flakes/modules/nixos/core/default.nix

{
  config,
  lib,
  pkgs,
  ...
}: {
  options.snowflake = {
    stateVersion = lib.mkOption {
      type = lib.types.str;
      example = "24.05";
      description = "NixOS state version to use for this system";
    };
    extraPackages = lib.mkOption {
      type = lib.types.listOf lib.types.package;
      default = [];
      description = "Extra packages to be installed system-wide";
    };
    timeZone = lib.mkOption {
      type = lib.types.str;
      description = "Timezone to use for the system";
      default = "Asia/Kolkata";
    };
    bootloader = lib.mkOption {
      type = lib.types.enum ["systemd-boot" "grub"];
      description = "Bootloader to use, can be either `systemd-boot` or `grub`";
      default = "systemd-boot";
    };
  };

  config = {
    console = {
      font = lib.mkDefault "${pkgs.terminus_font}/share/consolefonts/ter-u28n.psf.gz";
      keyMap = lib.mkDefault "us";
      useXkbConfig = true;
    };

    # Enable all snowflake core modules.
    snowflake.core.fish.enable = lib.mkDefault true;
    snowflake.core.gnupg.enable = lib.mkDefault true;
    snowflake.core.nix.enable = lib.mkDefault true;
    snowflake.core.security.enable = lib.mkDefault true;
    snowflake.core.security.sysctl.enable = lib.mkDefault true;
    snowflake.core.sshd.enable = lib.mkDefault true;

    boot = {
      initrd.systemd.enable = config.snowflake.bootloader == "systemd-boot";
      initrd.verbose = false;
      # Default to the latest kernel package.
      kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
      kernelParams = [
        "nmi_watchdog=0"
      ];

      loader = {
        efi.canTouchEfiVariables = true;
        # Use systemd-boot for all systems.
        systemd-boot = {
          enable = config.snowflake.bootloader == "systemd-boot";
          # Show only last 5 configurations in the boot menu.
          configurationLimit = lib.mkDefault 5;
        };

        grub = {
          enable = config.snowflake.bootloader == "grub";
          efiSupport = true;
          forceInstall = true;
        };
      };
    };

    # NixOS documentation.
    documentation = {
      enable = true;
      doc.enable = false;
      info.enable = false;
      man.enable = true;
      nixos.enable = false;
    };

    environment = {
      defaultPackages = with pkgs;
        lib.mkForce [
          gitMinimal
          home-manager
          rsync
        ];
      shells = with pkgs; [
        bash
        fish
      ];
      systemPackages = with pkgs;
        [
          bat
          btop
          curl
          duf
          fd
          file
          fzf
          git
          gnumake
          jc
          jq
          ncdu
          ripgrep
          tree
          unzip
          wget

          # Networking tools.
          dnsutils
          ethtool
          host
          prettyping
          whois
        ]
        ++ config.snowflake.extraPackages;
    };

    i18n = {
      defaultLocale = "en_US.UTF-8";
      extraLocaleSettings = {
        LC_ADDRESS = "en_US.UTF-8";
        LC_IDENTIFICATION = "en_US.UTF-8";
        LC_MEASUREMENT = "en_US.UTF-8";
        LC_MONETARY = "en_US.UTF-8";
        LC_NAME = "en_US.UTF-8";
        LC_NUMERIC = "en_US.UTF-8";
        LC_PAPER = "en_US.UTF-8";
        LC_TELEPHONE = "en_US.UTF-8";
        LC_TIME = "en_US.UTF-8";
      };
      supportedLocales = ["en_US.UTF-8/UTF-8"];
    };

    # Can be configured further or is started in user sessions.
    programs.mtr.enable = true;
    # Run unpatched dynamic binaries on NixOS.
    programs.nix-ld.enable = true;

    # Enable firmware updates for the system.
    services.fwupd.enable = true;

    # Enable irqbalance.
    services.irqbalance.enable = true;

    # Use a high-performance implementation for DBus
    services.dbus.implementation = "broker";

    # Workaround for irqbalance read-only filesystem issue.
    # ref: https://github.com/Irqbalance/irqbalance/issues/308
    systemd.services.irqbalance.serviceConfig.ProtectKernelTunables = "no";

    system.stateVersion = config.snowflake.stateVersion;
    system.activationScripts.diff = {
      supportsDryActivation = true;
      text = ''
        ${pkgs.nvd}/bin/nvd --nix-bin-dir=${pkgs.nix}/bin diff /run/current-system "$systemConfig"
      '';
    };

    time.timeZone = config.snowflake.timeZone;

    # Enable zram swap.
    # ref: https://wiki.archlinux.org/title/Zram
    zramSwap.enable = true;
  };
}
feat: add nixos configuration based on snowfall-lib Signed-off-by: Chinmay D. Pai <chinmaydpai@gmail.com> 2024-09-02 18:31:19 +05:30			`{`
			`config,`
			`lib,`
			`pkgs,`
			`...`
			`}: {`
			`options.snowflake = {`
			`stateVersion = lib.mkOption {`
			`type = lib.types.str;`
			`example = "24.05";`
			`description = "NixOS state version to use for this system";`
			`};`
			`extraPackages = lib.mkOption {`
			`type = lib.types.listOf lib.types.package;`
			`default = [];`
			`description = "Extra packages to be installed system-wide";`
			`};`
			`timeZone = lib.mkOption {`
			`type = lib.types.str;`
			`description = "Timezone to use for the system";`
			`default = "Asia/Kolkata";`
			`};`
feat: add support for grub bootloader We require this for setting up a VPS on Hetzner Cloud, since Hetzner uses legacy BIOS boot for its instances. Signed-off-by: Chinmay D. Pai <chinmaydpai@gmail.com> 2024-10-08 19:53:02 +05:30			`bootloader = lib.mkOption {`
			`type = lib.types.enum ["systemd-boot" "grub"];`
			description = "Bootloader to use, can be either `systemd-boot` or `grub`";
chore: specify default bootloader as systemd-boot Signed-off-by: Chinmay D. Pai <chinmaydpai@gmail.com> 2024-10-09 17:57:07 +05:30			`default = "systemd-boot";`
feat: add support for grub bootloader We require this for setting up a VPS on Hetzner Cloud, since Hetzner uses legacy BIOS boot for its instances. Signed-off-by: Chinmay D. Pai <chinmaydpai@gmail.com> 2024-10-08 19:53:02 +05:30			`};`
feat: add nixos configuration based on snowfall-lib Signed-off-by: Chinmay D. Pai <chinmaydpai@gmail.com> 2024-09-02 18:31:19 +05:30			`};`

			`config = {`
			`console = {`
fix: use ter-u28 as the tty font on initial boot At least until this gets merged: https://github.com/NixOS/nixpkgs/pull/299456 Signed-off-by: Chinmay D. Pai <chinmaydpai@gmail.com> 2024-09-22 15:03:02 +05:30			`font = lib.mkDefault "${pkgs.terminus_font}/share/consolefonts/ter-u28n.psf.gz";`
feat: add nixos configuration based on snowfall-lib Signed-off-by: Chinmay D. Pai <chinmaydpai@gmail.com> 2024-09-02 18:31:19 +05:30			`keyMap = lib.mkDefault "us";`
			`useXkbConfig = true;`
			`};`

			`# Enable all snowflake core modules.`
			`snowflake.core.fish.enable = lib.mkDefault true;`
			`snowflake.core.gnupg.enable = lib.mkDefault true;`
			`snowflake.core.nix.enable = lib.mkDefault true;`
			`snowflake.core.security.enable = lib.mkDefault true;`
			`snowflake.core.security.sysctl.enable = lib.mkDefault true;`
			`snowflake.core.sshd.enable = lib.mkDefault true;`

			`boot = {`
feat: add support for grub bootloader We require this for setting up a VPS on Hetzner Cloud, since Hetzner uses legacy BIOS boot for its instances. Signed-off-by: Chinmay D. Pai <chinmaydpai@gmail.com> 2024-10-08 19:53:02 +05:30			`initrd.systemd.enable = config.snowflake.bootloader == "systemd-boot";`
feat: add nixos configuration based on snowfall-lib Signed-off-by: Chinmay D. Pai <chinmaydpai@gmail.com> 2024-09-02 18:31:19 +05:30			`initrd.verbose = false;`
			`# Default to the latest kernel package.`
			`kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;`
			`kernelParams = [`
			`"nmi_watchdog=0"`
			`];`

			`loader = {`
			`efi.canTouchEfiVariables = true;`
			`# Use systemd-boot for all systems.`
			`systemd-boot = {`
feat: add support for grub bootloader We require this for setting up a VPS on Hetzner Cloud, since Hetzner uses legacy BIOS boot for its instances. Signed-off-by: Chinmay D. Pai <chinmaydpai@gmail.com> 2024-10-08 19:53:02 +05:30			`enable = config.snowflake.bootloader == "systemd-boot";`
chore: reduce boot configuration limit to 5 Setting it to 10 does not play well with srvos, since it uses lib.mkDefault to set it to 10 as well. And anyways, we don't need 10 generations to show up during the boot menu. Signed-off-by: Chinmay D. Pai <chinmaydpai@gmail.com> 2024-09-29 23:26:04 +05:30			`# Show only last 5 configurations in the boot menu.`
			`configurationLimit = lib.mkDefault 5;`
feat: add nixos configuration based on snowfall-lib Signed-off-by: Chinmay D. Pai <chinmaydpai@gmail.com> 2024-09-02 18:31:19 +05:30			`};`
feat: add support for grub bootloader We require this for setting up a VPS on Hetzner Cloud, since Hetzner uses legacy BIOS boot for its instances. Signed-off-by: Chinmay D. Pai <chinmaydpai@gmail.com> 2024-10-08 19:53:02 +05:30
			`grub = {`
			`enable = config.snowflake.bootloader == "grub";`
			`efiSupport = true;`
			`forceInstall = true;`
			`};`
feat: add nixos configuration based on snowfall-lib Signed-off-by: Chinmay D. Pai <chinmaydpai@gmail.com> 2024-09-02 18:31:19 +05:30			`};`
			`};`

			`# NixOS documentation.`
			`documentation = {`
			`enable = true;`
			`doc.enable = false;`
			`info.enable = false;`
			`man.enable = true;`
			`nixos.enable = false;`
			`};`

			`environment = {`
			`defaultPackages = with pkgs;`
			`lib.mkForce [`
			`gitMinimal`
			`home-manager`
			`rsync`
			`];`
			`shells = with pkgs; [`
			`bash`
			`fish`
			`];`
			`systemPackages = with pkgs;`
			`[`
			`bat`
			`btop`
			`curl`
			`duf`
			`fd`
			`file`
			`fzf`
			`git`
			`gnumake`
			`jc`
			`jq`
			`ncdu`
			`ripgrep`
			`tree`
			`unzip`
			`wget`

			`# Networking tools.`
			`dnsutils`
			`ethtool`
			`host`
			`prettyping`
			`whois`
			`]`
			`++ config.snowflake.extraPackages;`
			`};`

			`i18n = {`
			`defaultLocale = "en_US.UTF-8";`
			`extraLocaleSettings = {`
			`LC_ADDRESS = "en_US.UTF-8";`
			`LC_IDENTIFICATION = "en_US.UTF-8";`
			`LC_MEASUREMENT = "en_US.UTF-8";`
			`LC_MONETARY = "en_US.UTF-8";`
			`LC_NAME = "en_US.UTF-8";`
			`LC_NUMERIC = "en_US.UTF-8";`
			`LC_PAPER = "en_US.UTF-8";`
			`LC_TELEPHONE = "en_US.UTF-8";`
			`LC_TIME = "en_US.UTF-8";`
			`};`
			`supportedLocales = ["en_US.UTF-8/UTF-8"];`
			`};`

			`# Can be configured further or is started in user sessions.`
			`programs.mtr.enable = true;`
			`# Run unpatched dynamic binaries on NixOS.`
			`programs.nix-ld.enable = true;`

			`# Enable firmware updates for the system.`
			`services.fwupd.enable = true;`

			`# Enable irqbalance.`
			`services.irqbalance.enable = true;`

			`# Use a high-performance implementation for DBus`
			`services.dbus.implementation = "broker";`

			`# Workaround for irqbalance read-only filesystem issue.`
			`# ref: https://github.com/Irqbalance/irqbalance/issues/308`
			`systemd.services.irqbalance.serviceConfig.ProtectKernelTunables = "no";`

			`system.stateVersion = config.snowflake.stateVersion;`
			`system.activationScripts.diff = {`
			`supportsDryActivation = true;`
			`text = ''`
			`${pkgs.nvd}/bin/nvd --nix-bin-dir=${pkgs.nix}/bin diff /run/current-system "$systemConfig"`
			`'';`
			`};`

			`time.timeZone = config.snowflake.timeZone;`

			`# Enable zram swap.`
			`# ref: https://wiki.archlinux.org/title/Zram`
			`zramSwap.enable = true;`
			`};`
			`}`