configuration.nix: a few nix.* tweaks

2025-01-08 17:11:02 +00:00 · 2023-11-18 05:53:08 +04:00 · 2023-11-18 05:53:08 +04:00 · e6e2f1fd84
parent 72d73b6297
commit e6e2f1fd84
1 changed files with 25 additions and 2 deletions
--- a/configuration.nix
+++ b/configuration.nix
@ -69,6 +69,7 @@
    git
    jq
  ];
+  # consider environment.defaultPackages = lib.mkForce [];
  environment.variables = {
    DOMAIN = config.selfprivacy.domain;
  };
@ -79,15 +80,37 @@
  };
  system.stateVersion = config.selfprivacy.stateVersion;
  nix = {
-    optimise.automatic = true;
+    # TODO uncomment when NixOS version is at least 23.05
+    # nix.channel.enable = false;
+
+    # daemonCPUSchedPolicy = "idle";
+    # daemonIOSchedClass = "idle";
+    # daemonIOSchedPriority = 7;
+    # this is superseded by nix.settings.auto-optimise-store.
+    # optimise.automatic = true;
+
    gc = {
      automatic = true;
      options = "--delete-older-than 7d";
    };
  };
+  nix.settings = {
+    sandbox = true;
+    experimental-features = [ "nix-command" "flakes" "repl-flake" ];
+    # auto-optimise-store = true;
+
+    # evaluation restrictions:
+    # restrict-eval = true;
+    # allowed-uris = [];
+    allow-dirty = false;
+  };
+  nix.package =
+    if lib.versionAtLeast pkgs.nix.version "2.15.2"
+    then pkgs.nix.out
+    else pkgs.nixUnstable.out;
  services.journald.extraConfig = "SystemMaxUse=500M";
  boot.kernel.sysctl = {
-    "net.ipv4.ip_forward" = 1;
+    "net.ipv4.ip_forward" = 1; # TODO why is it here by default?
  };
  swapDevices = [
    {