From 89399796d0b91e7904ce67de04bd2f60f0d93b5b Mon Sep 17 00:00:00 2001 From: Azat Bahawi Date: Thu, 2 Feb 2023 00:49:21 +0300 Subject: 2023-02-02 --- modules/nixos/common/systemd.nix | 3 +-- modules/nixos/common/users.nix | 8 +++++--- modules/nixos/openssh.nix | 2 +- modules/nixos/profiles/default.nix | 3 +-- modules/nixos/profiles/headful.nix | 4 +--- 5 files changed, 9 insertions(+), 11 deletions(-) (limited to 'modules') diff --git a/modules/nixos/common/systemd.nix b/modules/nixos/common/systemd.nix index c1b2539..29020a0 100644 --- a/modules/nixos/common/systemd.nix +++ b/modules/nixos/common/systemd.nix @@ -1,7 +1,6 @@ {pkgs, ...}: { ark = { - # FIXME Enable on a fresh system! - # files = ["/etc/machine-id"]; + files = ["/etc/machine-id"]; directories = ["/var/lib/systemd/coredump"]; }; diff --git a/modules/nixos/common/users.nix b/modules/nixos/common/users.nix index 400bf33..367af41 100644 --- a/modules/nixos/common/users.nix +++ b/modules/nixos/common/users.nix @@ -1,7 +1,8 @@ {lib, ...}: -with lib; { - # TODO Enable on a fresh system. - # ark.directories = [config.my.home]; +with lib; let + home = "/home/${my.username}"; +in { + ark.directories = [home]; users = { mutableUsers = false; @@ -13,6 +14,7 @@ with lib; { isNormalUser = true; uid = 1000; description = my.fullname; + inherit home; inherit (my) hashedPassword; openssh.authorizedKeys.keys = [my.ssh.key]; extraGroups = ["wheel"]; diff --git a/modules/nixos/openssh.nix b/modules/nixos/openssh.nix index 0cd44bd..9a131d7 100644 --- a/modules/nixos/openssh.nix +++ b/modules/nixos/openssh.nix @@ -46,7 +46,7 @@ in { else "ERROR"; MaxAuthTries = 3; PasswordAuthentication = false; - PermitRootLogin = "no"; + PermitRootLogin = mkForce "no"; }; }; diff --git a/modules/nixos/profiles/default.nix b/modules/nixos/profiles/default.nix index 23eb455..0c78b0f 100644 --- a/modules/nixos/profiles/default.nix +++ b/modules/nixos/profiles/default.nix @@ -15,8 +15,7 @@ in { ]; config = mkIf cfg.enable { - # FIXME Enable on a fresh system! - # ark.directories = ["/var/log"]; + ark.directories = ["/var/log"]; programs.less = { enable = true; diff --git a/modules/nixos/profiles/headful.nix b/modules/nixos/profiles/headful.nix index 2d37b47..ca604cb 100644 --- a/modules/nixos/profiles/headful.nix +++ b/modules/nixos/profiles/headful.nix @@ -33,9 +33,7 @@ in { }; boot = { - # Pretty much placebo but has some nice patches for `-march=native` - # optimisations, P-State Zen4 support and Fsync for Wine. - kernelPackages = mkDefault pkgs.linuxPackages_xanmod_latest; + kernelPackages = mkDefault pkgs.linuxPackages_latest; # There are (arguably) not a lot of reasons to keep mitigations enabled # for on machine that is not web-facing. First of all, to completely -- cgit 1.4.1