This commit is contained in:
@@ -4,50 +4,113 @@
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
|
||||
let
|
||||
inherit (lib)
|
||||
mkForce
|
||||
;
|
||||
in
|
||||
{
|
||||
imports = [
|
||||
inputs.disko.nixosModules.disko
|
||||
./hardware-configuration.nix
|
||||
./disko-config.nix
|
||||
../desktop.nix
|
||||
../../modules/nixos/deterministic-ids.nix
|
||||
../../users/jordan
|
||||
];
|
||||
|
||||
nixpkgs = {
|
||||
hostPlatform = "x86_64-linux";
|
||||
config = {
|
||||
nvidia.acceptLicense = true;
|
||||
permittedInsecurePackages = [ "broadcom-sta-6.30.223.271-57-6.12.41" ];
|
||||
permittedInsecurePackages = [ "broadcom-sta-6.30.223.271-59-6.12.63" ];
|
||||
};
|
||||
};
|
||||
|
||||
age.rekey.hostPubkey = ./ssh_host_ed25519_key.pub;
|
||||
|
||||
boot.loader = {
|
||||
systemd-boot.enable = true;
|
||||
efi.canTouchEfiVariables = true;
|
||||
boot = {
|
||||
loader = {
|
||||
systemd-boot.enable = true;
|
||||
efi.canTouchEfiVariables = true;
|
||||
};
|
||||
initrd.systemd = {
|
||||
enable = true;
|
||||
extraBin.cryptsetup = "${pkgs.cryptsetup}/bin/cryptsetup";
|
||||
services."zfs-import-rpool".after = [ "cryptsetup.target" ];
|
||||
};
|
||||
tmp.useTmpfs = true;
|
||||
};
|
||||
|
||||
networking.hostId = "cf791898";
|
||||
console.earlySetup = true;
|
||||
|
||||
# nvidia 470 driver doesn't work with Wayland
|
||||
services = {
|
||||
xserver = {
|
||||
displayManager.gdm.wayland = lib.mkForce false;
|
||||
videoDrivers = [ "nvidia" ];
|
||||
};
|
||||
displayManager = {
|
||||
defaultSession = "gnome-xorg";
|
||||
systemd.network.enable = true;
|
||||
systemd.network.wait-online.enable = false;
|
||||
|
||||
networking = {
|
||||
hostId = "cf791898";
|
||||
useNetworkd = true;
|
||||
dhcpcd.enable = false;
|
||||
firewall = {
|
||||
enable = true;
|
||||
allowedTCPPorts = [
|
||||
22 # SSH
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
services.resolved = {
|
||||
enable = true;
|
||||
dnssec = "false";
|
||||
fallbackDns = [
|
||||
"9.9.9.9"
|
||||
"2620:fe::fe"
|
||||
"1.1.1.1"
|
||||
"2606:4700:4700::1111"
|
||||
];
|
||||
llmnr = "false";
|
||||
extraConfig = ''
|
||||
MulticastDNS=false
|
||||
'';
|
||||
};
|
||||
|
||||
# Workaround for label rendering bug in GTK4 with nvidia 470 driver
|
||||
environment.sessionVariables.GSK_RENDERER = "gl";
|
||||
|
||||
environment.systemPackages = [
|
||||
pkgs.moonlight-qt
|
||||
];
|
||||
environment.persistence."/persist".enable = mkForce true;
|
||||
environment.persistence."/state".enable = mkForce true;
|
||||
|
||||
modules = {
|
||||
system.desktop.gnome.enable = mkForce false;
|
||||
};
|
||||
|
||||
services.openssh.settings.PermitRootLogin = mkForce "prohibit-password";
|
||||
|
||||
users = {
|
||||
users = {
|
||||
root = {
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILVHTjsyMIV4THNw6yz0OxAxGnC+41gX72UrPqTzR+OS jordan@vimium.com"
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
users.deterministicIds =
|
||||
let
|
||||
uidGid = id: {
|
||||
uid = id;
|
||||
gid = id;
|
||||
};
|
||||
in
|
||||
{
|
||||
systemd-oom = uidGid 999;
|
||||
systemd-coredump = uidGid 998;
|
||||
sshd = uidGid 997;
|
||||
nscd = uidGid 996;
|
||||
polkituser = uidGid 995;
|
||||
rtkit = uidGid 994;
|
||||
lpadmin = uidGid 993;
|
||||
};
|
||||
|
||||
system.stateVersion = "22.11";
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user