summaryrefslogtreecommitdiff
path: root/modules/nixos/defaults
diff options
context:
space:
mode:
authorseth <[email protected]>2024-10-27 20:12:19 -0400
committerGitHub <[email protected]>2024-10-28 00:12:19 +0000
commit5ec7ee21e036f7bc1cbdec714271c619cb3fdb3d (patch)
tree3277d8ba68ca466e68c58a8373063010db392d2e /modules/nixos/defaults
parent75ec48c5f7dd7877f2294b86764b1fdadc6b7e88 (diff)
modules: restructure (#487)
* seth: remove unused pkgs * modules: restructure from archetypes back to profiles make less actual modules for everything use lib.mkDefault like it's supposed to move mixins out of server * nixos/resolved: use modern options
Diffstat (limited to 'modules/nixos/defaults')
-rw-r--r--modules/nixos/defaults/default.nix8
-rw-r--r--modules/nixos/defaults/nix.nix10
-rw-r--r--modules/nixos/defaults/programs.nix6
-rw-r--r--modules/nixos/defaults/security.nix13
-rw-r--r--modules/nixos/defaults/users.nix18
5 files changed, 55 insertions, 0 deletions
diff --git a/modules/nixos/defaults/default.nix b/modules/nixos/defaults/default.nix
new file mode 100644
index 0000000..bcd3554
--- /dev/null
+++ b/modules/nixos/defaults/default.nix
@@ -0,0 +1,8 @@
+{
+ imports = [
+ ./nix.nix
+ ./programs.nix
+ ./security.nix
+ ./users.nix
+ ];
+}
diff --git a/modules/nixos/defaults/nix.nix b/modules/nixos/defaults/nix.nix
new file mode 100644
index 0000000..8716f00
--- /dev/null
+++ b/modules/nixos/defaults/nix.nix
@@ -0,0 +1,10 @@
+{ lib, ... }:
+{
+ nix = {
+ channel.enable = lib.mkDefault false;
+ settings.trusted-users = [
+ "root"
+ "@wheel"
+ ];
+ };
+}
diff --git a/modules/nixos/defaults/programs.nix b/modules/nixos/defaults/programs.nix
new file mode 100644
index 0000000..c7d655f
--- /dev/null
+++ b/modules/nixos/defaults/programs.nix
@@ -0,0 +1,6 @@
+{
+ programs = {
+ git.enable = true;
+ vim.defaultEditor = true;
+ };
+}
diff --git a/modules/nixos/defaults/security.nix b/modules/nixos/defaults/security.nix
new file mode 100644
index 0000000..65ce729
--- /dev/null
+++ b/modules/nixos/defaults/security.nix
@@ -0,0 +1,13 @@
+# Much of this is sourced from https://xeiaso.net/blog/paranoid-nixos-2021-07-18/
+{ lib, ... }:
+{
+ security = {
+ apparmor.enable = lib.mkDefault true;
+ audit.enable = lib.mkDefault true;
+ auditd.enable = lib.mkDefault true;
+ polkit.enable = true;
+ sudo.execWheelOnly = true;
+ };
+
+ services.dbus.apparmor = lib.mkDefault "enabled";
+}
diff --git a/modules/nixos/defaults/users.nix b/modules/nixos/defaults/users.nix
new file mode 100644
index 0000000..0cec52a
--- /dev/null
+++ b/modules/nixos/defaults/users.nix
@@ -0,0 +1,18 @@
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}:
+{
+ users = {
+ defaultUserShell = pkgs.bash;
+ mutableUsers = false;
+
+ users.root = {
+ home = lib.mkDefault "/root";
+ uid = config.ids.uids.root;
+ group = "root";
+ };
+ };
+}
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-06 11:20:20 +0000