flake

Francesco Saccone's Nix flake.
git clone https://git.francescosaccone.com/flake
Log | Files | Refs | README | LICENSE

default.nix (1121B)

      1 {
      2   lib,
      3   config,
      4   pkgs,
      5   ...
      6 }:
      7 {
      8   system.stateVersion = "23.11";
      9 
     10   services.fwupd.enable = true;
     11 
     12   security = {
     13     protectKernelImage = true;
     14     sudo.enable = lib.mkForce false;
     15   };
     16 
     17   boot = {
     18     initrd.verbose = false;
     19     consoleLogLevel = 0;
     20     kernelParams = [
     21       "quiet"
     22       "udev.log_level=3"
     23     ];
     24     tmp.cleanOnBoot = true;
     25   };
     26 
     27   users = {
     28     mutableUsers = false;
     29     defaultUserShell = "${pkgs.mksh}/bin/mksh";
     30     users.root = {
     31       hashedPassword = "!";
     32     };
     33   };
     34 
     35   networking.firewall = {
     36     enable = true;
     37     package = pkgs.iptables;
     38   };
     39 
     40   environment = {
     41     defaultPackages = lib.mkForce [ ];
     42     systemPackages = [
     43       (lib.meta.hiPrio pkgs.sbase)
     44     ];
     45   };
     46 
     47   i18n.defaultLocale = "en_GB.UTF-8";
     48   time.timeZone = "Europe/Rome";
     49 
     50   nix = {
     51     settings = {
     52       auto-optimise-store = true;
     53       experimental-features = [
     54         "nix-command"
     55         "flakes"
     56         "pipe-operators"
     57       ];
     58       trusted-users = [
     59         "root"
     60       ];
     61     };
     62     gc = {
     63       automatic = true;
     64       dates = "weekly";
     65       options = "--delete-older-than 7d";
     66     };
     67   };
     68 }