diff options
| author | Fuwn <[email protected]> | 2024-08-29 20:54:34 -0700 |
|---|---|---|
| committer | Fuwn <[email protected]> | 2024-08-29 20:54:34 -0700 |
| commit | 6ddc25d4e189c30431703f602653b8bae861e4af (patch) | |
| tree | 979cc4d790c3ce8895471d008d61c3e9645acec4 | |
| parent | firewall (diff) | |
| download | nixos-config-6ddc25d4e189c30431703f602653b8bae861e4af.tar.xz nixos-config-6ddc25d4e189c30431703f602653b8bae861e4af.zip | |
some stuff
| -rw-r--r-- | home/ebisu/meta/system/shell/fish/default.nix | 4 | ||||
| -rw-r--r-- | modules/boot/default.nix | 45 | ||||
| -rw-r--r-- | modules/boot/grub.nix | 30 | ||||
| -rw-r--r-- | modules/boot/systemd-boot.nix | 10 | ||||
| -rw-r--r-- | modules/datetime.nix (renamed from modules/datetime/default.nix) | 0 | ||||
| -rw-r--r-- | modules/default.nix | 12 | ||||
| -rw-r--r-- | modules/networking.nix (renamed from modules/networking/default.nix) | 5 | ||||
| -rw-r--r-- | modules/nix.nix (renamed from modules/nix/default.nix) | 5 | ||||
| -rw-r--r-- | modules/security.nix (renamed from modules/security/default.nix) | 12 | ||||
| -rw-r--r-- | modules/users.nix | 24 | ||||
| -rw-r--r-- | modules/users/default.nix | 17 | ||||
| -rw-r--r-- | modules/virtualisation.nix (renamed from modules/virtualisation/default.nix) | 0 |
12 files changed, 100 insertions, 64 deletions
diff --git a/home/ebisu/meta/system/shell/fish/default.nix b/home/ebisu/meta/system/shell/fish/default.nix index 94270e7..bcc0def 100644 --- a/home/ebisu/meta/system/shell/fish/default.nix +++ b/home/ebisu/meta/system/shell/fish/default.nix @@ -26,6 +26,10 @@ command nh $argv end end + + function nix-find + find $argv -type f -exec test ! -L {} \; -exec realpath {} \; | grep -v "^/nix/store" + end end set -l config_home (set -q XDG_CONFIG_HOME; and echo $XDG_CONFIG_HOME; or echo $HOME/.config) diff --git a/modules/boot/default.nix b/modules/boot/default.nix index d0f5852..eb128ed 100644 --- a/modules/boot/default.nix +++ b/modules/boot/default.nix @@ -1,8 +1,10 @@ { pkgs, config, ... }: -let - configurationLimit = 10; -in { + imports = [ + ./grub.nix + ./systemd-boot.nix + ]; + boot = { loader = { timeout = 5; @@ -11,43 +13,6 @@ in canTouchEfiVariables = true; efiSysMountPoint = "/boot"; }; - - systemd-boot = { - enable = false; - editor = true; - consoleMode = "max"; - memtest86.enable = true; - netbootxyz.enable = true; - configurationLimit = configurationLimit; - }; - - grub = { - enable = true; - device = "nodev"; - efiSupport = true; - useOSProber = true; - configurationLimit = configurationLimit; - memtest86.enable = true; - gfxmodeEfi = "1920x1080"; - gfxmodeBios = "1920x1080"; - splashMode = "normal"; - - extraEntries = '' - menuentry "Arch Linux (linux-clear)" { - linux /vmlinuz-linux-clear - initrd /amd-ucode.img - initrd /booster-linux-clear.img - options root=PARTUUID=f510f35d-76a0-4469-aad5-da449541ecd2 rootflags=subvol=@ rw rootfstype=btrfs psi=1 nvidia_drm.modeset=1 - } - ''; - - theme = pkgs.fetchFromGitHub { - owner = "Lxtharia"; - repo = "minegrub-theme"; - rev = "193b3a7c3d432f8c6af10adfb465b781091f56b3"; - sha256 = "1bvkfmjzbk7pfisvmyw5gjmcqj9dab7gwd5nmvi8gs4vk72bl2ap"; - }; - }; }; kernelPackages = pkgs.linuxPackages_zen; diff --git a/modules/boot/grub.nix b/modules/boot/grub.nix new file mode 100644 index 0000000..b562370 --- /dev/null +++ b/modules/boot/grub.nix @@ -0,0 +1,30 @@ +{ pkgs, ... }: +{ + boot.loader.grub = { + enable = true; + device = "nodev"; + efiSupport = true; + useOSProber = true; + configurationLimit = 10; + memtest86.enable = true; + gfxmodeEfi = "1920x1080"; + gfxmodeBios = "1920x1080"; + splashMode = "normal"; + + extraEntries = '' + menuentry "Arch Linux (linux-clear)" { + linux /vmlinuz-linux-clear + initrd /amd-ucode.img + initrd /booster-linux-clear.img + options root=PARTUUID=f510f35d-76a0-4469-aad5-da449541ecd2 rootflags=subvol=@ rw rootfstype=btrfs psi=1 nvidia_drm.modeset=1 + } + ''; + + theme = pkgs.fetchFromGitHub { + owner = "Lxtharia"; + repo = "minegrub-theme"; + rev = "193b3a7c3d432f8c6af10adfb465b781091f56b3"; + sha256 = "1bvkfmjzbk7pfisvmyw5gjmcqj9dab7gwd5nmvi8gs4vk72bl2ap"; + }; + }; +} diff --git a/modules/boot/systemd-boot.nix b/modules/boot/systemd-boot.nix new file mode 100644 index 0000000..5b50bad --- /dev/null +++ b/modules/boot/systemd-boot.nix @@ -0,0 +1,10 @@ +{ + boot.loader.systemd-boot = { + enable = false; + editor = true; + consoleMode = "max"; + memtest86.enable = true; + netbootxyz.enable = true; + configurationLimit = 10; + }; +} diff --git a/modules/datetime/default.nix b/modules/datetime.nix index 2e4fbe0..2e4fbe0 100644 --- a/modules/datetime/default.nix +++ b/modules/datetime.nix diff --git a/modules/default.nix b/modules/default.nix index a2d6ec4..b4d4169 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -1,16 +1,16 @@ { imports = [ ./boot - ./datetime ./environment ./hardware - ./networking - ./nix ./programs - ./security ./services - ./users - ./virtualisation + ./datetime.nix + ./networking.nix + ./nix.nix + ./security.nix + ./users.nix + ./virtualisation.nix ./xdg-portal.nix ]; diff --git a/modules/networking/default.nix b/modules/networking.nix index 30052f2..d2d2f0d 100644 --- a/modules/networking/default.nix +++ b/modules/networking.nix @@ -3,6 +3,11 @@ hostName = "kansai"; networkmanager.enable = false; + nameservers = [ + "1.1.1.1" + "9.9.9.9" + ]; + firewall = { enable = true; allowedUDPPorts = [ 53 ]; diff --git a/modules/nix/default.nix b/modules/nix.nix index 365dc77..26d79ef 100644 --- a/modules/nix/default.nix +++ b/modules/nix.nix @@ -2,6 +2,11 @@ nixpkgs.config.allowUnfree = true; nix = { + allowedUsers = [ + "root" + "@wheel" + ]; + settings = { auto-optimise-store = true; http-connections = 50; diff --git a/modules/security/default.nix b/modules/security.nix index e7db804..b377317 100644 --- a/modules/security/default.nix +++ b/modules/security.nix @@ -1,7 +1,17 @@ { security = { - sudo.enable = true; polkit.enable = true; + auditd.enable = true; + + sudo = { + enable = true; + execWheelOnly = true; + }; + + audit = { + enable = true; + rules = [ "-a exit,always -F arch=b64 -S execve" ]; + }; doas = { enable = true; diff --git a/modules/users.nix b/modules/users.nix new file mode 100644 index 0000000..84a2ea3 --- /dev/null +++ b/modules/users.nix @@ -0,0 +1,24 @@ +{ pkgs, ... }: +let + initialPassword = "123456"; +in +{ + users.users = { + root.initialPassword = initialPassword; + + ebisu = { + isNormalUser = true; + initialPassword = initialPassword; + shell = pkgs.fish; + + extraGroups = [ + "networkmanager" + "wheel" + "input" + "docker" + "kvm" + "libvirtd" + ]; + }; + }; +} diff --git a/modules/users/default.nix b/modules/users/default.nix deleted file mode 100644 index fed20c3..0000000 --- a/modules/users/default.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ pkgs, ... }: -{ - users.users.ebisu = { - isNormalUser = true; - initialPassword = "123456"; - shell = pkgs.fish; - - extraGroups = [ - "networkmanager" - "wheel" - "input" - "docker" - "kvm" - "libvirtd" - ]; - }; -} diff --git a/modules/virtualisation/default.nix b/modules/virtualisation.nix index 6add74f..6add74f 100644 --- a/modules/virtualisation/default.nix +++ b/modules/virtualisation.nix |