diff options
Diffstat (limited to 'modules/nixos/base')
| -rw-r--r-- | modules/nixos/base/networking.nix | 1 | ||||
| -rw-r--r-- | modules/nixos/base/nix.nix | 3 | ||||
| -rw-r--r-- | modules/nixos/base/programs.nix | 3 | ||||
| -rw-r--r-- | modules/nixos/base/security.nix | 8 | ||||
| -rw-r--r-- | modules/nixos/base/users.nix | 3 |
5 files changed, 10 insertions, 8 deletions
diff --git a/modules/nixos/base/networking.nix b/modules/nixos/base/networking.nix index 35e8558..c4514df 100644 --- a/modules/nixos/base/networking.nix +++ b/modules/nixos/base/networking.nix @@ -6,6 +6,7 @@ in options.base.networking = { enable = lib.mkEnableOption "base network settings" // { default = config.base.enable; + defaultText = lib.literalExpression "config.base.enable"; }; }; diff --git a/modules/nixos/base/nix.nix b/modules/nixos/base/nix.nix index 29b0264..e49eb17 100644 --- a/modules/nixos/base/nix.nix +++ b/modules/nixos/base/nix.nix @@ -1,10 +1,9 @@ { config, lib, ... }: let cfg = config.base.nixSettings; - enable = config.base.enable && cfg.enable; in { - config = lib.mkIf enable { + config = lib.mkIf cfg.enable { nix = { channel.enable = lib.mkDefault false; settings.trusted-users = [ diff --git a/modules/nixos/base/programs.nix b/modules/nixos/base/programs.nix index def710c..55424dc 100644 --- a/modules/nixos/base/programs.nix +++ b/modules/nixos/base/programs.nix @@ -1,10 +1,9 @@ { config, lib, ... }: let cfg = config.base.defaultPrograms; - enable = config.base.enable && cfg.enable; in { - config = lib.mkIf enable { + config = lib.mkIf cfg.enable { programs = { git.enable = true; vim.defaultEditor = true; diff --git a/modules/nixos/base/security.nix b/modules/nixos/base/security.nix index 12d6f7e..5c015c7 100644 --- a/modules/nixos/base/security.nix +++ b/modules/nixos/base/security.nix @@ -6,15 +6,17 @@ in options.base.security = { enable = lib.mkEnableOption "basic security settings" // { default = config.base.enable; + defaultText = lib.literalExpression "config.base.enable"; }; }; + # much here is sourced from https://xeiaso.net/blog/paranoid-nixos-2021-07-18/ config = lib.mkIf cfg.enable { security = { apparmor.enable = lib.mkDefault true; - audit.enable = lib.mkDefault true; - auditd.enable = lib.mkDefault true; - polkit.enable = lib.mkDefault true; + audit.enable = lib.mkDefault true; # TODO: do i really need to set this manually? + auditd.enable = lib.mkDefault true; # ditto + polkit.enable = lib.mkDefault true; # ditto sudo.execWheelOnly = true; }; diff --git a/modules/nixos/base/users.nix b/modules/nixos/base/users.nix index ddef714..b757fc5 100644 --- a/modules/nixos/base/users.nix +++ b/modules/nixos/base/users.nix @@ -11,7 +11,8 @@ in { options.base.users = { enable = lib.mkEnableOption "basic user configurations" // { - default = true; + default = config.base.enable; + defaultText = lib.literalExpression "config.base.enable"; }; defaultRoot = { |