nixdots/hosts/herugrim/default.nix

80 lines
1.9 KiB
Nix

{ lib, pkgs, ... }:
{
imports = [
./hardware-configuration.nix
];
boot.supportedFilesystems = [ "btrfs" ];
# My flake disables this by default for security reasons. However,
# with an encrypted setup, which requires entering password before
# booting anyways, this is not a security concern, and changing the
# kernel params can be useful for debugging.
boot.loader.systemd-boot.editor = true;
nix.settings = {
max-jobs = 6;
cores = 6;
};
# NixOS release from which this machine was first installed.
# (for stateful data, like file locations and db versions)
# Leave this alone!
system.stateVersion = lib.mkForce "23.11";
services.openssh.settings.PasswordAuthentication = lib.mkForce true;
myOptions = {
system = {
hostname = "herugrim";
username = "itsdrike";
impermanence = {
root = {
enable = true;
# Some people use /nix/persist/system for this, leaving persistent files in /nix subvolume
# I much prefer using a standalone subvolume for this though.
persistentMountPoint = "/persist";
};
# Configure automatic root subvolume wiping on boot from initrd
autoWipeBtrfs = {
enable = true;
devices."/dev/disk/by-label/NIXROOT".subvolumes = [ "root" ];
};
};
boot = {
secure-boot.enable = true;
tmpOnTmpfs = true;
};
};
device = {
roles = {
type = "laptop";
virtual-machine = false;
};
cpu.type = "intel";
hasTPM = true;
};
workstation = {
printing.enable = true;
};
home-manager = {
enable = true;
stateVersion = "23.11";
git = {
userName = "ItsDrike";
userEmail = "itsdrike@protonmail.com";
signing = {
enabled = true;
key = "FA2745890B7048C0";
};
};
};
};
}