From 89399796d0b91e7904ce67de04bd2f60f0d93b5b Mon Sep 17 00:00:00 2001
From: Azat Bahawi <azat@bahawi.net>
Date: Thu, 2 Feb 2023 00:49:21 +0300
Subject: 2023-02-02

---
 modules/nixos/common/systemd.nix   | 3 +--
 modules/nixos/common/users.nix     | 8 +++++---
 modules/nixos/openssh.nix          | 2 +-
 modules/nixos/profiles/default.nix | 3 +--
 modules/nixos/profiles/headful.nix | 4 +---
 5 files changed, 9 insertions(+), 11 deletions(-)

(limited to 'modules')

diff --git a/modules/nixos/common/systemd.nix b/modules/nixos/common/systemd.nix
index c1b2539..29020a0 100644
--- a/modules/nixos/common/systemd.nix
+++ b/modules/nixos/common/systemd.nix
@@ -1,7 +1,6 @@
 {pkgs, ...}: {
   ark = {
-    # FIXME Enable on a fresh system!
-    # files = ["/etc/machine-id"];
+    files = ["/etc/machine-id"];
     directories = ["/var/lib/systemd/coredump"];
   };
 
diff --git a/modules/nixos/common/users.nix b/modules/nixos/common/users.nix
index 400bf33..367af41 100644
--- a/modules/nixos/common/users.nix
+++ b/modules/nixos/common/users.nix
@@ -1,7 +1,8 @@
 {lib, ...}:
-with lib; {
-  # TODO Enable on a fresh system.
-  # ark.directories = [config.my.home];
+with lib; let
+  home = "/home/${my.username}";
+in {
+  ark.directories = [home];
 
   users = {
     mutableUsers = false;
@@ -13,6 +14,7 @@ with lib; {
         isNormalUser = true;
         uid = 1000;
         description = my.fullname;
+        inherit home;
         inherit (my) hashedPassword;
         openssh.authorizedKeys.keys = [my.ssh.key];
         extraGroups = ["wheel"];
diff --git a/modules/nixos/openssh.nix b/modules/nixos/openssh.nix
index 0cd44bd..9a131d7 100644
--- a/modules/nixos/openssh.nix
+++ b/modules/nixos/openssh.nix
@@ -46,7 +46,7 @@ in {
             else "ERROR";
           MaxAuthTries = 3;
           PasswordAuthentication = false;
-          PermitRootLogin = "no";
+          PermitRootLogin = mkForce "no";
         };
       };
 
diff --git a/modules/nixos/profiles/default.nix b/modules/nixos/profiles/default.nix
index 23eb455..0c78b0f 100644
--- a/modules/nixos/profiles/default.nix
+++ b/modules/nixos/profiles/default.nix
@@ -15,8 +15,7 @@ in {
   ];
 
   config = mkIf cfg.enable {
-    # FIXME Enable on a fresh system!
-    # ark.directories = ["/var/log"];
+    ark.directories = ["/var/log"];
 
     programs.less = {
       enable = true;
diff --git a/modules/nixos/profiles/headful.nix b/modules/nixos/profiles/headful.nix
index 2d37b47..ca604cb 100644
--- a/modules/nixos/profiles/headful.nix
+++ b/modules/nixos/profiles/headful.nix
@@ -33,9 +33,7 @@ in {
     };
 
     boot = {
-      # Pretty much placebo but has some nice patches for `-march=native`
-      # optimisations, P-State Zen4 support and Fsync for Wine.
-      kernelPackages = mkDefault pkgs.linuxPackages_xanmod_latest;
+      kernelPackages = mkDefault pkgs.linuxPackages_latest;
 
       # There are (arguably) not a lot of reasons to keep mitigations enabled
       # for on machine that is not web-facing. First of all, to completely
-- 
cgit v1.2.3