61 lines
1.2 KiB
Nix
61 lines
1.2 KiB
Nix
{
|
|
inputs,
|
|
pkgs,
|
|
...
|
|
}: {
|
|
imports = [
|
|
./boot
|
|
./nebula
|
|
|
|
./hardening.nix
|
|
./limits.nix
|
|
./networking.nix
|
|
];
|
|
|
|
# Ensure root login is available on every machine (if ssh is enabled)
|
|
users.users.root.openssh.authorizedKeys.keys = import ../keys/ssh.nix;
|
|
|
|
# Speed up the build a little bit, these aren't really needed
|
|
documentation = {
|
|
enable = false;
|
|
info.enable = false;
|
|
man.enable = false;
|
|
doc.enable = false;
|
|
nixos.enable = false;
|
|
};
|
|
|
|
# Immutable users
|
|
users.mutableUsers = false;
|
|
|
|
### Nix settings ###
|
|
nix = {
|
|
# Periodically optimise & collect garbage
|
|
gc = {
|
|
automatic = true;
|
|
dates = "daily";
|
|
options = "--delete-older-than 30d";
|
|
};
|
|
optimise = {
|
|
automatic = true;
|
|
dates = ["daily"];
|
|
};
|
|
|
|
# Make sure flakes are enabled
|
|
settings.experimental-features = ["nix-command" "flakes"];
|
|
extraOptions = ''
|
|
keep-outputs = true
|
|
keep-derivations = true
|
|
|
|
flake-registry = ${builtins.toFile "flake-registry" (builtins.toJSON {
|
|
version = 2;
|
|
flakes = [];
|
|
})}
|
|
'';
|
|
nixPath = ["nixpkgs=${pkgs.path}"];
|
|
registry = {
|
|
self.flake = inputs.self;
|
|
nixpkgs.flake = inputs.nixpkgs;
|
|
};
|
|
};
|
|
}
|