diff --git a/nixos/home/modules/shell/git/default.nix b/nixos/home/modules/shell/git/default.nix index 157703e..dbc8119 100644 --- a/nixos/home/modules/shell/git/default.nix +++ b/nixos/home/modules/shell/git/default.nix @@ -18,45 +18,46 @@ in config = lib.mkMerge [ (lib.mkIf cfg.enable { - programs.gh.enable = true; - programs.gpg.enable = true; + programs = { + gh.enable = true; + gpg.enable = true; + git = { + enable = true; - programs.git = { - enable = true; + userName = cfg.username; + userEmail = cfg.email; - userName = cfg.username; - userEmail = cfg.email; - - extraConfig = { - core.autocrlf = "input"; - init.defaultBranch = "main"; - pull.rebase = true; - rebase.autoStash = true; - # public key for signing commits - user.signingKey = cfg.signingKey; - # ssh instead of gpg - gpg.format = "ssh"; - # 1password signing gui git signing - gpg.ssh.program = "${pkgs._1password-gui}/bin/op-ssh-sign"; - # Auto sign commits without -S - commit.gpgsign = true; + extraConfig = { + core.autocrlf = "input"; + init.defaultBranch = "main"; + pull.rebase = true; + rebase.autoStash = true; + # public key for signing commits + user.signingKey = cfg.signingKey; + # ssh instead of gpg + gpg.format = "ssh"; + # 1password signing gui git signing + gpg.ssh.program = "${pkgs._1password-gui}/bin/op-ssh-sign"; + # Auto sign commits without -S + commit.gpgsign = true; + }; + aliases = { + co = "checkout"; + }; + ignores = [ + # Mac OS X hidden files + ".DS_Store" + # Windows files + "Thumbs.db" + # asdf + ".tool-versions" + # Sops + ".decrypted~*" + "*.decrypted.*" + # Python virtualenvs + ".venv" + ]; }; - aliases = { - co = "checkout"; - }; - ignores = [ - # Mac OS X hidden files - ".DS_Store" - # Windows files - "Thumbs.db" - # asdf - ".tool-versions" - # Sops - ".decrypted~*" - "*.decrypted.*" - # Python virtualenvs - ".venv" - ]; }; home.packages = [ diff --git a/nixos/hosts/durincore/default.nix b/nixos/hosts/durincore/default.nix index 7321752..517e832 100644 --- a/nixos/hosts/durincore/default.nix +++ b/nixos/hosts/durincore/default.nix @@ -12,21 +12,26 @@ extraModulePackages = [ ]; }; - fileSystems."/" = - { device = "rpool/root"; - fsType = "zfs"; - }; + fileSystems = { + "/" = + { + device = "rpool/root"; + fsType = "zfs"; + }; - fileSystems."/home" = - { device = "rpool/home"; - fsType = "zfs"; - }; + "/home" = + { + device = "rpool/home"; + fsType = "zfs"; + }; - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/F1B9-CA7C"; - fsType = "vfat"; - options = [ "fmask=0077" "dmask=0077" ]; - }; + "/boot" = + { + device = "/dev/disk/by-uuid/F1B9-CA7C"; + fsType = "vfat"; + options = [ "fmask=0077" "dmask=0077" ]; + }; + }; swapDevices = [ ]; diff --git a/nixos/hosts/gandalf/default.nix b/nixos/hosts/gandalf/default.nix index cef5e00..54aa676 100644 --- a/nixos/hosts/gandalf/default.nix +++ b/nixos/hosts/gandalf/default.nix @@ -79,13 +79,17 @@ in # NFS nfs.enable = true; # Samba - samba.enable = true; - samba.shares = import ./config/samba-shares.nix { }; - samba.extraConfig = import ./config/samba-config.nix { }; - resticBackup.local.enable = false; - resticBackup.remote.enable = false; - resticBackup.local.noWarning = true; - resticBackup.remote.noWarning = true; + samba = { + enable = true; + shares = import ./config/samba-shares.nix { }; + extraConfig = import ./config/samba-config.nix { }; + }; + resticBackup = { + local.enable = false; + remote.enable = false; + local.noWarning = true; + remote.noWarning = true; + }; # Borg borgbackup = { enable = true; diff --git a/nixos/hosts/legiondary/default.nix b/nixos/hosts/legiondary/default.nix index 23e58fb..35d1783 100644 --- a/nixos/hosts/legiondary/default.nix +++ b/nixos/hosts/legiondary/default.nix @@ -5,7 +5,8 @@ { imports = - [ (modulesPath + "/installer/scan/not-detected.nix") + [ + (modulesPath + "/installer/scan/not-detected.nix") ]; networking.hostId = "2132e3bf"; @@ -17,24 +18,31 @@ extraModulePackages = [ ]; }; - fileSystems."/" = - { device = "zroot/root"; - fsType = "zfs"; - }; + fileSystems = + { + "/" = + { + device = "zroot/root"; + fsType = "zfs"; + }; - fileSystems."/nix" = - { device = "zroot/nix"; - fsType = "zfs"; - }; + "/nix" = + { + device = "zroot/nix"; + fsType = "zfs"; + }; - fileSystems."/var" = - { device = "zroot/var"; - fsType = "zfs"; - }; + "/var" = + { + device = "zroot/var"; + fsType = "zfs"; + }; - fileSystems."/home" = - { device = "zroot/home"; - fsType = "zfs"; + "/home" = + { + device = "zroot/home"; + fsType = "zfs"; + }; }; # fileSystems."/boot" = diff --git a/nixos/hosts/telchar/default.nix b/nixos/hosts/telchar/default.nix index 88943d6..970ea82 100644 --- a/nixos/hosts/telchar/default.nix +++ b/nixos/hosts/telchar/default.nix @@ -18,24 +18,26 @@ extraModulePackages = [ ]; }; - fileSystems."/" = { - device = "zroot/root"; - fsType = "zfs"; - }; + fileSystems = { + "/" = { + device = "zroot/root"; + fsType = "zfs"; + }; - fileSystems."/nix" = { - device = "zroot/nix"; - fsType = "zfs"; - }; + "/nix" = { + device = "zroot/nix"; + fsType = "zfs"; + }; - fileSystems."/var" = { - device = "zroot/var"; - fsType = "zfs"; - }; + "/var" = { + device = "zroot/var"; + fsType = "zfs"; + }; - fileSystems."/home" = { - device = "zroot/home"; - fsType = "zfs"; + "/home" = { + device = "zroot/home"; + fsType = "zfs"; + }; }; swapDevices = [ ]; @@ -45,10 +47,12 @@ # System settings and services. mySystem = { purpose = "Development"; - system.motd.networkInterfaces = [ "wlp1s0" ]; + system = { + motd.networkInterfaces = [ "wlp1s0" ]; + fingerprint-reader-on-laptop-lid.enable = true; + borg.pika-backup.enable = true; + }; security._1password.enable = true; - system.fingerprint-reader-on-laptop-lid.enable = true; framework_wifi_swap.enable = true; - system.borg.pika-backup.enable = true; }; } diff --git a/nixos/hosts/telperion/default.nix b/nixos/hosts/telperion/default.nix index 56b52d7..5fbaa22 100644 --- a/nixos/hosts/telperion/default.nix +++ b/nixos/hosts/telperion/default.nix @@ -17,25 +17,26 @@ kernelModules = [ "kvm-intel" ]; extraModulePackages = [ ]; }; + fileSystems = { + "/" = { + device = "zroot/root"; + fsType = "zfs"; + }; - fileSystems."/" = { - device = "zroot/root"; - fsType = "zfs"; - }; + "/nix" = { + device = "zroot/nix"; + fsType = "zfs"; + }; - fileSystems."/nix" = { - device = "zroot/nix"; - fsType = "zfs"; - }; + "/var" = { + device = "zroot/var"; + fsType = "zfs"; + }; - fileSystems."/var" = { - device = "zroot/var"; - fsType = "zfs"; - }; - - fileSystems."/home" = { - device = "zroot/home"; - fsType = "zfs"; + "/home" = { + device = "zroot/home"; + fsType = "zfs"; + }; }; swapDevices = [ ]; @@ -65,11 +66,15 @@ # System settings and services. mySystem = { purpose = "Production"; - system.motd.networkInterfaces = [ "enp2s0" "wlp3s0" ]; - system.resticBackup.local.enable = false; - system.resticBackup.remote.enable = false; - system.resticBackup.local.noWarning = true; - system.resticBackup.remote.noWarning = true; + system = { + motd.networkInterfaces = [ "enp2s0" "wlp3s0" ]; + resticBackup = { + local.enable = false; + remote.enable = false; + local.noWarning = true; + remote.noWarning = true; + }; + }; services = { podman.enable = true; diff --git a/nixos/hosts/varda/default.nix b/nixos/hosts/varda/default.nix index 65680c6..ffacdc9 100644 --- a/nixos/hosts/varda/default.nix +++ b/nixos/hosts/varda/default.nix @@ -3,20 +3,21 @@ networking.hostId = "cdab8473"; networking.hostName = "varda"; # Define your hostname. + fileSystems = { + "/" = { + device = "rpool/root"; + fsType = "zfs"; + }; - fileSystems."/" = { - device = "rpool/root"; - fsType = "zfs"; - }; + "/home" = { + device = "rpool/home"; + fsType = "zfs"; + }; - fileSystems."/home" = { - device = "rpool/home"; - fsType = "zfs"; - }; - - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/8091-E7F2"; - fsType = "vfat"; + "/boot" = { + device = "/dev/disk/by-uuid/8091-E7F2"; + fsType = "vfat"; + }; }; swapDevices = [ ]; diff --git a/nixos/modules/nixos/de/gnome.nix b/nixos/modules/nixos/de/gnome.nix index 12d3daa..6eee784 100644 --- a/nixos/modules/nixos/de/gnome.nix +++ b/nixos/modules/nixos/de/gnome.nix @@ -4,12 +4,14 @@ let cfg = config.mySystem.de.gnome; in { - options.mySystem.de.gnome.enable = mkEnableOption "GNOME"; - options.mySystem.de.gnome.systrayicons = mkEnableOption "Enable systray icons" // { default = true; }; - options.mySystem.de.gnome.gsconnect = mkEnableOption "Enable gsconnect (KDEConnect for GNOME)" // { default = true; }; + options = { + mySystem.de.gnome = { + systrayicons = mkEnableOption "Enable systray icons" // { default = true; }; + gsconnect = mkEnableOption "Enable gsconnect (KDEConnect for GNOME)" // { default = true; }; + }; + }; config = mkIf cfg.enable { - # Ref: https://nixos.wiki/wiki/GNOME # GNOME plz diff --git a/nixos/modules/nixos/default.nix b/nixos/modules/nixos/default.nix index 9e6779c..7a826dd 100644 --- a/nixos/modules/nixos/default.nix +++ b/nixos/modules/nixos/default.nix @@ -13,43 +13,45 @@ with lib; ./system ]; - options.mySystem.persistentFolder = mkOption { - type = types.str; - description = "persistent folder for nixos mutable files"; - default = "/persist"; + options.mySystem = { + persistentFolder = mkOption { + type = types.str; + description = "persistent folder for nixos mutable files"; + default = "/persist"; + }; + + nasFolder = mkOption { + type = types.str; + description = "folder where nas mounts reside"; + default = "/mnt/nas"; + }; + + nasAddress = mkOption { + type = types.str; + description = "NAS Address or name for the backup nas"; + default = "10.1.1.13"; + }; + + domain = mkOption { + type = types.str; + description = "domain for hosted services"; + default = ""; + }; + + internalDomain = mkOption { + type = types.str; + description = "domain for local devices"; + default = ""; + }; + + purpose = mkOption { + type = types.str; + description = "System purpose"; + default = "Development"; + }; }; - options.mySystem.nasFolder = mkOption { - type = types.str; - description = "folder where nas mounts reside"; - default = "/mnt/nas"; - }; - - options.mySystem.nasAddress = mkOption { - type = types.str; - description = "NAS Address or name for the backup nas"; - default = "10.1.1.13"; - }; - - options.mySystem.domain = mkOption { - type = types.str; - description = "domain for hosted services"; - default = ""; - }; - - options.mySystem.internalDomain = mkOption { - type = types.str; - description = "domain for local devices"; - default = ""; - }; - - options.mySystem.purpose = mkOption { - type = types.str; - description = "System purpose"; - default = "Development"; - }; - - options.mySystem.monitoring.prometheus.scrapeConfigs = mkOption { + monitoring.prometheus.scrapeConfigs = mkOption { type = lib.types.listOf lib.types.attrs; description = "Prometheus scrape targets"; default = [ ]; diff --git a/nixos/modules/nixos/hardware/nvidia/default.nix b/nixos/modules/nixos/hardware/nvidia/default.nix index 403ee0c..5cd3cc8 100644 --- a/nixos/modules/nixos/hardware/nvidia/default.nix +++ b/nixos/modules/nixos/hardware/nvidia/default.nix @@ -8,70 +8,72 @@ in config = mkIf cfg.enable { + environment.sessionVariables.NIXOS_OZONE_WL = "1"; # ref: https://nixos.wiki/wiki/Nvidia # Enable OpenGL - hardware.opengl = { - enable = true; - driSupport = true; - driSupport32Bit = true; - }; + hardware = { + opengl = { + enable = true; + driSupport = true; + driSupport32Bit = true; + }; - hardware.opengl.extraPackages = with pkgs; [ - vaapiVdpau - ]; + hardware.opengl.extraPackages = with pkgs; [ + vaapiVdpau + ]; - # This is for the benefit of VSCODE running natively in wayland - environment.sessionVariables.NIXOS_OZONE_WL = "1"; + # This is for the benefit of VSCODE running natively in wayland - hardware.nvidia = { + hardware.nvidia = { - # Modesetting is required. - modesetting.enable = true; + # Modesetting is required. + modesetting.enable = true; - # Nvidia power management. Experimental, and can cause sleep/suspend to fail. - # Enable this if you have graphical corruption issues or application crashes after waking - # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead - # of just the bare essentials. - powerManagement.enable = false; + # Nvidia power management. Experimental, and can cause sleep/suspend to fail. + # Enable this if you have graphical corruption issues or application crashes after waking + # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead + # of just the bare essentials. + powerManagement.enable = false; - # Fine-grained power management. Turns off GPU when not in use. - # Experimental and only works on modern Nvidia GPUs (Turing or newer). - powerManagement.finegrained = false; + # Fine-grained power management. Turns off GPU when not in use. + # Experimental and only works on modern Nvidia GPUs (Turing or newer). + powerManagement.finegrained = false; - # Use the NVidia open source kernel module (not to be confused with the - # independent third-party "nouveau" open source driver). - # Support is limited to the Turing and later architectures. Full list of - # supported GPUs is at: - # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus - # Only available from driver 515.43.04+ - # Currently alpha-quality/buggy, so false is currently the recommended setting. - open = false; + # Use the NVidia open source kernel module (not to be confused with the + # independent third-party "nouveau" open source driver). + # Support is limited to the Turing and later architectures. Full list of + # supported GPUs is at: + # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus + # Only available from driver 515.43.04+ + # Currently alpha-quality/buggy, so false is currently the recommended setting. + open = false; - # Enable the Nvidia settings menu, - # accessible via `nvidia-settings`. - nvidiaSettings = true; + # Enable the Nvidia settings menu, + # accessible via `nvidia-settings`. + nvidiaSettings = true; - # Optionally, you may need to select the appropriate driver version for your specific GPU. - # package = config.boot.kernelPackages.nvidiaPackages.stable; + # Optionally, you may need to select the appropriate driver version for your specific GPU. + # package = config.boot.kernelPackages.nvidiaPackages.stable; - # manual build nvidia driver, works around some wezterm issues - # https://github.com/wez/wezterm/issues/2011 - package = - # let - # rcu_patch = pkgs.fetchpatch { - # url = "https://github.com/gentoo/gentoo/raw/c64caf53/x11-drivers/nvidia-drivers/files/nvidia-drivers-470.223.02-gpl-pfn_valid.patch"; - # hash = "sha256-eZiQQp2S/asE7MfGvfe6dA/kdCvek9SYa/FFGp24dVg="; - # }; - # in - config.boot.kernelPackages.nvidiaPackages.mkDriver { - version = "555.58"; - sha256_64bit = "sha256-bXvcXkg2kQZuCNKRZM5QoTaTjF4l2TtrsKUvyicj5ew="; - sha256_aarch64 = "sha256-7XswQwW1iFP4ji5mbRQ6PVEhD4SGWpjUJe1o8zoXYRE="; - openSha256 = "sha256-hEAmFISMuXm8tbsrB+WiUcEFuSGRNZ37aKWvf0WJ2/c="; - settingsSha256 = "sha256-vWnrXlBCb3K5uVkDFmJDVq51wrCoqgPF03lSjZOuU8M="; - persistencedSha256 = "sha256-lyYxDuGDTMdGxX3CaiWUh1IQuQlkI2hPEs5LI20vEVw="; - # patches = [ rcu_patch ]; - }; + # manual build nvidia driver, works around some wezterm issues + # https://github.com/wez/wezterm/issues/2011 + package = + # let + # rcu_patch = pkgs.fetchpatch { + # url = "https://github.com/gentoo/gentoo/raw/c64caf53/x11-drivers/nvidia-drivers/files/nvidia-drivers-470.223.02-gpl-pfn_valid.patch"; + # hash = "sha256-eZiQQp2S/asE7MfGvfe6dA/kdCvek9SYa/FFGp24dVg="; + # }; + # in + config.boot.kernelPackages.nvidiaPackages.mkDriver { + version = "555.58"; + sha256_64bit = "sha256-bXvcXkg2kQZuCNKRZM5QoTaTjF4l2TtrsKUvyicj5ew="; + sha256_aarch64 = "sha256-7XswQwW1iFP4ji5mbRQ6PVEhD4SGWpjUJe1o8zoXYRE="; + openSha256 = "sha256-hEAmFISMuXm8tbsrB+WiUcEFuSGRNZ37aKWvf0WJ2/c="; + settingsSha256 = "sha256-vWnrXlBCb3K5uVkDFmJDVq51wrCoqgPF03lSjZOuU8M="; + persistencedSha256 = "sha256-lyYxDuGDTMdGxX3CaiWUh1IQuQlkI2hPEs5LI20vEVw="; + # patches = [ rcu_patch ]; + }; + }; }; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; diff --git a/nixos/modules/nixos/services/podman/default.nix b/nixos/modules/nixos/services/podman/default.nix index 62dae49..858e260 100644 --- a/nixos/modules/nixos/services/podman/default.nix +++ b/nixos/modules/nixos/services/podman/default.nix @@ -34,17 +34,19 @@ in programs.fish.shellAliases = { # lazydocker --> lazypodman - lazypodman="sudo DOCKER_HOST=unix:///run/podman/podman.sock lazydocker"; + lazypodman = "sudo DOCKER_HOST=unix:///run/podman/podman.sock lazydocker"; }; networking.firewall.interfaces.podman0.allowedUDPPorts = [ 53 ]; # extra user for containers - users.users.kah = { - uid = 568; - group = "kah"; + users = { + kah = { + uid = 568; + group = "kah"; + }; + groups.kah = { }; + jahanson.extraGroups = [ "kah" ]; }; - users.groups.kah = { }; - users.users.jahanson.extraGroups = [ "kah" ]; }; } diff --git a/nixos/modules/nixos/services/radicale/default.nix b/nixos/modules/nixos/services/radicale/default.nix index 3696ea5..b5475db 100644 --- a/nixos/modules/nixos/services/radicale/default.nix +++ b/nixos/modules/nixos/services/radicale/default.nix @@ -52,29 +52,32 @@ in directories = [ "/var/lib/radicale/" ]; }; - ## service - services.radicale = { - enable = true; - settings = { - server.hosts = [ "0.0.0.0:${builtins.toString port}" ]; - auth = { - type = "htpasswd"; - htpasswd_filename = config.sops.secrets."${category}/${app}/htpasswd".path; - htpasswd_encryption = "plain"; - realm = "Radicale - Password Required"; - }; - storage.filesystem_folder = "/var/lib/radicale/collections"; - }; - }; - ### Ingress - services.nginx.virtualHosts.${host} = { - useACMEHost = config.networking.domain; - forceSSL = true; - locations."/" = { - proxyPass = "http://127.0.0.1:${builtins.toString port}"; + services = + { + ## service + nginx.virtualHosts.${host} = { + useACMEHost = config.networking.domain; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:${builtins.toString port}"; + }; + }; + ### Ingress + radicale = { + enable = true; + settings = { + server.hosts = [ "0.0.0.0:${builtins.toString port}" ]; + auth = { + type = "htpasswd"; + htpasswd_filename = config.sops.secrets."${category}/${app}/htpasswd".path; + htpasswd_encryption = "plain"; + realm = "Radicale - Password Required"; + }; + storage.filesystem_folder = "/var/lib/radicale/collections"; + }; + }; }; - }; ### firewall config diff --git a/nixos/modules/nixos/system/samba/default.nix b/nixos/modules/nixos/system/samba/default.nix index a0e3a9a..0ff12d4 100644 --- a/nixos/modules/nixos/system/samba/default.nix +++ b/nixos/modules/nixos/system/samba/default.nix @@ -9,7 +9,7 @@ in type = lib.types.str; default = ""; }; - + shares = lib.mkOption { type = lib.types.attrsOf (lib.types.attrsOf lib.types.unspecified); default = ""; @@ -17,9 +17,13 @@ in }; config = lib.mkIf cfg.enable { - services.samba.enable = true; - services.samba.extraConfig = cfg.extraConfig; - services.samba.shares = cfg.shares; - services.samba.openFirewall = true; + services = { + samaba = { + enable = true; + inherit (cfg) extraConfig; + inherit (cfg) shares; + openFirewall = true; + }; + }; }; } diff --git a/nixos/profiles/global/sops.nix b/nixos/profiles/global/sops.nix index 6e0f23b..2cb0a94 100644 --- a/nixos/profiles/global/sops.nix +++ b/nixos/profiles/global/sops.nix @@ -2,13 +2,15 @@ { sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; # Secret for machine-specific pushover - sops.secrets."services/pushover/env" = { - sopsFile = ./secrets.sops.yaml; - }; - sops.secrets.pushover-user-key = { - sopsFile = ./secrets.sops.yaml; - }; - sops.secrets.pushover-api-key = { - sopsFile = ./secrets.sops.yaml; + sops.secrets = { + "services/pushover/env" = { + sopsFile = ./secrets.sops.yaml; + }; + pushover-user-key = { + sopsFile = ./secrets.sops.yaml; + }; + pushover-api-key = { + sopsFile = ./secrets.sops.yaml; + }; }; } diff --git a/nixos/profiles/hw-hetzner-cax.nix b/nixos/profiles/hw-hetzner-cax.nix index b86018f..8b27f37 100644 --- a/nixos/profiles/hw-hetzner-cax.nix +++ b/nixos/profiles/hw-hetzner-cax.nix @@ -1,12 +1,14 @@ { lib, ... }: { imports = [ ]; - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - boot.initrd.availableKernelModules = [ "xhci_pci" "virtio_pci" "virtio_scsi" "usbhid" "sr_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; + boot = { + loader.systemd-boot.enable = true; + loader.efi.canTouchEfiVariables = true; + initrd.availableKernelModules = [ "xhci_pci" "virtio_pci" "virtio_scsi" "usbhid" "sr_mod" ]; + initrd.kernelModules = [ ]; + kernelModules = [ ]; + extraModulePackages = [ ]; + }; mySystem = { services.openssh.enable = true; diff --git a/nixos/profiles/role-server.nix b/nixos/profiles/role-server.nix index dd8c333..a5fd46f 100644 --- a/nixos/profiles/role-server.nix +++ b/nixos/profiles/role-server.nix @@ -6,10 +6,13 @@ with lib; { config = { # Enable monitoring for remote scraping - mySystem.services.rebootRequiredCheck.enable = true; - mySystem.security.wheelNeedsSudoPassword = false; - mySystem.services.cockpit.enable = true; - mySystem.system.motd.enable = true; + mySystem = { + services.rebootRequiredCheck.enable = true; + security.wheelNeedsSudoPassword = false; + services.cockpit.enable = true; + system.motd.enable = true; + }; + nix.settings = { # TODO factor out into mySystem # Avoid disk full issues