nixos/common.nix
rope 7146030074 fix auto-upgrade running before flake.lock update
Remove unnecessary --impure from update alias, shift
auto-upgrade from 04:15 to 05:15 so it runs after the
Forgejo bot updates flake.lock at 04:00 UTC (05:00 BST).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-06-01 09:34:39 +01:00

139 lines
4.5 KiB
Nix

# Common.nix
{ config, pkgs, lib, inputs, ... }:
{
imports = [
# Hosts #
./hosts/FredOS-Gaming.nix
./hosts/FredOS-Macbook.nix
./hosts/FredOS-Mediaserver.nix
# Generic settings #
./settings/desktop.nix
./settings/hyprland.nix
./settings/locale.nix
./settings/audio.nix
./settings/users.nix
./settings/shell.nix
./apps/zen.nix
# Services #
./services/server-permissions.nix
./services/game-servers.nix
# ./services/dr-server.nix
./services/qbittorrent-nox.nix
./services/nginx.nix
./services/go2rtc.nix
./services/frigate.nix
./services/sonarr.nix
./services/radarr.nix
./services/prowlarr.nix
./services/jellyfin.nix
./services/bazarr.nix
./services/bazarr-sync.nix
./services/cloudflare-ddns.nix
./services/authelia.nix
./services/homepage.nix
./services/arr-interconnect.nix
./services/profilarr.nix
./services/adguard.nix
./services/router.nix
./services/crowdsec.nix
./services/sabnzbd.nix
./services/forgejo-runner.nix
./services/code-server.nix
./services/memos.nix
];
### Make build time quicker
documentation.nixos.enable = false;
# Home Manager #
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.backupFileExtension = "hm-bak";
home-manager.extraSpecialArgs = { inherit inputs; };
home-manager.users.fred = import ./home-manager/fred.nix;
#############################################################################
# Kill all user processes on logout so systemd user services don't linger
# in broken states across sessions (e.g. waybar failing to start on re-login).
services.logind.settings.Login.KillUserProcesses = true;
# Shorten shutdown stop timeout to avoid long "stop job" waits
systemd.settings.Manager.DefaultTimeoutStopSec = "10s";
# Make boot time quicker
boot.loader.timeout = lib.mkDefault 5;
systemd.services.NetworkManager-wait-online.enable = false;
systemd.services.systemd-udev-settle.enable = false;
systemd.services.firewall = {
wantedBy = lib.mkForce [ ];
after = [ "multi-user.target" ];
};
boot.initrd.verbose = false;
#############################################################################
# Compressed in-memory swap as a safety net during local build storms.
# Cheap when idle; without it a transient OOM during an uncached build
# can stall AdGuard/Jellyfin to the point of freezing the box.
zramSwap = {
enable = true;
memoryPercent = 50;
};
# Use latest kernel
boot.kernelPackages = pkgs.linuxPackages_latest;
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
# Enable network-manager
networking.networkmanager.enable = true;
# Fish shell
programs.fish.enable = true;
users.defaultUserShell = pkgs.fish;
# Shell aliases (work in both bash and fish)
environment.shellAliases = {
update = "bash -c 'set -o pipefail && OLD_SYSTEM=$(readlink /run/current-system) && sudo nixos-rebuild switch $@ --refresh --flake git+https://forg.gregersen.it/rope/nixos -L --log-format internal-json 2>&1 | nom --json && nvd diff $OLD_SYSTEM /run/current-system && (command -v record-update &>/dev/null && record-update $OLD_SYSTEM /run/current-system || true)' --";
clean = "sudo nix-collect-garbage -d";
ll = "ls -alh";
clear = "command clear";
reboot = "bash -c 'if [ \"$(hostname)\" = \"FredOS-Mediaserver\" ]; then read -r -p \"Reboot $(hostname)? [y/N] \" confirm; case \"$confirm\" in [Yy]) ;; *) exit 0 ;; esac; fi; sudo systemctl reboot'";
};
# Add packages
environment.systemPackages = with pkgs; [
git
localsend
nvd
nix-output-monitor
jq
dnsutils
busybox
];
# Offload builds to the media server. Excluded on the server itself to
# avoid a pointless SSH round-trip to localhost.
nix.distributedBuilds =
lib.mkIf (config.networking.hostName != "FredOS-Mediaserver") true;
nix.buildMachines =
lib.mkIf (config.networking.hostName != "FredOS-Mediaserver") [{
hostName = "nordhammer.it";
systems = [ "x86_64-linux" "i686-linux" ];
sshUser = "fred";
sshKey = "/root/.ssh/id_ed25519";
maxJobs = 4;
supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
}];
# Accept unsigned paths copied back from the remote builder.
nix.extraOptions =
lib.mkIf (config.networking.hostName != "FredOS-Mediaserver") ''
require-sigs = false
'';
}