about summary refs log tree commit diff
path: root/modules/common
diff options
context:
space:
mode:
authorAzat Bahawi <azat@bahawi.net>2024-06-27 18:10:21 +0300
committerAzat Bahawi <azat@bahawi.net>2024-06-27 18:10:21 +0300
commitb212b16a14ea12384c4b19ad453076502855a738 (patch)
treedefd42780c334342e82d59ac927ae070e9af5fd7 /modules/common
parent2024-06-24 (diff)
2024-06-27
Diffstat (limited to 'modules/common')
-rw-r--r--modules/common/kernel.nix56
-rw-r--r--modules/common/nix.nix3
-rw-r--r--modules/common/users.nix5
3 files changed, 29 insertions, 35 deletions
diff --git a/modules/common/kernel.nix b/modules/common/kernel.nix
index 5c45b5d..ddc4f62 100644
--- a/modules/common/kernel.nix
+++ b/modules/common/kernel.nix
@@ -1,38 +1,30 @@
 { lib, ... }:
 with lib;
 {
-  boot = {
-    # I don't use it even on laptops. It's also /required/ to disable it for
-    # ZFS[1].
-    # [1]: https://github.com/openzfs/zfs/issues/260
-    # [1]: https://github.com/openzfs/zfs/issues/12842
-    kernelParams = [ "hibernate=no" ];
-
-    kernel.sysctl = {
-      "fs.file-max" = pow 2 17;
-      "fs.inotify.max_user_watches" = pow 2 19;
-      "fs.suid_dumpable" = 0;
-      "kernel.core_uses_pid" = 1;
-      "kernel.exec-shield" = 1;
-      "kernel.kptr_restrict" = 1;
-      "kernel.maps_protect" = 1;
-      "kernel.msgmax" = pow 2 16;
-      "kernel.msgmnb" = pow 2 16;
-      "kernel.pid_max" = pow 2 16;
-      "kernel.randomize_va_space" = 2;
-      "kernel.shmall" = pow 2 28;
-      "kernel.shmmax" = pow 2 28;
-      "kernel.sysrq" = 0;
-      "vm.dirty_background_bytes" = pow 2 22;
-      "vm.dirty_background_ratio" = 5;
-      "vm.dirty_bytes" = pow 2 22;
-      "vm.dirty_ratio" = 30;
-      "vm.min_free_kbytes" = pow 2 16;
-      "vm.mmap_min_addr" = pow 2 12;
-      "vm.overcommit_memory" = mkDefault 0;
-      "vm.overcommit_ratio" = mkDefault 50;
-      "vm.vfs_cache_pressure" = 50;
-    };
+  boot.kernel.sysctl = {
+    "fs.file-max" = pow 2 17;
+    "fs.inotify.max_user_watches" = pow 2 19;
+    "fs.suid_dumpable" = 0;
+    "kernel.core_uses_pid" = 1;
+    "kernel.exec-shield" = 1;
+    "kernel.kptr_restrict" = 1;
+    "kernel.maps_protect" = 1;
+    "kernel.msgmax" = pow 2 16;
+    "kernel.msgmnb" = pow 2 16;
+    "kernel.pid_max" = pow 2 16;
+    "kernel.randomize_va_space" = 2;
+    "kernel.shmall" = pow 2 28;
+    "kernel.shmmax" = pow 2 28;
+    "kernel.sysrq" = 0;
+    "vm.dirty_background_bytes" = pow 2 22;
+    "vm.dirty_background_ratio" = 5;
+    "vm.dirty_bytes" = pow 2 22;
+    "vm.dirty_ratio" = 30;
+    "vm.min_free_kbytes" = pow 2 16;
+    "vm.mmap_min_addr" = pow 2 12;
+    "vm.overcommit_memory" = mkDefault 0;
+    "vm.overcommit_ratio" = mkDefault 50;
+    "vm.vfs_cache_pressure" = 50;
   };
 
   # https://docs.kernel.org/admin-guide/mm/ksm.html
diff --git a/modules/common/nix.nix b/modules/common/nix.nix
index 3342113..aad7106 100644
--- a/modules/common/nix.nix
+++ b/modules/common/nix.nix
@@ -141,7 +141,6 @@ in
       };
 
       environment = {
-        localBinInPath = true;
         defaultPackages = [ ];
         systemPackages =
           with pkgs;
@@ -150,7 +149,7 @@ in
             nixfiles
           ];
         variables = {
-          NIXFILES = "${config.my.home}/src/nixfiles";
+          NIXFILES = optionalString this.isHeadful "${config.my.home}/src/nixfiles";
           NIX_SHELL_PRESERVE_PROMPT = "1";
         };
       };
diff --git a/modules/common/users.nix b/modules/common/users.nix
index ba1a89b..b8aca28 100644
--- a/modules/common/users.nix
+++ b/modules/common/users.nix
@@ -18,7 +18,10 @@ in
     mutableUsers = false;
 
     users = {
-      root.hashedPassword = "@HASHED_PASSWORD@";
+      root = {
+        hashedPassword = null;
+        password = null;
+      };
 
       ${my.username} = {
         isNormalUser = true;

Consider giving Nix/NixOS a try! <3