mirror of
https://github.com/Swarsel/.dotfiles.git
synced 2025-12-06 00:57:22 +01:00
96 lines
2.6 KiB
Nix
96 lines
2.6 KiB
Nix
{ lib, pkgs, modulesPath, options, ... }:
|
|
{
|
|
disabledModules = [
|
|
# This module adds values to multiple lists (systemPackages, supportedFilesystems)
|
|
# which are impossible/unpractical to remove, so we disable the entire module.
|
|
"profiles/base.nix"
|
|
];
|
|
|
|
imports = [
|
|
# reduce closure size by removing perl
|
|
"${modulesPath}/profiles/perlless.nix"
|
|
# FIXME: we still are left with nixos-generate-config due to nixos-install-tools
|
|
{ system.forbiddenDependenciesRegexes = lib.mkForce [ ]; }
|
|
];
|
|
|
|
config = {
|
|
networking.hostName = "brickroad";
|
|
|
|
system = {
|
|
# nixos-option is mainly useful for interactive installations
|
|
tools.nixos-option.enable = false;
|
|
# among others, this prevents carrying a stdenv with gcc in the image
|
|
extraDependencies = lib.mkForce [ ];
|
|
};
|
|
# prevents shipping nixpkgs, unnecessary if system is evaluated externally
|
|
nix.registry = lib.mkForce { };
|
|
|
|
# would pull in nano
|
|
programs.nano.enable = false;
|
|
|
|
# prevents strace
|
|
environment = {
|
|
defaultPackages = lib.mkForce [
|
|
pkgs.parted
|
|
pkgs.gptfdisk
|
|
pkgs.e2fsprogs
|
|
];
|
|
|
|
systemPackages = with pkgs; [
|
|
cryptsetup.bin
|
|
];
|
|
|
|
# Don't install the /lib/ld-linux.so.2 stub. This saves one instance of nixpkgs.
|
|
ldso32 = null;
|
|
};
|
|
|
|
# included in systemd anyway
|
|
systemd.sysusers.enable = true;
|
|
|
|
# normal users are not allowed with sys-users
|
|
# see https://github.com/NixOS/nixpkgs/pull/328926
|
|
users.users.nixos = {
|
|
isSystemUser = true;
|
|
isNormalUser = lib.mkForce false;
|
|
shell = "/run/current-system/sw/bin/bash";
|
|
group = "nixos";
|
|
};
|
|
users.groups.nixos = { };
|
|
|
|
security = {
|
|
# we have still run0 from systemd and most of the time we just use root
|
|
sudo.enable = false;
|
|
polkit.enable = lib.mkForce false;
|
|
# introduces x11 dependencies
|
|
pam.services.su.forwardXAuth = lib.mkForce false;
|
|
};
|
|
|
|
documentation = {
|
|
enable = false;
|
|
man.enable = false;
|
|
nixos.enable = false;
|
|
info.enable = false;
|
|
doc.enable = false;
|
|
};
|
|
|
|
services = {
|
|
# no dependency on x11
|
|
dbus.implementation = "broker";
|
|
# we prefer root as this is also what we use in nixos-anywhere
|
|
getty.autologinUser = lib.mkForce "root";
|
|
# included in systemd anyway
|
|
userborn.enable = false;
|
|
};
|
|
|
|
|
|
|
|
# we are missing this from base.nix
|
|
boot.supportedFilesystems = [
|
|
"ext4"
|
|
"btrfs"
|
|
"xfs"
|
|
];
|
|
} // lib.optionalAttrs (options.hardware ? firmwareCompression) {
|
|
hardware.firmwareCompression = "xz";
|
|
};
|
|
}
|