about summary refs log tree commit diff
path: root/modules
diff options
context:
space:
mode:
authorAzat Bahawi <azat@bahawi.net>2023-02-02 00:49:21 +0300
committerAzat Bahawi <azat@bahawi.net>2023-02-02 00:49:21 +0300
commit89399796d0b91e7904ce67de04bd2f60f0d93b5b (patch)
tree06d47b2ccc861fe8188cdb96910e651802ae06cc /modules
parent2023-01-30 (diff)
2023-02-02
Diffstat (limited to '')
-rw-r--r--modules/nixos/common/systemd.nix3
-rw-r--r--modules/nixos/common/users.nix8
-rw-r--r--modules/nixos/openssh.nix2
-rw-r--r--modules/nixos/profiles/default.nix3
-rw-r--r--modules/nixos/profiles/headful.nix4
5 files changed, 9 insertions, 11 deletions
diff --git a/modules/nixos/common/systemd.nix b/modules/nixos/common/systemd.nix
index c1b2539..29020a0 100644
--- a/modules/nixos/common/systemd.nix
+++ b/modules/nixos/common/systemd.nix
@@ -1,7 +1,6 @@
 {pkgs, ...}: {
   ark = {
-    # FIXME Enable on a fresh system!
-    # files = ["/etc/machine-id"];
+    files = ["/etc/machine-id"];
     directories = ["/var/lib/systemd/coredump"];
   };
 
diff --git a/modules/nixos/common/users.nix b/modules/nixos/common/users.nix
index 400bf33..367af41 100644
--- a/modules/nixos/common/users.nix
+++ b/modules/nixos/common/users.nix
@@ -1,7 +1,8 @@
 {lib, ...}:
-with lib; {
-  # TODO Enable on a fresh system.
-  # ark.directories = [config.my.home];
+with lib; let
+  home = "/home/${my.username}";
+in {
+  ark.directories = [home];
 
   users = {
     mutableUsers = false;
@@ -13,6 +14,7 @@ with lib; {
         isNormalUser = true;
         uid = 1000;
         description = my.fullname;
+        inherit home;
         inherit (my) hashedPassword;
         openssh.authorizedKeys.keys = [my.ssh.key];
         extraGroups = ["wheel"];
diff --git a/modules/nixos/openssh.nix b/modules/nixos/openssh.nix
index 0cd44bd..9a131d7 100644
--- a/modules/nixos/openssh.nix
+++ b/modules/nixos/openssh.nix
@@ -46,7 +46,7 @@ in {
             else "ERROR";
           MaxAuthTries = 3;
           PasswordAuthentication = false;
-          PermitRootLogin = "no";
+          PermitRootLogin = mkForce "no";
         };
       };
 
diff --git a/modules/nixos/profiles/default.nix b/modules/nixos/profiles/default.nix
index 23eb455..0c78b0f 100644
--- a/modules/nixos/profiles/default.nix
+++ b/modules/nixos/profiles/default.nix
@@ -15,8 +15,7 @@ in {
   ];
 
   config = mkIf cfg.enable {
-    # FIXME Enable on a fresh system!
-    # ark.directories = ["/var/log"];
+    ark.directories = ["/var/log"];
 
     programs.less = {
       enable = true;
diff --git a/modules/nixos/profiles/headful.nix b/modules/nixos/profiles/headful.nix
index 2d37b47..ca604cb 100644
--- a/modules/nixos/profiles/headful.nix
+++ b/modules/nixos/profiles/headful.nix
@@ -33,9 +33,7 @@ in {
     };
 
     boot = {
-      # Pretty much placebo but has some nice patches for `-march=native`
-      # optimisations, P-State Zen4 support and Fsync for Wine.
-      kernelPackages = mkDefault pkgs.linuxPackages_xanmod_latest;
+      kernelPackages = mkDefault pkgs.linuxPackages_latest;
 
       # There are (arguably) not a lot of reasons to keep mitigations enabled
       # for on machine that is not web-facing. First of all, to completely

Consider giving Nix/NixOS a try! <3