diff options
| author | seth <[email protected]> | 2023-04-17 12:00:55 -0400 |
|---|---|---|
| committer | seth <[email protected]> | 2023-04-17 12:01:21 -0400 |
| commit | 92ca826539092f33c8e19a19c7a9ea0def2aece0 (patch) | |
| tree | c6ff98c3f645f189b559bc1a69904fec217a946c /modules/nixos | |
| parent | 98921a299be9f22bde9204e1fd05d0ea0fb0c6ed (diff) | |
move most configurations to modules
Diffstat (limited to 'modules/nixos')
| -rw-r--r-- | modules/nixos/default.nix | 28 | ||||
| -rw-r--r-- | modules/nixos/locale.nix | 24 | ||||
| -rw-r--r-- | modules/nixos/network.nix | 26 | ||||
| -rw-r--r-- | modules/nixos/root.nix | 19 | ||||
| -rw-r--r-- | modules/nixos/security.nix | 28 | ||||
| -rw-r--r-- | modules/nixos/systemd.nix | 7 | ||||
| -rw-r--r-- | modules/nixos/virtualisation.nix | 23 |
7 files changed, 155 insertions, 0 deletions
diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix new file mode 100644 index 0000000..5767d6b --- /dev/null +++ b/modules/nixos/default.nix @@ -0,0 +1,28 @@ +{ + config, + lib, + ... +}: let + cfg = config.nixos; + inherit (lib) mkDefault mkEnableOption mkIf; +in { + options.nixos.enable = mkEnableOption "base nixos module"; + + imports = [ + ./locale.nix + ./network.nix + ./root.nix + ./security.nix + ./systemd.nix + ./virtualisation.nix + ]; + + config = mkIf cfg.enable { + base.enable = true; + nixos = { + defaultLocale.enable = mkDefault true; + defaultRoot.enable = mkDefault true; + networking.enable = mkDefault true; + }; + }; +} diff --git a/modules/nixos/locale.nix b/modules/nixos/locale.nix new file mode 100644 index 0000000..1ac2466 --- /dev/null +++ b/modules/nixos/locale.nix @@ -0,0 +1,24 @@ +{ + config, + lib, + ... +}: let + cfg = config.nixos.defaultLocale; + inherit (lib) mkEnableOption mkIf; +in { + options.nixos.defaultLocale.enable = mkEnableOption "enable default locale"; + + config = mkIf cfg.enable { + i18n = { + supportedLocales = [ + "en_US.UTF-8/UTF-8" + ]; + defaultLocale = "en_US.UTF-8"; + }; + + time = { + hardwareClockInLocalTime = true; + timeZone = "America/New_York"; + }; + }; +} diff --git a/modules/nixos/network.nix b/modules/nixos/network.nix new file mode 100644 index 0000000..8ad670e --- /dev/null +++ b/modules/nixos/network.nix @@ -0,0 +1,26 @@ +{ + config, + lib, + ... +}: let + cfg = config.nixos.networking; + inherit (lib) mkEnableOption mkIf; +in { + options.nixos.networking.enable = mkEnableOption "enable networking"; + + config = mkIf cfg.enable { + networking.networkmanager = { + enable = true; + dns = "systemd-resolved"; + }; + services.resolved = { + enable = lib.mkDefault true; + dnssec = "allow-downgrade"; + extraConfig = '' + [Resolve] + DNS=1.1.1.1 1.0.0.1 + DNSOverTLS=yes + ''; + }; + }; +} diff --git a/modules/nixos/root.nix b/modules/nixos/root.nix new file mode 100644 index 0000000..4e27694 --- /dev/null +++ b/modules/nixos/root.nix @@ -0,0 +1,19 @@ +{ + config, + lib, + ... +}: let + cfg = config.nixos.defaultRoot; + inherit (lib) mkEnableOption mkIf; +in { + options.nixos.defaultRoot.enable = mkEnableOption "enable default root user"; + + config = mkIf cfg.enable { + users.users.root = { + home = "/root"; + uid = config.ids.uids.root; + group = "root"; + passwordFile = config.age.secrets.rootPassword.path; + }; + }; +} diff --git a/modules/nixos/security.nix b/modules/nixos/security.nix new file mode 100644 index 0000000..403cfa5 --- /dev/null +++ b/modules/nixos/security.nix @@ -0,0 +1,28 @@ +{ + lib, + pkgs, + ... +}: let + inherit (lib) mkDefault; +in { + security = { + apparmor.enable = mkDefault true; + audit.enable = mkDefault true; + auditd.enable = mkDefault true; + polkit.enable = mkDefault true; + rtkit.enable = mkDefault true; + sudo.execWheelOnly = true; + }; + + services.dbus.apparmor = mkDefault "enabled"; + + users = { + defaultUserShell = pkgs.bash; + mutableUsers = false; + }; + + nix.settings = { + allowed-users = ["root" "@wheel"]; + trusted-users = ["root"]; + }; +} diff --git a/modules/nixos/systemd.nix b/modules/nixos/systemd.nix new file mode 100644 index 0000000..2888c0b --- /dev/null +++ b/modules/nixos/systemd.nix @@ -0,0 +1,7 @@ +_: { + services = { + journald.extraConfig = '' + MaxRetentionSec=1w + ''; + }; +} diff --git a/modules/nixos/virtualisation.nix b/modules/nixos/virtualisation.nix new file mode 100644 index 0000000..d3ceb28 --- /dev/null +++ b/modules/nixos/virtualisation.nix @@ -0,0 +1,23 @@ +{ + config, + lib, + pkgs, + ... +}: let + cfg = config.nixos.virtualisation; + inherit (lib) mkEnableOption mkIf; +in { + options.nixos.virtualisation.enable = mkEnableOption "enable podman"; + + config = mkIf cfg.enable { + virtualisation = { + podman = { + enable = true; + enableNvidia = true; + extraPackages = with pkgs; [podman-compose]; + autoPrune.enable = true; + }; + oci-containers.backend = "podman"; + }; + }; +} |