diff --git a/modules/basic.nix b/modules/basic.nix index d9ebb5a1..0252f38c 100644 --- a/modules/basic.nix +++ b/modules/basic.nix @@ -2,56 +2,11 @@ inputs: { config = { - nix = - { - settings = - { - experimental-features = [ "nix-command" "flakes" ]; - keep-outputs = true; - system-features = [ "big-parallel" ]; - keep-failed = true; - auto-optimise-store = true; - }; - daemonIOSchedClass = "idle"; - daemonCPUSchedPolicy = "idle"; - registry = - { - nixpkgs.flake = inputs.topInputs.nixpkgs; - nixos-config.flake = inputs.topInputs.self; - }; - # nixPath = - # [ - # "nixpkgs=/etc/channels/nixpkgs" - # "nixos-config=/etc/nixos/configuration.nix" - # "/nix/var/nix/profiles/per-user/root/channels" - # ]; - }; - time.timeZone = "Asia/Shanghai"; - system = - { - stateVersion = "22.11"; - configurationRevision = inputs.topInputs.self.rev or "dirty"; - }; - nixpkgs.config.allowUnfree = true; - systemd = - { - extraConfig = - " - DefaultTimeoutStopSec=10s - DefaultLimitNOFILE=1048576:1048576 - "; - user.extraConfig = "DefaultTimeoutStopSec=10s"; - sleep.extraConfig = - " - SuspendState=freeze - HibernateMode=shutdown - "; - services.nix-daemon.serviceConfig = { Slice = "-.slice"; Nice = "19"; }; - timers.systemd-tmpfiles-clean.enable = false; - }; - programs.nix-ld.enable = true; - boot = { supportedFilesystems = [ "ntfs" ]; consoleLogLevel = 7; }; - hardware.enableAllFirmware = true; + systemd.sleep.extraConfig = + " + SuspendState=freeze + HibernateMode=shutdown + "; security.pam = { u2f = { enable = true; cue = true; authFile = ./u2f_keys; }; diff --git a/modules/hardware/chn-PC.nix b/modules/hardware/chn-PC.nix index a0989352..8e4efbad 100644 --- a/modules/hardware/chn-PC.nix +++ b/modules/hardware/chn-PC.nix @@ -4,7 +4,6 @@ { nixpkgs = { - config.allowUnfree = true; overlays = [( final: prev: @@ -21,8 +20,6 @@ } )]; }; - services.dbus.implementation = "broker"; - programs.dconf.enable = true; hardware.opengl = { extraPackages = with inputs.pkgs; [ intel-media-driver intel-ocl ]; @@ -59,22 +56,5 @@ wantedBy = [ "multi-user.target" ]; }; }; - boot.kernel.sysctl = - { - "net.core.rmem_max" = 67108864; - "net.core.wmem_max" = 67108864; - "net.ipv4.tcp_rmem" = "4096 87380 67108864"; - "net.ipv4.tcp_wmem" = "4096 65536 67108864"; - "net.ipv4.tcp_mtu_probing" = true; - "net.ipv4.tcp_tw_reuse" = true; - "vm.swappiness" = 10; - "net.ipv4.tcp_max_syn_backlog" = 8388608; - "net.core.netdev_max_backlog" = 8388608; - "net.core.somaxconn" = 8388608; - "vm.oom_kill_allocating_task" = true; - "vm.oom_dump_tasks" = false; - "vm.overcommit_memory" = 1; - "dev.i915.perf_stream_paranoid" = false; - }; }; } diff --git a/modules/system/default.nix b/modules/system/default.nix index 28b164b3..f2fb746e 100644 --- a/modules/system/default.nix +++ b/modules/system/default.nix @@ -9,18 +9,84 @@ inputs: [ # generic { - systemd.services = + nix = { - nix-daemon = { environment = { TMPDIR = "/var/cache/nix"; }; serviceConfig = { CacheDirectory = "nix"; }; }; - systemd-tmpfiles-setup = { environment = { SYSTEMD_TMPFILES_FORCE_SUBVOL = "0"; }; }; + settings = + { + system-features = [ "big-parallel" "nixos-test" "benchmark" ]; + experimental-features = [ "nix-command" "flakes" ]; + keep-outputs = true; + keep-failed = true; + auto-optimise-store = true; + }; + daemonIOSchedClass = "idle"; + daemonCPUSchedPolicy = "idle"; + registry = + { + nixpkgs.flake = inputs.topInputs.nixpkgs; + nixos-config.flake = inputs.topInputs.self; + }; + }; + services = + { + udev.extraRules = stripeTabs + '' + ACTION=="add|change", KERNEL=="[sv]d[a-z]", ATTR{queue/rotational}=="0", ATTR{queue/scheduler}="bfq" + ACTION=="add|change", KERNEL=="nvme[0-9]n[0-9]", ATTR{queue/rotational}=="0", ATTR{queue/scheduler}="bfq" + ''; + dbus.implementation = "broker"; }; - nix.settings.system-features = [ "nixos-test" "benchmark" ]; - services.udev.extraRules = stripeTabs - '' - ACTION=="add|change", KERNEL=="[sv]d[a-z]", ATTR{queue/rotational}=="0", ATTR{queue/scheduler}="bfq" - ACTION=="add|change", KERNEL=="nvme[0-9]n[0-9]", ATTR{queue/rotational}=="0", ATTR{queue/scheduler}="bfq" - ''; networking.networkmanager.enable = true; + programs = { dconf.enable = true; nix-ld.enable = true; }; + nixpkgs.config.allowUnfree = true; + time.timeZone = "Asia/Shanghai"; + system = + { + stateVersion = "22.11"; + configurationRevision = inputs.topInputs.self.rev or "dirty"; + }; + boot = + { + kernel.sysctl = + { + "net.core.rmem_max" = 67108864; + "net.core.wmem_max" = 67108864; + "net.ipv4.tcp_rmem" = "4096 87380 67108864"; + "net.ipv4.tcp_wmem" = "4096 65536 67108864"; + "net.ipv4.tcp_mtu_probing" = true; + "net.ipv4.tcp_tw_reuse" = true; + "vm.swappiness" = 10; + "net.ipv4.tcp_max_syn_backlog" = 8388608; + "net.core.netdev_max_backlog" = 8388608; + "net.core.somaxconn" = 8388608; + "vm.oom_kill_allocating_task" = true; + "vm.oom_dump_tasks" = false; + "vm.overcommit_memory" = 1; + "dev.i915.perf_stream_paranoid" = false; + }; + supportedFilesystems = [ "ntfs" ]; + consoleLogLevel = 7; + }; + hardware.enableAllFirmware = true; + systemd = + { + extraConfig = stripeTabs + " + DefaultTimeoutStopSec=10s + DefaultLimitNOFILE=1048576:1048576 + "; + user.extraConfig = "DefaultTimeoutStopSec=10s"; + services = + { + nix-daemon = + { + serviceConfig = { CacheDirectory = "nix"; Slice = "-.slice"; Nice = "19"; }; + environment = { TMPDIR = "/var/cache/nix"; }; + }; + systemd-tmpfiles-setup = { environment = { SYSTEMD_TMPFILES_FORCE_SUBVOL = "0"; }; }; + }; + timers.systemd-tmpfiles-clean.enable = false; + }; } # hostname { networking.hostName = inputs.config.nixos.system.hostname; } diff --git a/modules/virtualization/default.nix b/modules/virtualization/default.nix index 24b0839e..80517a5d 100644 --- a/modules/virtualization/default.nix +++ b/modules/virtualization/default.nix @@ -21,7 +21,7 @@ inputs: mkIf inputs.config.nixos.virtualization.docker.enable { virtualisation.docker = { enable = true; - rootless = { enable = true; setSocketVariable = true; }; + rootless = { enable = true; setSocketVariable = true; daemon.settings.features.buildkit = true; }; enableNvidia = true; storageDriver = "overlay2"; };}