Opinionated defaults for NixOS

I’ve migrated one of my machines from Fedora Server to NixOS. I’m enjoying it so far, but one thing I miss is having some opinionated defaults from the distro itself.

For example, here are some of the things I’ve found myself enabling:

  • Automatic updates.
  • Automatic gc.
  • Periodic fstrim.
  • fwupd.
  • periodic btrfs scrub.
  • SMART monitoring.
  • irqbalance.

These are just the things I’ve noticed being lacking from the defaults. There are probably some others that would be useful that I haven’t noticed to be missing yet. It would be nice if there was a “please set some sensible opinionated defaults” option.


you may want to use the optimise store thing too :slight_smile:


@pauldoo Thanks for setting up this list! If you want to take it a step further, consider adding an article on nix.dev with the concrete settings (e.g. under Reference, which we may at some point rename to “Recommendations” or “Best Practices”).

If you want and can take more time, you may as well make (separate!) pull requests to enable these features by default. Then there is no need to tell people about it. You may get some head wind, and hopefully such a discussion would also inform further work on either implementation or documentation.


I’d be happy to help you @pauldoo if you want to write something as suggested by @fricklerhandwerk , because NixOS defaults are not very fine for most workstations :sweat_smile:

1 Like

I had most of these (or their zfs equivalents) covered.

I’d add a suggestion for one or other of:

  hardware.cpu.amd.updateMicrocode = true;
  hardware.cpu.intel.updateMicrocode = true;

as appropriate.

1 Like

For NixOS users I think the nixos-generate-config default configuration could be expanded too.

(I have not used the installer tool, so i am not sure if it is actually still relevant for current installations. Is it?)

1 Like

It sounds like we want to have options in NixOS for recommended settings. We have such options already in nixpkgs for nginx to make sure it is performant and secure:


In my configuration I have created modules called ‘suites’ for my recommended defaults.

For example, I have a suite module for i3, enabled using suites.i3.enable = true, which doesn’t just enable the i3 window manager, but also includes all tooling and settings surrounding i3 to get a proper desktop environment (dunst, dmenu, i3status, i3lock, dex).

Another example is a suite for single-user. It is for systems where there usually is a single user in control (for most laptop/desktop usages). It configures the main user with uid 1000 and adds the recommended user groups (audio video etc). Lastly it configures the autologin user for xserver. When you enable autologin using services.xserver.displayManager.autoLogin.enable = true; it will automatically login to the right user.

nixos-hardware is also a good example of such recommended settings. It is structured a bit differently: you merely import specific modules of their repository into your configuration, but it also provides good recommended settings. It includes modules for specific laptops, like HP Elitebook 2560p. It also includes sane defaults for systems with Nvidia graphics card or a common settings for laptops with SSDs.

I can imagine such high-level modules can be very beneficial for the people starting with Nix. Currently it is a bit hard to figure out how to get a proper desktop environment that lives up to the out of the box experience of Linux Mint. The current configuration.nix feels more like how you’d start with ArchLinux: you have to know quite a bit of Linux, X11 and the tooling surrounding it to have a good desktop experience.

Not sure whether such high level modules need to be included in nixpkgs. With flakes, a separate repository might be fine as well, but I think it is a good idea to have such modules. That avoids copying a large number of settings from blogs/manuals to your configuration.nix and not being up-to-date with the latest recommended settings.


In the current implementation of the installer, there is nothing requiring that it follows the default nixos-generate-config template, however for now it follows it closely with only a few minor differences based on selections that the user makes.

Um, is it this one?

Specifically the “Optimising the store” section at Storage optimization - NixOS Wiki

1 Like

I think what we lack in NixOS is a layer to enable opinionated defaults. Enabling them by default would make less easy to build a differently opinionated system instead, because you would have to disable a bunch of things first. What should have good defaults without any doubt though is the configuration for individual services. No service should be enabled by default, but when we enable one, it should have secure and performant defaults.

Missing a good default layer, I have written my own opinionated configuration framework for NixOS: confkit. It defines configuration options in the confkit.* space, like confkit.profile.usage for the usage (server, workstation), confkit.profile.type (physical, virtual, laptop) and some features to configurure use-cases like ZFS, or even a complete filesystem hierarchy. The features and profiles are extensible. It is though lacking some graphical environment configuration, which is only in my personal configuration framework for now.

It would be interesting to have such kind of framework / layer on top of the bare NixOS, directly in the nixpkgs repo and advertised in the guides, to ease the configuration.

we have profiles, maybe it would be worth writing a few profiles for desktop users

1 Like

Oh, neat! Indeed I could find them in the manual, chapter 55. Maybe it could be interesting to mention them in the install process? Or have them commented in the default config so newcomers can choose one and enable it easily?


Sounds good. I’d support a PR implementing that.

If something gets added to the installing section that points to the profiles, then the profiles section needs an update as well.

Currently the location of the profiles within nixpkgs is documented there, though not the filename for each individual profile.

As NobbZ mentioned in another thread: “why add introduced randomness”