{ config, lib, ... }: { imports = [ ./roles/boot ./roles/control_plane ./roles/doas ./roles/dont_use_substituters ./roles/etcd ./roles/image_based_appliance ./roles/iso ./roles/kube_apiserver ./roles/kube_controller_manager ./roles/kube_scheduler ./roles/kubernetes ./roles/minimal_base ./roles/network ./roles/nvme ./roles/optimized_build ./roles/ssh ./roles/sshd ./roles/user ./roles/zfs ./roles/zrepl ./roles/zsh ./util/install_files ./util/unfree_polyfill ]; config = { nix.settings.experimental-features = [ "nix-command" "flakes" "ca-derivations" # "blake3-hashes" # "git-hashing" ]; nix.settings.trusted-users = [ "@wheel" ]; hardware.enableRedistributableFirmware = true; # Keep outputs so we can build offline. nix.settings.keep-outputs = true; nix.settings.keep-derivations = true; # Automatic garbage collection nix.gc = lib.mkIf (!config.me.buildingPortable) { # Runs nix-collect-garbage --delete-older-than 5d automatic = true; persistent = true; dates = "monthly"; # randomizedDelaySec = "14m"; options = "--delete-older-than 30d"; }; nix.settings.auto-optimise-store = !config.me.buildingPortable; environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) { hideMounts = true; directories = [ "/var/lib/nixos" # Contains user information (uids/gids) "/var/lib/systemd" # Systemd state directory for random seed, persistent timers, core dumps, persist hardware state like backlight and rfkill "/var/log/journal" # Logs, alternatively set `services.journald.storage = "volatile";` to write to /run/log/journal ]; files = [ "/etc/machine-id" # Systemd unique machine id "otherwise, the system journal may fail to list earlier boots, etc" ]; }; # Write a list of the currently installed packages to /etc/current-system-packages # environment.etc."current-system-packages".text = # let # packages = builtins.map (p: "${p.name}") config.environment.systemPackages; # sortedUnique = builtins.sort builtins.lessThan (lib.unique packages); # formatted = builtins.concatStringsSep "\n" sortedUnique; # in # formatted; # nixpkgs.overlays = [ # (final: prev: { # foot = throw "foo"; # }) # ]; nixpkgs.overlays = let disableTests = ( package_name: (final: prev: { "${package_name}" = prev."${package_name}".overrideAttrs (old: { doCheck = false; doInstallCheck = false; }); }) ); in [ # (final: prev: { # imagemagick = prev.imagemagick.overrideAttrs (old: rec { # # 7.1.2-6 seems to no longer exist, so use 7.1.2-7 # version = "7.1.2-7"; # src = final.fetchFromGitHub { # owner = "ImageMagick"; # repo = "ImageMagick"; # tag = version; # hash = "sha256-9ARCYftoXiilpJoj+Y+aLCEqLmhHFYSrHfgA5DQHbGo="; # }; # }); # }) # (final: prev: { # grub2 = (final.callPackage ./package/grub { }); # }) (final: prev: { inherit (final.unoptimized) libtpms ; }) ]; # This option defines the first version of NixOS you have installed on this particular machine, # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. # # Most users should NEVER change this value after the initial install, for any reason, # even if you've upgraded your system to a new NixOS release. # # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how # to actually do that. # # This value being lower than the current NixOS release does NOT mean your system is # out of date, out of support, or vulnerable. # # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, # and migrated your data accordingly. # # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . system.stateVersion = "24.11"; # Did you read the comment? }; }