib.mkDefault false;
|
||||
};
|
||||
|
||||
# Service that makes Out of Memory Killer more effective
|
||||
services.earlyoom.enable = true;
|
||||
|
||||
boot.supportedFilesystems = [ "ntfs" ];
|
||||
|
|
Loading…
Reference in a new issue