diff options
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/machine/errol.nix | 1 | ||||
-rw-r--r-- | nixos/modules/generic.nix | 88 |
2 files changed, 48 insertions, 41 deletions
diff --git a/nixos/machine/errol.nix b/nixos/machine/errol.nix index de23bc3..922ff57 100644 --- a/nixos/machine/errol.nix +++ b/nixos/machine/errol.nix @@ -62,6 +62,7 @@ with lib; { configDir = "/home/cynerd/.config/syncthing"; }; + nixpkgs.config.permittedInsecurePackages = ["openssl-1.1.1w"]; # TODO services.home-assistant = { enable = true; openFirewall = true; diff --git a/nixos/modules/generic.nix b/nixos/modules/generic.nix index 8688732..9b64aa8 100644 --- a/nixos/modules/generic.nix +++ b/nixos/modules/generic.nix @@ -32,10 +32,12 @@ in { }; }; - boot.loader.systemd-boot.enable = mkOverride 1100 true; - boot.loader.efi.canTouchEfiVariables = mkDefault true; - boot.kernelPackages = mkOverride 1100 pkgs.linuxPackages_latest; - boot.kernelParams = ["boot.shell_on_fail"]; + boot = { + loader.systemd-boot.enable = mkOverride 1100 true; + loader.efi.canTouchEfiVariables = mkDefault true; + kernelPackages = mkOverride 1100 pkgs.linuxPackages_latest; + kernelParams = ["boot.shell_on_fail"]; + }; hardware.enableAllFirmware = true; services.fwupd.enable = mkIf (pkgs.system == "x86_64-linux") true; @@ -107,46 +109,50 @@ in { mlocate ]; - users.mutableUsers = false; - users.groups.cynerd.gid = 1000; - users.users = { - root = { - hashedPasswordFile = "/run/secrets/root.pass"; - }; - cynerd = { - group = "cynerd"; - extraGroups = ["users" "wheel" "dialout" "kvm" "uucp"]; - uid = 1000; - subUidRanges = [ - { - count = 65534; - startUid = 10000; - } - ]; - subGidRanges = [ - { - count = 65534; - startGid = 10000; - } - ]; - isNormalUser = true; - createHome = true; - shell = - if isNative - then pkgs.zsh.out - else pkgs.bash.out; - hashedPasswordFile = "/run/secrets/cynerd.pass"; - openssh.authorizedKeys.keyFiles = [ - (config.personal-secrets + "/unencrypted/git-private.pub") - ]; + users = { + mutableUsers = false; + groups.cynerd.gid = 1000; + users = { + root = { + hashedPasswordFile = "/run/secrets/root.pass"; + }; + cynerd = { + group = "cynerd"; + extraGroups = ["users" "wheel" "dialout" "kvm" "uucp"]; + uid = 1000; + subUidRanges = [ + { + count = 65534; + startUid = 10000; + } + ]; + subGidRanges = [ + { + count = 65534; + startGid = 10000; + } + ]; + isNormalUser = true; + createHome = true; + shell = + if isNative + then pkgs.zsh.out + else pkgs.bash.out; + hashedPasswordFile = "/run/secrets/cynerd.pass"; + openssh.authorizedKeys.keyFiles = [ + (config.personal-secrets + "/unencrypted/git-private.pub") + ]; + }; }; }; - programs.zsh = { - enable = isNative; - syntaxHighlighting.enable = isNative; + programs = { + zsh = { + enable = isNative; + syntaxHighlighting.enable = isNative; + }; + shellrc = true; + vim.defaultEditor = mkDefault true; }; - programs.shellrc = true; - programs.vim.defaultEditor = mkDefault true; security.sudo.extraRules = [ { |