From b212b16a14ea12384c4b19ad453076502855a738 Mon Sep 17 00:00:00 2001
From: Azat Bahawi <azat@bahawi.net>
Date: Thu, 27 Jun 2024 18:10:21 +0300
Subject: 2024-06-27

---
 modules/common/kernel.nix | 56 ++++++++++++++++++++---------------------------
 modules/common/nix.nix    |  3 +--
 modules/common/users.nix  |  5 ++++-
 3 files changed, 29 insertions(+), 35 deletions(-)

(limited to 'modules/common')

diff --git a/modules/common/kernel.nix b/modules/common/kernel.nix
index 5c45b5d..ddc4f62 100644
--- a/modules/common/kernel.nix
+++ b/modules/common/kernel.nix
@@ -1,38 +1,30 @@
 { lib, ... }:
 with lib;
 {
-  boot = {
-    # I don't use it even on laptops. It's also /required/ to disable it for
-    # ZFS[1].
-    # [1]: https://github.com/openzfs/zfs/issues/260
-    # [1]: https://github.com/openzfs/zfs/issues/12842
-    kernelParams = [ "hibernate=no" ];
-
-    kernel.sysctl = {
-      "fs.file-max" = pow 2 17;
-      "fs.inotify.max_user_watches" = pow 2 19;
-      "fs.suid_dumpable" = 0;
-      "kernel.core_uses_pid" = 1;
-      "kernel.exec-shield" = 1;
-      "kernel.kptr_restrict" = 1;
-      "kernel.maps_protect" = 1;
-      "kernel.msgmax" = pow 2 16;
-      "kernel.msgmnb" = pow 2 16;
-      "kernel.pid_max" = pow 2 16;
-      "kernel.randomize_va_space" = 2;
-      "kernel.shmall" = pow 2 28;
-      "kernel.shmmax" = pow 2 28;
-      "kernel.sysrq" = 0;
-      "vm.dirty_background_bytes" = pow 2 22;
-      "vm.dirty_background_ratio" = 5;
-      "vm.dirty_bytes" = pow 2 22;
-      "vm.dirty_ratio" = 30;
-      "vm.min_free_kbytes" = pow 2 16;
-      "vm.mmap_min_addr" = pow 2 12;
-      "vm.overcommit_memory" = mkDefault 0;
-      "vm.overcommit_ratio" = mkDefault 50;
-      "vm.vfs_cache_pressure" = 50;
-    };
+  boot.kernel.sysctl = {
+    "fs.file-max" = pow 2 17;
+    "fs.inotify.max_user_watches" = pow 2 19;
+    "fs.suid_dumpable" = 0;
+    "kernel.core_uses_pid" = 1;
+    "kernel.exec-shield" = 1;
+    "kernel.kptr_restrict" = 1;
+    "kernel.maps_protect" = 1;
+    "kernel.msgmax" = pow 2 16;
+    "kernel.msgmnb" = pow 2 16;
+    "kernel.pid_max" = pow 2 16;
+    "kernel.randomize_va_space" = 2;
+    "kernel.shmall" = pow 2 28;
+    "kernel.shmmax" = pow 2 28;
+    "kernel.sysrq" = 0;
+    "vm.dirty_background_bytes" = pow 2 22;
+    "vm.dirty_background_ratio" = 5;
+    "vm.dirty_bytes" = pow 2 22;
+    "vm.dirty_ratio" = 30;
+    "vm.min_free_kbytes" = pow 2 16;
+    "vm.mmap_min_addr" = pow 2 12;
+    "vm.overcommit_memory" = mkDefault 0;
+    "vm.overcommit_ratio" = mkDefault 50;
+    "vm.vfs_cache_pressure" = 50;
   };
 
   # https://docs.kernel.org/admin-guide/mm/ksm.html
diff --git a/modules/common/nix.nix b/modules/common/nix.nix
index 3342113..aad7106 100644
--- a/modules/common/nix.nix
+++ b/modules/common/nix.nix
@@ -141,7 +141,6 @@ in
       };
 
       environment = {
-        localBinInPath = true;
         defaultPackages = [ ];
         systemPackages =
           with pkgs;
@@ -150,7 +149,7 @@ in
             nixfiles
           ];
         variables = {
-          NIXFILES = "${config.my.home}/src/nixfiles";
+          NIXFILES = optionalString this.isHeadful "${config.my.home}/src/nixfiles";
           NIX_SHELL_PRESERVE_PROMPT = "1";
         };
       };
diff --git a/modules/common/users.nix b/modules/common/users.nix
index ba1a89b..b8aca28 100644
--- a/modules/common/users.nix
+++ b/modules/common/users.nix
@@ -18,7 +18,10 @@ in
     mutableUsers = false;
 
     users = {
-      root.hashedPassword = "@HASHED_PASSWORD@";
+      root = {
+        hashedPassword = null;
+        password = null;
+      };
 
       ${my.username} = {
         isNormalUser = true;
-- 
cgit v1.2.3