neosyn/module.nix

72 lines
1.7 KiB
Nix
Raw Permalink Normal View History

2024-11-29 11:35:14 +01:00
{ lib, config, pkgs, ... }:
let
inherit (lib) mkDefault mkForce;
in {
documentation.info.enable = mkForce false;
environment.memoryAllocator.provider = mkForce "mimalloc";
networking = {
nftables.enable = mkDefault true;
useNetworkd = mkDefault true;
};
nix = {
channel.enable = mkDefault false;
daemonCPUSchedPolicy = mkDefault "batch";
daemonIOSchedClass = mkDefault "best-effort";
daemonIOSchedPriority = mkDefault 7;
settings = {
experimental-features = [
"cgroups"
"dynamic-derivations"
"flakes"
"nix-command"
"pipe-operator"
"repl-flake"
];
allowed-users = config.users.users
|> lib.filterAttrs (_: user: user.isNormalUser)
|> lib.mapAttrsToList (_: user: user.name)
|> mkDefault;
trusted-users = mkDefault [ "@wheel" ];
builders-use-substitutes = mkDefault true;
http-connections = mkDefault 128;
max-substitution-jobs = mkDefault 32;
preallocate-contents = mkDefault true;
use-cgroups = mkDefault true;
use-sqlite-wal = mkForce true;
use-xdg-base-directories = mkDefault true;
};
/*
registry = {
nixpkgs.to = mkDefault {
type = "path";
path = pkgs.path;
narHash = lib.trim (builtins.readFile
(pkgs.runCommand "nixpkgs-hash" {
preferLocal = true;
} "${lib.getExe config.nix.package} hash path --sri --type sha256 ${pkgs.path} >$out"));
};
};
*/
};
security = {
sudo.enable = mkDefault false;
sudo-rs.enable = mkDefault true;
};
services = {
dbus.implementation = mkDefault "broker";
xserver.enable = mkForce false;
};
users.mutableUsers = mkDefault false;
}