System/modules/linux/base.nix

60 lines
1.8 KiB
Nix
Raw Normal View History

2022-06-23 02:57:41 -04:00
{ config, lib, pkgs, inputs, ... }@attrs:
with lib;
{
2022-07-02 02:44:43 -04:00
config = mkMerge [
(mkIf pkgs.stdenv.isLinux
{
zramSwap = mkIf config.nathan.services.zramSwap
{
enable = true;
algorithm = "lz4";
memoryPercent = 25;
};
nix = mkIf config.nathan.config.nix.autoGC {
autoOptimiseStore = true;
};
})
(mkIf config.nathan.config.harden (import "${inputs.nixpkgs}/nixos/modules/profiles/hardened.nix" attrs))
2022-07-18 00:10:09 -04:00
(mkIf config.nathan.config.harden {
boot.kernelPackages = pkgs.linuxPackages_5_18_hardened;
security = {
allowSimultaneousMultithreading = true;
unprivilegedUsernsClone = true;
};
})
2022-07-02 02:44:43 -04:00
(mkIf ((! config.nathan.config.harden) && config.nathan.config.isDesktop) {
# Use the zen kernel with muqss turned on
boot.kernelPackages =
let
linuxZenWMuQSS = pkgs.linuxPackagesFor (pkgs.linuxPackages_zen.kernel.override {
structuredExtraConfig = with lib.kernel; {
SCHED_MUQSS = yes;
};
ignoreConfigErrors = true;
}
);
in
linuxZenWMuQSS;
})
(mkIf
(config.nathan.config.nix.autoUpdate && pkgs.stdenv.isLinux)
{
# Auto update daily at 2 am
system.autoUpgrade = {
2022-06-23 02:57:41 -04:00
enable = true;
2022-07-02 02:44:43 -04:00
allowReboot = true;
# Update from the flake
flake = "github:nathans-flakes/system";
# Attempt to update daily at 2AM
dates = "2:00";
2022-06-23 02:57:41 -04:00
};
2022-07-02 02:44:43 -04:00
})
2022-07-18 00:10:09 -04:00
# Systemd user service cludge
{
systemd.user.extraConfig = ''
DefaultEnvironment="PATH=/run/current-system/sw/bin:/etc/profiles/per-user/${config.nathan.config.user}/bin"
'';
}
2022-07-02 02:44:43 -04:00
];
2022-06-23 02:57:41 -04:00
}