nixos-config/modules/baseline.nix

{ config, pkgs, lib, ... }:
{
  time.timeZone = "US/Eastern";

  boot = {
    zfs.forceImportAll = false;
    zfs.forceImportRoot = false;
    kernelParams = [ "amdgpu.gpu_recovery=1" "panic=30" ];
    initrd.availableKernelModules = [ "nvme" ];
  };

  nixpkgs.config.allowUnfree = true;
  environment.variables.NIXPKGS_ALLOW_UNFREE = "1";

  systemd.tmpfiles.rules = [ "e /nix/var/log - - - 30d" ];

  environment.systemPackages = [ (pkgs.writeShellScriptBin "nix-env" "exec echo nix-env is disabled") ];

  zramSwap.enable = true;

  networking.hostId = builtins.substring 0 8 (builtins.hashString "md5" config.networking.hostName);

  hardware = {
    cpu.amd.updateMicrocode = true;
    cpu.intel.updateMicrocode = true;
  };

  services = {
    earlyoom.enable = true;
    avahi = {
      enable = true;
      nssmdns = true;
      publish.enable = true;
      publish.addresses = true;
    };
  };

  systemd.timers.nixosReport.timerConfig.RandomizedDelaySec = "55min";
  systemd.services.nixosReport = {
    startAt = "hourly";
    serviceConfig.Type = "simple";
    serviceConfig.ExecStart = lib.concatStringsSep " " [
      "${pkgs.curl}/bin/curl --silent https://log.bck.me/nixos-report"
      "-H 'hostname: ${config.networking.hostName}'"
      "-H 'version: ${config.system.nixos.label}'"
      "-H 'sconfig: ${builtins.toJSON config.sconfig}'"
    ];
  };

  security.sudo.extraRules = [{
    groups = [ "wheel" ];
    commands = [
      { options = [ "NOPASSWD" ]; command = "/run/current-system/sw/bin/nix-collect-garbage -d"; }
      { options = [ "NOPASSWD" ]; command = "/run/current-system/sw/bin/nix-channel --update"; }
      { options = [ "NOPASSWD" ]; command = "/run/current-system/sw/bin/nixos-rebuild switch"; }
      { options = [ "NOPASSWD" ]; command = "/run/current-system/sw/bin/nixos-rebuild switch --upgrade"; }
      { options = [ "NOPASSWD" ]; command = "/run/current-system/sw/bin/nixos-rebuild boot"; }
      { options = [ "NOPASSWD" ]; command = "/run/current-system/sw/bin/nixos-rebuild boot --upgrade"; }
    ];
  }];

  users.users.sean = {
    isNormalUser = true;
    extraGroups = [ "wheel" "audio" "video" "networkmanager" "dialout" "input" "wireshark" ];
    openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIqWHzIXaF88Y8+64gBlLbZ5ZZcLl08kTHG1clHd7gaq desktop"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILh1MVRPld8lg8U7j4QwurxkTGLd4EYEn+JaplqXMqNW"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHtTBrVXCDelPYUeUzFSLhWtBDI8IO6HVpX4ewUxD+Nc"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPLZgFlJTT8wFz2DGeB1YETKPvm63/u1kT7pzranCoqP"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFbQPpgGWF2qsgiL2YlBMd3JyJ2fbksfykuDNJYrHWfO dell_laptop"
    ];
  };
}
add report service 2020-11-13 19:49:22 +00:00			`{ config, pkgs, lib, ... }:`
add files 2020-09-18 13:54:09 +00:00			`{`
reflow with nixpkgs-fmt 2020-09-24 05:45:48 +00:00			`time.timeZone = "US/Eastern";`
add files 2020-09-18 13:54:09 +00:00
reflow with nixpkgs-fmt 2020-09-24 05:45:48 +00:00			`boot = {`
			`zfs.forceImportAll = false;`
			`zfs.forceImportRoot = false;`
			`kernelParams = [ "amdgpu.gpu_recovery=1" "panic=30" ];`
add nvme module to baseline 2021-04-05 21:19:47 +00:00			`initrd.availableKernelModules = [ "nvme" ];`
reflow with nixpkgs-fmt 2020-09-24 05:45:48 +00:00			`};`
add files 2020-09-18 13:54:09 +00:00
reflow with nixpkgs-fmt 2020-09-24 05:45:48 +00:00			`nixpkgs.config.allowUnfree = true;`
			`environment.variables.NIXPKGS_ALLOW_UNFREE = "1";`
add files 2020-09-18 13:54:09 +00:00
reflow with nixpkgs-fmt 2020-09-24 05:45:48 +00:00			`systemd.tmpfiles.rules = [ "e /nix/var/log - - - 30d" ];`
add files 2020-09-18 13:54:09 +00:00
disable nix-env 2021-02-18 18:59:00 +00:00			`environment.systemPackages = [ (pkgs.writeShellScriptBin "nix-env" "exec echo nix-env is disabled") ];`

remove zramSwap.algorithm 2020-11-13 20:49:36 +00:00			`zramSwap.enable = true;`
add files 2020-09-18 13:54:09 +00:00
autogenerate hostId 2021-04-04 22:25:13 +00:00			`networking.hostId = builtins.substring 0 8 (builtins.hashString "md5" config.networking.hostName);`

reflow with nixpkgs-fmt 2020-09-24 05:45:48 +00:00			`hardware = {`
			`cpu.amd.updateMicrocode = true;`
			`cpu.intel.updateMicrocode = true;`
			`};`
add files 2020-09-18 13:54:09 +00:00
reflow with nixpkgs-fmt 2020-09-24 05:45:48 +00:00			`services = {`
			`earlyoom.enable = true;`
			`avahi = {`
			`enable = true;`
			`nssmdns = true;`
			`publish.enable = true;`
			`publish.addresses = true;`
add files 2020-09-18 13:54:09 +00:00			`};`
reflow with nixpkgs-fmt 2020-09-24 05:45:48 +00:00			`};`
add report service 2020-11-13 19:49:22 +00:00
			`systemd.timers.nixosReport.timerConfig.RandomizedDelaySec = "55min";`
			`systemd.services.nixosReport = {`
			`startAt = "hourly";`
			`serviceConfig.Type = "simple";`
			`serviceConfig.ExecStart = lib.concatStringsSep " " [`
			`"${pkgs.curl}/bin/curl --silent https://log.bck.me/nixos-report"`
			`"-H 'hostname: ${config.networking.hostName}'"`
			`"-H 'version: ${config.system.nixos.label}'"`
remove old profiles 2020-12-29 19:42:24 +00:00			`"-H 'sconfig: ${builtins.toJSON config.sconfig}'"`
add report service 2020-11-13 19:49:22 +00:00			`];`
			`};`
move user account 2020-12-27 16:23:42 +00:00
allow upgrades without password 2021-01-19 06:32:44 +00:00			`security.sudo.extraRules = [{`
			`groups = [ "wheel" ];`
			`commands = [`
allow GC without password 2021-01-20 16:06:57 +00:00			`{ options = [ "NOPASSWD" ]; command = "/run/current-system/sw/bin/nix-collect-garbage -d"; }`
allow upgrades without password 2021-01-19 06:32:44 +00:00			`{ options = [ "NOPASSWD" ]; command = "/run/current-system/sw/bin/nix-channel --update"; }`
			`{ options = [ "NOPASSWD" ]; command = "/run/current-system/sw/bin/nixos-rebuild switch"; }`
			`{ options = [ "NOPASSWD" ]; command = "/run/current-system/sw/bin/nixos-rebuild switch --upgrade"; }`
			`{ options = [ "NOPASSWD" ]; command = "/run/current-system/sw/bin/nixos-rebuild boot"; }`
			`{ options = [ "NOPASSWD" ]; command = "/run/current-system/sw/bin/nixos-rebuild boot --upgrade"; }`
			`];`
			`}];`

move user account 2020-12-27 16:23:42 +00:00			`users.users.sean = {`
			`isNormalUser = true;`
			`extraGroups = [ "wheel" "audio" "video" "networkmanager" "dialout" "input" "wireshark" ];`
			`openssh.authorizedKeys.keys = [`
label desktop SSH key 2021-02-03 02:40:19 +00:00			`"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIqWHzIXaF88Y8+64gBlLbZ5ZZcLl08kTHG1clHd7gaq desktop"`
move user account 2020-12-27 16:23:42 +00:00			`"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILh1MVRPld8lg8U7j4QwurxkTGLd4EYEn+JaplqXMqNW"`
			`"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHtTBrVXCDelPYUeUzFSLhWtBDI8IO6HVpX4ewUxD+Nc"`
			`"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPLZgFlJTT8wFz2DGeB1YETKPvm63/u1kT7pzranCoqP"`
add SSH key 2021-02-02 16:38:08 +00:00			`"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFbQPpgGWF2qsgiL2YlBMd3JyJ2fbksfykuDNJYrHWfO dell_laptop"`
move user account 2020-12-27 16:23:42 +00:00			`];`
			`};`
add files 2020-09-18 13:54:09 +00:00			`}`