From 55296b643fe2934b875561dd58861b69d4951e9c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Karel=20Ko=C4=8D=C3=AD?= Date: Wed, 10 Jan 2024 11:17:22 +0100 Subject: nixos: multiple tweaks --- nixos/modules/generic.nix | 88 +++++++++++++++++++++++++---------------------- 1 file changed, 47 insertions(+), 41 deletions(-) (limited to 'nixos/modules') diff --git a/nixos/modules/generic.nix b/nixos/modules/generic.nix index 8688732..9b64aa8 100644 --- a/nixos/modules/generic.nix +++ b/nixos/modules/generic.nix @@ -32,10 +32,12 @@ in { }; }; - boot.loader.systemd-boot.enable = mkOverride 1100 true; - boot.loader.efi.canTouchEfiVariables = mkDefault true; - boot.kernelPackages = mkOverride 1100 pkgs.linuxPackages_latest; - boot.kernelParams = ["boot.shell_on_fail"]; + boot = { + loader.systemd-boot.enable = mkOverride 1100 true; + loader.efi.canTouchEfiVariables = mkDefault true; + kernelPackages = mkOverride 1100 pkgs.linuxPackages_latest; + kernelParams = ["boot.shell_on_fail"]; + }; hardware.enableAllFirmware = true; services.fwupd.enable = mkIf (pkgs.system == "x86_64-linux") true; @@ -107,46 +109,50 @@ in { mlocate ]; - users.mutableUsers = false; - users.groups.cynerd.gid = 1000; - users.users = { - root = { - hashedPasswordFile = "/run/secrets/root.pass"; - }; - cynerd = { - group = "cynerd"; - extraGroups = ["users" "wheel" "dialout" "kvm" "uucp"]; - uid = 1000; - subUidRanges = [ - { - count = 65534; - startUid = 10000; - } - ]; - subGidRanges = [ - { - count = 65534; - startGid = 10000; - } - ]; - isNormalUser = true; - createHome = true; - shell = - if isNative - then pkgs.zsh.out - else pkgs.bash.out; - hashedPasswordFile = "/run/secrets/cynerd.pass"; - openssh.authorizedKeys.keyFiles = [ - (config.personal-secrets + "/unencrypted/git-private.pub") - ]; + users = { + mutableUsers = false; + groups.cynerd.gid = 1000; + users = { + root = { + hashedPasswordFile = "/run/secrets/root.pass"; + }; + cynerd = { + group = "cynerd"; + extraGroups = ["users" "wheel" "dialout" "kvm" "uucp"]; + uid = 1000; + subUidRanges = [ + { + count = 65534; + startUid = 10000; + } + ]; + subGidRanges = [ + { + count = 65534; + startGid = 10000; + } + ]; + isNormalUser = true; + createHome = true; + shell = + if isNative + then pkgs.zsh.out + else pkgs.bash.out; + hashedPasswordFile = "/run/secrets/cynerd.pass"; + openssh.authorizedKeys.keyFiles = [ + (config.personal-secrets + "/unencrypted/git-private.pub") + ]; + }; }; }; - programs.zsh = { - enable = isNative; - syntaxHighlighting.enable = isNative; + programs = { + zsh = { + enable = isNative; + syntaxHighlighting.enable = isNative; + }; + shellrc = true; + vim.defaultEditor = mkDefault true; }; - programs.shellrc = true; - programs.vim.defaultEditor = mkDefault true; security.sudo.extraRules = [ { -- cgit v1.2.3