summaryrefslogtreecommitdiff
path: root/modules/common.nix
blob: 72c146f5d5c97486b617876d0103e443d65e7ec1 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
{ config, lib, pkgs, ... }: {
  programs.zsh.enable = true;
  programs.zsh.interactiveShellInit = "bindkey -e";
  programs.tmux.enable = true;

  orbekk.secrets.enable = true;

  nixpkgs.config.packageOverrides = pkgs: {
    libsignal-protocol-c = pkgs.callPackage ../pkgs/libsignal-c/default.nix { };
    keycloak = pkgs.callPackage ../pkgs/keycloak/default.nix { };
  };

  users.users.root.openssh.authorizedKeys.keys = [
    "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCgvHMjYQ5Ty7Em2Seji6dvYhgQUIbyhiHdzRINYpiOUMuVA8wgJOV0ZggmFFTO5zfJ83m7E5nc/zMuBVHwkx1gJz5ic8YdO9eLIhymQn9R+9fyLA+g+h8uwTi7UlFmQp+My7MYYxdA2tet1wwgm39Yu49mxi8lARUgi4awXn5K/ZFy08GyjGia2E/YKx2gXPKhHsWFKWPO5u8ik0v8AFCliY2wXiG4jkZE2zI0gI5FUp66tpxkaOSZqreH+lVJw+S+GAJIqzGI99zqZsAdpr7m4WALZEYwj9D7/lattSG14CAjXxjqcMSsfi6fV0ZsF1O40eoZ9mNQpIvatXtL6HBSN3kuUfraQMeB8o5kbxwyXt2Fr5hMKtEGYlMv5uPqdn+yHcC51F3RkUxFJplOFwZ3Rh/AjLLMKo+vEtL9UjhTuYiSQ0ySunY5JbBVkJY4z3pLT9MOPnq+KIfBMFBI/eYE6yeMNTHxIFMDaNMFOxWc0SoBDhgZJX5eblYidt/YWMOEPbqJNCrWIzQwtDsiYsF9JS/3D5civwTP/oaASaiJWTAvluwbibMFAC1OSBFb20xM5gD0C1q05pxVMN3Ioy1P0CIvJMLWfQR1yrNbnmoGUGHeSA/gwaxqMg7G+P/SBIheDAYEu5fzXXgFgO3sI8JvIdc1NTJMmHktahb/ecG1MQ== cardno:000605483586"
  ];

  networking.networkmanager.unmanaged = [ "interface-name:wg*" ];

  # TODO: replace with programs.neovim.enable
  nixpkgs.overlays = [
    (final: prev: {
      neovim = prev.neovim.override {
        viAlias = true;
        vimAlias = true;
      };
    })
  ];
  environment.variables.EDITOR = "${pkgs.neovim}/bin/nvim";

  environment.systemPackages = with pkgs; [
    inetutils # telnet
    bat
    bwm_ng
    clang
    coreutils
    direnv
    dnsutils
    binutils
    #emacs
    emacsPgtkNativeComp
    exa
    fd
    fzf
    git
    gitFull
    gnupg
    haskellPackages.hledger
    hledger
    htop
    iotop
    ledger
    moreutils
    mosh
    most
    neovim
    nix-index
    p7zip
    pass
    ripgrep
    rustup
    silver-searcher
    sqlite
    stow
    unrar
    unzip
    whois
    zoxide
    gnuplot
    (rWrapper.override {
      packages = with rPackages; [ data_table ggplot2 hms viridis lubridate ];
    })
  ];
  time.timeZone = "America/New_York";

  console.font = "ter-i32b";
  console.packages = [ pkgs.terminus_font ];

  services = {
    postgresql = { package = pkgs.postgresql_12; };
    openssh.passwordAuthentication = false;
    openssh.challengeResponseAuthentication = false;
  };

  systemd.services.nix-gc.serviceConfig = {
    Nice = 19;
    IOSchedulingPriority = 7;
    IOSchedulingClass = "best-effort";
  };

  nix = rec {
    useSandbox = lib.mkDefault true;
    maxJobs = lib.mkOverride 110 16;
    buildCores = lib.mkDefault 0; # auto configure
    gc.automatic = lib.mkDefault true;
    binaryCaches = [
      "https://nix-community.cachix.org"
    ];
    binaryCachePublicKeys = [
      "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
    ];
    daemonCPUSchedPolicy = "idle";
    daemonIOSchedPriority = 10;
    package = pkgs.nixFlakes;
    extraOptions = ''
      experimental-features = nix-command flakes
    '';
    autoOptimiseStore = true;
  };

  boot.cleanTmpDir = true;

  nixpkgs.config.allowUnfree = true;
}