107 lines
2.9 KiB
Nix
107 lines
2.9 KiB
Nix
{ outputs, config, lib, ... }:
|
|
|
|
{
|
|
security = {
|
|
sudo.enable = true;
|
|
polkit.enable = true;
|
|
};
|
|
|
|
services = {
|
|
printing.enable = true;
|
|
acpid.enable = true;
|
|
upower.enable = true;
|
|
nix-fhs.enable = true;
|
|
|
|
openssh = {
|
|
enable = true;
|
|
# Forbid root login through SSH.
|
|
# Use keys only. Remove if you want to SSH using password (not recommended)
|
|
settings = {
|
|
# permitRootLogin = "no";
|
|
# passwordAuthentication = false;
|
|
KbdInteractiveAuthentication = false;
|
|
X11Forwarding = false;
|
|
};
|
|
};
|
|
|
|
# Enable the Avahi daemon for mDNS/DNS-SD support
|
|
avahi = {
|
|
enable = true;
|
|
nssmdns4 = true; # 非常重要,允许系统解析 .local 地址
|
|
openFirewall = true;
|
|
};
|
|
|
|
journald.extraConfig = ''
|
|
SystemMaxUse=500M
|
|
MaxFileSec=7day
|
|
'';
|
|
};
|
|
|
|
nix = {
|
|
settings = {
|
|
# Enable flakes and new 'nix' command
|
|
experimental-features = "nix-command flakes";
|
|
substituters = [
|
|
"https://mirrors.ustc.edu.cn/nix-channels/store"
|
|
"https://nix-community.cachix.org"
|
|
"https://cache.nixos.org/"
|
|
];
|
|
trusted-public-keys = [
|
|
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
|
|
];
|
|
trusted-users = [ "root" ];
|
|
|
|
# Enable local binary cache
|
|
keep-outputs = true;
|
|
keep-derivations = true;
|
|
|
|
max-jobs = "auto";
|
|
cores = 0; # Use all available cores
|
|
|
|
# Deduplicate and optimize nix store during build
|
|
# auto-optimise-store = true;
|
|
};
|
|
|
|
gc = {
|
|
automatic = true; # Enable automatic garbage collection
|
|
dates = "weekly"; # Execute garbage collection weekly
|
|
persistent = true; # Keep settings after reboot
|
|
randomizedDelaySec = "15min"; # Add up to 15 minutes of random delay
|
|
options = "--delete-older-than 30d"; # Delete files older than 30 days
|
|
};
|
|
|
|
# Automatically run garbage collection whenever there is not enough space left
|
|
# Free up to 5GiB whenever there is less than 1GiB left:
|
|
extraOptions = ''
|
|
min-free = ${toString (1 * 1024 * 1024 * 1024)}
|
|
max-free = ${toString (5 * 1024 * 1024 * 1024)}
|
|
'';
|
|
};
|
|
|
|
nixpkgs = {
|
|
# You can add overlays here
|
|
overlays = [
|
|
# Add overlays your own flake exports (from overlays and pkgs dir):
|
|
outputs.overlays.additions
|
|
outputs.overlays.modifications
|
|
outputs.overlays.unstable-packages
|
|
|
|
# You can also add overlays exported from other flakes:
|
|
# neovim-nightly-overlay.overlays.default
|
|
|
|
# Or define it inline, for example:
|
|
# (final: prev: {
|
|
# hi = final.hello.overrideAttrs (oldAttrs: {
|
|
# patches = [ ./change-hello-to-hi.patch ];
|
|
# });
|
|
# })
|
|
];
|
|
# Configure your nixpkgs instance
|
|
# 只有在没有使用外部创建的nixpkgs实例时才设置config
|
|
config = {
|
|
# Disable if you don't want unfree packages
|
|
allowUnfree = true;
|
|
};
|
|
};
|
|
}
|