blob: 2353dde5419c2d1a6cc276e20e2131341a56c1a4 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
|
{ pkgs, config, lib, ... }:
{
boot = {
loader = {
# Use the systemd-boot EFI boot loader.
systemd-boot.enable = true;
# Prohibits gaining root access by passing init=/bin/sh as a
# kernel parameter
systemd-boot.editor = false;
efi.canTouchEfiVariables = true;
};
kernelPackages = pkgs.linuxPackages_latest;
cleanTmpDir = true;
tmpOnTmpfs = true;
};
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
time.timeZone = "America/Los_Angeles";
security.sudo.wheelNeedsPassword = false;
security.polkit.enable = true;
services.fstrim.enable = true;
services.fwupd.enable = true;
programs.ssh = {
# $ ssh-keyscan example.com
knownHosts = {
github = {
hostNames = [ "github.com" ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl";
};
rsync = {
hostNames = [ "de2664.rsync.net" ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIObQN4P/deJ/k4P4kXh6a9K4Q89qdyywYetp9h3nwfPo";
};
};
};
nix = {
package = pkgs.nixFlakes;
settings = {
trusted-users = [ "root" "@wheel" ];
auto-optimise-store = true;
substituters = [
"https://cachix.cachix.org"
"https://nix-community.cachix.org"
];
trusted-public-keys = [
"cachix.cachix.org-1:eWNHQldwUO7G2VkjpnjDbWwy4KQ/HNxht7H4SSoMckM="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
experimental-features = [ "nix-command" "flakes" ];
# Whether to warn about dirty Git/Mercurial trees - this is not
# useful information to me.
warn-dirty = false;
# The timeout (in seconds) for establishing connections in the binary
# cache substituter. It corresponds to curl’s –connect-timeout option.
# The default is equivalent to 300 seconds, way too long.
connect-timeout = 5;
# The number of lines of the tail of the log to show if a build fails.
# The default is 10 and it's usually too short.
log-lines = 25;
# If set to true, Nix will fall back to building from source if
# a binary substitute fails. This is equivalent to the –fallback
# flag. The default is false.
fallback = true;
};
gc = {
automatic = true;
options = "--delete-older-than 14d";
};
};
environment.shells = with pkgs; [ bashInteractive ];
environment.systemPackages = with pkgs; [
binutils
cacert
curl
dmidecode
ethtool
flamegraph
git
htop
hwdata
iftop
iptraf-ng
linuxPackages.cpupower
config.boot.kernelPackages.perf
lm_sensors
lsb-release
lsof
man-pages
mg
mtr
numactl
parted
pciutils
perf-tools
powertop
rsync
sqlite
strace
tcpdump
tmux
traceroute
unzip
usbutils
vim
wget
wireguard-tools
# my custom tools
tools.perf-flamegraph-pid
];
programs.bcc.enable = true;
}
|
