nixos/common.nix
rope 099b312df6 common: set home-manager.backupFileExtension for safe activation
Stylix on the media server tries to manage files (GTK config,
fontconfig, etc.) that already exist, causing HM activation to fail.
Setting backupFileExtension lets HM move conflicts to .hm-bak.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-18 14:08:29 +01:00

137 lines
4.4 KiB
Nix

# Common.nix
{ config, pkgs, lib, inputs, ... }:
{
imports = [
# Hosts #
./hosts/FredOS-Gaming.nix
./hosts/FredOS-Macbook.nix
./hosts/FredOS-Mediaserver.nix
# Generic settings #
./settings/desktop.nix
./settings/hyprland.nix
./settings/locale.nix
./settings/audio.nix
./settings/users.nix
./settings/shell.nix
./apps/zen.nix
# Services #
./services/server-permissions.nix
./services/game-servers.nix
./services/dr-server.nix
./services/qbittorrent-nox.nix
./services/nginx.nix
./services/go2rtc.nix
./services/sonarr.nix
./services/radarr.nix
./services/prowlarr.nix
./services/jellyfin.nix
./services/bazarr.nix
./services/cloudflare-ddns.nix
./services/authelia.nix
./services/homepage.nix
./services/arr-interconnect.nix
./services/profilarr.nix
./services/adguard.nix
./services/router.nix
./services/crowdsec.nix
./services/sabnzbd.nix
./services/forgejo-runner.nix
./services/code-server.nix
./services/memos.nix
];
### Make build time quicker
documentation.nixos.enable = false;
# Home Manager #
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.backupFileExtension = "hm-bak";
home-manager.extraSpecialArgs = { inherit inputs; };
home-manager.users.fred = import ./home-manager/fred.nix;
#############################################################################
# Kill all user processes on logout so systemd user services don't linger
# in broken states across sessions (e.g. waybar failing to start on re-login).
services.logind.settings.Login.KillUserProcesses = true;
# Shorten shutdown stop timeout to avoid long "stop job" waits
systemd.settings.Manager.DefaultTimeoutStopSec = "10s";
# Make boot time quicker
boot.loader.timeout = lib.mkDefault 5;
systemd.services.NetworkManager-wait-online.enable = false;
systemd.services.systemd-udev-settle.enable = false;
systemd.services.firewall = {
wantedBy = lib.mkForce [ ];
after = [ "multi-user.target" ];
};
boot.initrd.verbose = false;
#############################################################################
# Compressed in-memory swap as a safety net during local build storms.
# Cheap when idle; without it a transient OOM during an uncached build
# can stall AdGuard/Jellyfin to the point of freezing the box.
zramSwap = {
enable = true;
memoryPercent = 50;
};
# Use latest kernel
boot.kernelPackages = pkgs.linuxPackages_latest;
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
# Enable network-manager
networking.networkmanager.enable = true;
# Fish shell
programs.fish.enable = true;
users.defaultUserShell = pkgs.fish;
# Shell aliases (work in both bash and fish)
environment.shellAliases = {
update = "bash -c 'set -o pipefail && OLD_SYSTEM=$(readlink /run/current-system) && sudo nixos-rebuild switch $@ --impure --refresh --flake git+https://forg.gregersen.it/rope/nixos -L --log-format internal-json 2>&1 | nom --json && nvd diff $OLD_SYSTEM /run/current-system && (command -v record-update &>/dev/null && record-update $OLD_SYSTEM /run/current-system || true)' --";
clean = "sudo nix-collect-garbage -d";
ll = "ls -alh";
clear = "command clear";
reboot = "bash -c 'if [ \"$(hostname)\" = \"FredOS-Mediaserver\" ]; then read -r -p \"Reboot $(hostname)? [y/N] \" confirm; case \"$confirm\" in [Yy]) ;; *) exit 0 ;; esac; fi; sudo systemctl reboot'";
};
# Add packages
environment.systemPackages = with pkgs; [
git
localsend
nvd
nix-output-monitor
jq
dnsutils
busybox
];
# Offload builds to the media server. Excluded on the server itself to
# avoid a pointless SSH round-trip to localhost.
nix.distributedBuilds =
lib.mkIf (config.networking.hostName != "FredOS-Mediaserver") true;
nix.buildMachines =
lib.mkIf (config.networking.hostName != "FredOS-Mediaserver") [{
hostName = "nordhammer.it";
systems = [ "x86_64-linux" "i686-linux" ];
sshUser = "fred";
sshKey = "/root/.ssh/id_ed25519";
maxJobs = 4;
supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
}];
# Accept unsigned paths copied back from the remote builder.
nix.extraOptions =
lib.mkIf (config.networking.hostName != "FredOS-Mediaserver") ''
require-sigs = false
'';
}