diff options
| author | Azat Bahawi <azat@bahawi.net> | 2023-02-02 00:49:21 +0300 |
|---|---|---|
| committer | Azat Bahawi <azat@bahawi.net> | 2023-02-02 00:49:21 +0300 |
| commit | 89399796d0b91e7904ce67de04bd2f60f0d93b5b (patch) | |
| tree | 06d47b2ccc861fe8188cdb96910e651802ae06cc /modules | |
| parent | 2023-01-30 (diff) | |
2023-02-02
Diffstat (limited to '')
| -rw-r--r-- | modules/nixos/common/systemd.nix | 3 | ||||
| -rw-r--r-- | modules/nixos/common/users.nix | 8 | ||||
| -rw-r--r-- | modules/nixos/openssh.nix | 2 | ||||
| -rw-r--r-- | modules/nixos/profiles/default.nix | 3 | ||||
| -rw-r--r-- | modules/nixos/profiles/headful.nix | 4 |
5 files changed, 9 insertions, 11 deletions
diff --git a/modules/nixos/common/systemd.nix b/modules/nixos/common/systemd.nix index c1b2539..29020a0 100644 --- a/modules/nixos/common/systemd.nix +++ b/modules/nixos/common/systemd.nix @@ -1,7 +1,6 @@ {pkgs, ...}: { ark = { - # FIXME Enable on a fresh system! - # files = ["/etc/machine-id"]; + files = ["/etc/machine-id"]; directories = ["/var/lib/systemd/coredump"]; }; diff --git a/modules/nixos/common/users.nix b/modules/nixos/common/users.nix index 400bf33..367af41 100644 --- a/modules/nixos/common/users.nix +++ b/modules/nixos/common/users.nix @@ -1,7 +1,8 @@ {lib, ...}: -with lib; { - # TODO Enable on a fresh system. - # ark.directories = [config.my.home]; +with lib; let + home = "/home/${my.username}"; +in { + ark.directories = [home]; users = { mutableUsers = false; @@ -13,6 +14,7 @@ with lib; { isNormalUser = true; uid = 1000; description = my.fullname; + inherit home; inherit (my) hashedPassword; openssh.authorizedKeys.keys = [my.ssh.key]; extraGroups = ["wheel"]; diff --git a/modules/nixos/openssh.nix b/modules/nixos/openssh.nix index 0cd44bd..9a131d7 100644 --- a/modules/nixos/openssh.nix +++ b/modules/nixos/openssh.nix @@ -46,7 +46,7 @@ in { else "ERROR"; MaxAuthTries = 3; PasswordAuthentication = false; - PermitRootLogin = "no"; + PermitRootLogin = mkForce "no"; }; }; diff --git a/modules/nixos/profiles/default.nix b/modules/nixos/profiles/default.nix index 23eb455..0c78b0f 100644 --- a/modules/nixos/profiles/default.nix +++ b/modules/nixos/profiles/default.nix @@ -15,8 +15,7 @@ in { ]; config = mkIf cfg.enable { - # FIXME Enable on a fresh system! - # ark.directories = ["/var/log"]; + ark.directories = ["/var/log"]; programs.less = { enable = true; diff --git a/modules/nixos/profiles/headful.nix b/modules/nixos/profiles/headful.nix index 2d37b47..ca604cb 100644 --- a/modules/nixos/profiles/headful.nix +++ b/modules/nixos/profiles/headful.nix @@ -33,9 +33,7 @@ in { }; boot = { - # Pretty much placebo but has some nice patches for `-march=native` - # optimisations, P-State Zen4 support and Fsync for Wine. - kernelPackages = mkDefault pkgs.linuxPackages_xanmod_latest; + kernelPackages = mkDefault pkgs.linuxPackages_latest; # There are (arguably) not a lot of reasons to keep mitigations enabled # for on machine that is not web-facing. First of all, to completely |