{ config, lib, pkgs, ... }: let rhelmot = config.rhelmot; in { options.rhelmot = { globalPythonPackages = lib.mkOption { type = with lib.types; listOf (functionTo (listOf package)); default = []; description = "python packages (p: with p; [ x ]) to include in the global python environment"; }; }; imports = [ ./overlays/packages.nix ./configuration-cross.nix ]; config = { nixpkgs.config.allowUnfree = true; nix.settings.extra-experimental-features = "nix-command flakes repl-flake"; nix.settings.trusted-users = [ "audrey" ]; nix.settings.max-jobs = 1; nix.settings.cores = 0; nix.settings.secret-key-files = [ "/var/lib/nix/binary-cache-key" ]; # Select internationalisation properties. i18n.defaultLocale = "en_US.UTF-8"; # Configure keymap in X11 services.xserver.xkb.layout = "us"; services.xserver.xkb.options = "caps:escape"; users.defaultUserShell = pkgs.zsh; # Define a user account. Don't forget to set a password with ‘passwd’. users.users.audrey = { uid = 1000; description = "Audrey Dutcher"; isNormalUser = true; extraGroups = [ "wheel" "docker" ]; openssh.authorizedKeys.keyFiles = [ ./dotfiles/authorized_keys ]; }; environment.systemPackages = with pkgs; [ wget ripgrep fd curl btop file patchelf gdb p7zip unzip foremost binwalk (python3.withPackages (p: lib.concatMap (pl: pl p) rhelmot.globalPythonPackages)) ]; rhelmot.globalPythonPackages = [ (p: with p; [ virtualenvwrapper pylint pytest ipdb ipython nclib pyyaml snakeviz ]) ]; programs = { zsh = { enable = true; enableCompletion = true; syntaxHighlighting.enable = true; vteIntegration = true; enableLsColors = true; histSize = 10000; promptInit = '' . ${pkgs.python3Packages.virtualenvwrapper}/bin/virtualenvwrapper.sh '' + builtins.readFile ./dotfiles/zsh-prompt.sh; shellInit = builtins.readFile ./dotfiles/zsh-init.sh; shellAliases = { grep = "grep --color=auto"; egrep = "egrep --color=auto"; objdump = "objdump -M intel"; gits = "git status"; pag = "ps aux | grep -v grep | grep -i"; hd = "hexdump -C"; man = "MAN_POSIXLY_CORRECT=1 man"; nose = "pytest -v --capture=no --pdbcls=IPython.terminal.debugger:TerminalPdb"; mkvirtualenv = "mkvirtualenv -r /etc/venv-default.txt"; }; }; tmux = { enable = true; extraConfig = builtins.readFile ./dotfiles/tmux.conf; }; direnv.enable = true; htop.enable = true; git = { enable = true; lfs.enable = true; config = { user.email = "audrey@rhelmot.io"; user.name = "Audrey Dutcher"; init.defaultBranch = "main"; blame.markUnblamableLines = true; credential.helper = "store"; url."ssh://git@".insteadOf = "git://"; }; }; }; environment.etc."gdb/gdbinit".source = ./dotfiles/gdb-init.gdb; environment.etc."venv-default.txt".source = ./dotfiles/venv-default.txt; # Enable the OpenSSH daemon. services.openssh.enable = true; services.sanoid = { enable = true; datasets."system/home" = { autosnap = true; autoprune = true; recursive = true; processChildrenOnly = false; yearly = 0; monthly = 2; daily = 7; hourly = 24; }; datasets."system/local/var" = { autosnap = true; autoprune = true; recursive = true; processChildrenOnly = false; yearly = 0; monthly = 2; daily = 7; hourly = 24; }; datasets."system/local/root" = { autosnap = true; autoprune = true; recursive = true; processChildrenOnly = false; yearly = 0; monthly = 2; daily = 7; hourly = 24; }; datasets."system/var/docker" = { autosnap = false; recursive = true; }; }; services.syncoid = { enable = true; # offset 30min from sanoid to reduce I/O spikes and give sanoid a chance to snapshot before we # back up interval = "00/1:30"; service = { serviceConfig = { ExecCondition = "+${lib.getExe pkgs.condition-unmetered-network}"; }; }; sshKey = "/var/lib/syncoid/.ssh/id_ed25519"; commands."system" = { source = "system"; target = "backup@home.rhelmot.io:main/backup/${config.networking.hostName}/system"; # xeni note - option w is weeeeeeeird but the only consequnce is a lack of encryption #sendOptions = "w"; recursive = true; extraArgs = ["--skip-parent" "--sshport" "2252"]; }; }; }; }