modules: better document most things

author: seth <[email protected]> 2024-07-09 06:45:24 -0400
committer: seth <[email protected]> 2024-07-09 15:38:51 -0400
commit: 6368272cdeec8c69800b4e7645402914f48e5c33 (patch)
tree: f5e321fac25da065bff0480a63b0031eee00a031 /modules/nixos/base
parent: 74159b94f662fc737f5614bdd29fd76bf27cee27 (diff)
5 files changed, 10 insertions, 8 deletions
diff --git a/modules/nixos/base/networking.nix b/modules/nixos/base/networking.nix
index 35e8558..c4514df 100644
--- a/modules/nixos/base/networking.nix
+++ b/modules/nixos/base/networking.nix
@@ -6,6 +6,7 @@ in
   options.base.networking = {
     enable = lib.mkEnableOption "base network settings" // {
       default = config.base.enable;
+      defaultText = lib.literalExpression "config.base.enable";
     };
   };
 
diff --git a/modules/nixos/base/nix.nix b/modules/nixos/base/nix.nix
index 29b0264..e49eb17 100644
--- a/modules/nixos/base/nix.nix
+++ b/modules/nixos/base/nix.nix
@@ -1,10 +1,9 @@
 { config, lib, ... }:
 let
   cfg = config.base.nixSettings;
-  enable = config.base.enable && cfg.enable;
 in
 {
-  config = lib.mkIf enable {
+  config = lib.mkIf cfg.enable {
     nix = {
       channel.enable = lib.mkDefault false;
       settings.trusted-users = [
diff --git a/modules/nixos/base/programs.nix b/modules/nixos/base/programs.nix
index def710c..55424dc 100644
--- a/modules/nixos/base/programs.nix
+++ b/modules/nixos/base/programs.nix
@@ -1,10 +1,9 @@
 { config, lib, ... }:
 let
   cfg = config.base.defaultPrograms;
-  enable = config.base.enable && cfg.enable;
 in
 {
-  config = lib.mkIf enable {
+  config = lib.mkIf cfg.enable {
     programs = {
       git.enable = true;
       vim.defaultEditor = true;
diff --git a/modules/nixos/base/security.nix b/modules/nixos/base/security.nix
index 12d6f7e..5c015c7 100644
--- a/modules/nixos/base/security.nix
+++ b/modules/nixos/base/security.nix
@@ -6,15 +6,17 @@ in
   options.base.security = {
     enable = lib.mkEnableOption "basic security settings" // {
       default = config.base.enable;
+      defaultText = lib.literalExpression "config.base.enable";
     };
   };
 
+  # much here is sourced from https://xeiaso.net/blog/paranoid-nixos-2021-07-18/
   config = lib.mkIf cfg.enable {
     security = {
       apparmor.enable = lib.mkDefault true;
-      audit.enable = lib.mkDefault true;
-      auditd.enable = lib.mkDefault true;
-      polkit.enable = lib.mkDefault true;
+      audit.enable = lib.mkDefault true; # TODO: do i really need to set this manually?
+      auditd.enable = lib.mkDefault true; # ditto
+      polkit.enable = lib.mkDefault true; # ditto
       sudo.execWheelOnly = true;
     };
 
diff --git a/modules/nixos/base/users.nix b/modules/nixos/base/users.nix
index ddef714..b757fc5 100644
--- a/modules/nixos/base/users.nix
+++ b/modules/nixos/base/users.nix
@@ -11,7 +11,8 @@ in
 {
   options.base.users = {
     enable = lib.mkEnableOption "basic user configurations" // {
-      default = true;
+      default = config.base.enable;
+      defaultText = lib.literalExpression "config.base.enable";
     };
 
     defaultRoot = {
author	seth <[email protected]>	2024-07-09 06:45:24 -0400
committer	seth <[email protected]>	2024-07-09 15:38:51 -0400
commit	6368272cdeec8c69800b4e7645402914f48e5c33 (patch)
tree	f5e321fac25da065bff0480a63b0031eee00a031 /modules/nixos/base
parent	74159b94f662fc737f5614bdd29fd76bf27cee27 (diff)