2025-11-30 14:32:36 -05:00
|
|
|
{
|
|
|
|
|
config,
|
|
|
|
|
lib,
|
|
|
|
|
...
|
|
|
|
|
}:
|
|
|
|
|
|
|
|
|
|
{
|
|
|
|
|
imports = [
|
|
|
|
|
./roles/boot
|
2025-12-18 22:28:03 -05:00
|
|
|
./roles/cilium
|
2025-12-15 22:32:32 -05:00
|
|
|
./roles/containerd
|
2025-12-08 20:33:41 -05:00
|
|
|
./roles/control_plane
|
2025-11-30 14:32:36 -05:00
|
|
|
./roles/doas
|
2025-12-08 20:33:41 -05:00
|
|
|
./roles/dont_use_substituters
|
2025-11-30 14:32:36 -05:00
|
|
|
./roles/etcd
|
2025-12-16 21:07:39 -05:00
|
|
|
./roles/firewall
|
2025-11-30 14:32:36 -05:00
|
|
|
./roles/image_based_appliance
|
|
|
|
|
./roles/iso
|
2025-12-08 20:33:41 -05:00
|
|
|
./roles/kube_apiserver
|
2025-12-15 19:47:35 -05:00
|
|
|
./roles/kube_controller_manager
|
2025-12-16 21:07:39 -05:00
|
|
|
./roles/kube_proxy
|
2025-12-15 20:09:46 -05:00
|
|
|
./roles/kube_scheduler
|
2025-12-16 19:31:33 -05:00
|
|
|
./roles/kubelet
|
2025-12-08 20:33:41 -05:00
|
|
|
./roles/kubernetes
|
2025-11-30 14:32:36 -05:00
|
|
|
./roles/minimal_base
|
|
|
|
|
./roles/network
|
|
|
|
|
./roles/nvme
|
2025-12-08 20:33:41 -05:00
|
|
|
./roles/optimized_build
|
2025-11-30 14:32:36 -05:00
|
|
|
./roles/ssh
|
|
|
|
|
./roles/sshd
|
|
|
|
|
./roles/user
|
2025-12-15 22:32:32 -05:00
|
|
|
./roles/worker_node
|
2025-11-30 14:32:36 -05:00
|
|
|
./roles/zsh
|
|
|
|
|
./util/install_files
|
|
|
|
|
./util/unfree_polyfill
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
config = {
|
|
|
|
|
nix.settings.experimental-features = [
|
|
|
|
|
"nix-command"
|
|
|
|
|
"flakes"
|
|
|
|
|
"ca-derivations"
|
|
|
|
|
# "blake3-hashes"
|
|
|
|
|
# "git-hashing"
|
|
|
|
|
];
|
|
|
|
|
nix.settings.trusted-users = [ "@wheel" ];
|
|
|
|
|
|
|
|
|
|
hardware.enableRedistributableFirmware = true;
|
|
|
|
|
|
|
|
|
|
# Keep outputs so we can build offline.
|
|
|
|
|
nix.settings.keep-outputs = true;
|
|
|
|
|
nix.settings.keep-derivations = true;
|
|
|
|
|
|
|
|
|
|
# Automatic garbage collection
|
|
|
|
|
nix.gc = lib.mkIf (!config.me.buildingPortable) {
|
|
|
|
|
# Runs nix-collect-garbage --delete-older-than 5d
|
|
|
|
|
automatic = true;
|
|
|
|
|
persistent = true;
|
|
|
|
|
dates = "monthly";
|
|
|
|
|
# randomizedDelaySec = "14m";
|
|
|
|
|
options = "--delete-older-than 30d";
|
|
|
|
|
};
|
|
|
|
|
nix.settings.auto-optimise-store = !config.me.buildingPortable;
|
|
|
|
|
|
|
|
|
|
environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
|
|
|
|
|
hideMounts = true;
|
|
|
|
|
directories = [
|
|
|
|
|
"/var/lib/nixos" # Contains user information (uids/gids)
|
|
|
|
|
"/var/lib/systemd" # Systemd state directory for random seed, persistent timers, core dumps, persist hardware state like backlight and rfkill
|
|
|
|
|
"/var/log/journal" # Logs, alternatively set `services.journald.storage = "volatile";` to write to /run/log/journal
|
|
|
|
|
];
|
|
|
|
|
files = [
|
|
|
|
|
"/etc/machine-id" # Systemd unique machine id "otherwise, the system journal may fail to list earlier boots, etc"
|
|
|
|
|
];
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
# Write a list of the currently installed packages to /etc/current-system-packages
|
|
|
|
|
# environment.etc."current-system-packages".text =
|
|
|
|
|
# let
|
|
|
|
|
# packages = builtins.map (p: "${p.name}") config.environment.systemPackages;
|
|
|
|
|
# sortedUnique = builtins.sort builtins.lessThan (lib.unique packages);
|
|
|
|
|
# formatted = builtins.concatStringsSep "\n" sortedUnique;
|
|
|
|
|
# in
|
|
|
|
|
# formatted;
|
|
|
|
|
|
|
|
|
|
# nixpkgs.overlays = [
|
|
|
|
|
# (final: prev: {
|
|
|
|
|
# foot = throw "foo";
|
|
|
|
|
# })
|
|
|
|
|
# ];
|
|
|
|
|
|
|
|
|
|
nixpkgs.overlays =
|
|
|
|
|
let
|
|
|
|
|
disableTests = (
|
|
|
|
|
package_name:
|
|
|
|
|
(final: prev: {
|
|
|
|
|
"${package_name}" = prev."${package_name}".overrideAttrs (old: {
|
|
|
|
|
doCheck = false;
|
|
|
|
|
doInstallCheck = false;
|
|
|
|
|
});
|
|
|
|
|
})
|
|
|
|
|
);
|
|
|
|
|
in
|
|
|
|
|
[
|
|
|
|
|
# (final: prev: {
|
|
|
|
|
# imagemagick = prev.imagemagick.overrideAttrs (old: rec {
|
|
|
|
|
# # 7.1.2-6 seems to no longer exist, so use 7.1.2-7
|
|
|
|
|
# version = "7.1.2-7";
|
|
|
|
|
|
|
|
|
|
# src = final.fetchFromGitHub {
|
|
|
|
|
# owner = "ImageMagick";
|
|
|
|
|
# repo = "ImageMagick";
|
|
|
|
|
# tag = version;
|
|
|
|
|
# hash = "sha256-9ARCYftoXiilpJoj+Y+aLCEqLmhHFYSrHfgA5DQHbGo=";
|
|
|
|
|
# };
|
|
|
|
|
# });
|
|
|
|
|
# })
|
|
|
|
|
# (final: prev: {
|
|
|
|
|
# grub2 = (final.callPackage ./package/grub { });
|
|
|
|
|
# })
|
2026-01-11 11:56:02 -05:00
|
|
|
(final: prev: {
|
|
|
|
|
inherit (final.unoptimized)
|
|
|
|
|
libtpms
|
|
|
|
|
;
|
|
|
|
|
})
|
2025-11-30 14:32:36 -05:00
|
|
|
];
|
|
|
|
|
|
|
|
|
|
# This option defines the first version of NixOS you have installed on this particular machine,
|
|
|
|
|
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
|
|
|
|
|
#
|
|
|
|
|
# Most users should NEVER change this value after the initial install, for any reason,
|
|
|
|
|
# even if you've upgraded your system to a new NixOS release.
|
|
|
|
|
#
|
|
|
|
|
# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
|
|
|
|
|
# so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
|
|
|
|
|
# to actually do that.
|
|
|
|
|
#
|
|
|
|
|
# This value being lower than the current NixOS release does NOT mean your system is
|
|
|
|
|
# out of date, out of support, or vulnerable.
|
|
|
|
|
#
|
|
|
|
|
# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
|
|
|
|
|
# and migrated your data accordingly.
|
|
|
|
|
#
|
|
|
|
|
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
|
|
|
|
|
system.stateVersion = "24.11"; # Did you read the comment?
|
|
|
|
|
};
|
|
|
|
|
}
|
