{ pkgs, config, lib, ... }: { boot = { loader = { # Use the systemd-boot EFI boot loader. systemd-boot.enable = true; # Prohibits gaining root access by passing init=/bin/sh as a # kernel parameter systemd-boot.editor = false; efi.canTouchEfiVariables = true; }; kernelPackages = pkgs.linuxPackages_latest; cleanTmpDir = true; tmpOnTmpfs = true; }; # Select internationalisation properties. i18n.defaultLocale = "en_US.UTF-8"; time.timeZone = "America/Los_Angeles"; security.sudo.wheelNeedsPassword = false; security.polkit.enable = true; services.fstrim.enable = true; programs.ssh = { # $ ssh-keyscan example.com knownHosts = { github = { hostNames = [ "github.com" ]; publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl"; }; rsync = { hostNames = [ "de2664.rsync.net" ]; publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIObQN4P/deJ/k4P4kXh6a9K4Q89qdyywYetp9h3nwfPo"; }; }; }; nix = { package = pkgs.nixFlakes; settings = { trusted-users = [ "root" "@wheel" ]; auto-optimise-store = true; substituters = [ "https://cachix.cachix.org" "https://nix-community.cachix.org" ]; trusted-public-keys = [ "cachix.cachix.org-1:eWNHQldwUO7G2VkjpnjDbWwy4KQ/HNxht7H4SSoMckM=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" ]; experimental-features = [ "nix-command" "flakes" ]; # Whether to warn about dirty Git/Mercurial trees - this is not # useful information to me. warn-dirty = false; # The timeout (in seconds) for establishing connections in the binary # cache substituter. It corresponds to curl’s –connect-timeout option. # The default is equivalent to 300 seconds, way too long. connect-timeout = 5; # The number of lines of the tail of the log to show if a build fails. # The default is 10 and it's usually too short. log-lines = 25; # If set to true, Nix will fall back to building from source if # a binary substitute fails. This is equivalent to the –fallback # flag. The default is false. fallback = true; }; gc = { automatic = true; options = "--delete-older-than 14d"; }; }; environment.shells = with pkgs; [ bashInteractive ]; environment.systemPackages = with pkgs; [ binutils cacert curl dmidecode ethtool flamegraph git htop hwdata iftop iptraf-ng linuxPackages.cpupower config.boot.kernelPackages.perf lm_sensors lsb-release lsof man-pages mg mtr numactl parted pciutils perf-tools powertop rsync sqlite strace tcpdump tmux traceroute unzip usbutils vim wget wireguard-tools # my custom tools tools.perf-flamegraph-pid ]; programs.bcc.enable = true; }