repo: declutter
This commit is contained in:
parent
c98e7e62bb
commit
4b52ac15d2
41 changed files with 174 additions and 169 deletions
106
flake.nix
106
flake.nix
|
@ -9,6 +9,10 @@
|
|||
url = "github:berberman/flakes";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
disko = {
|
||||
url = "github:nix-community/disko";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
home-manager = {
|
||||
url = "github:nix-community/home-manager";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
|
@ -21,6 +25,9 @@
|
|||
url = "github:hyprwm/Hyprland";
|
||||
inputs.nixpkgs.follows = "nixpkgs"; # MESA/OpenGL HW workaround
|
||||
};
|
||||
impermanence = {
|
||||
url = "github:nix-community/impermanence";
|
||||
};
|
||||
lanzaboote = {
|
||||
url = "github:nix-community/lanzaboote";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
|
@ -29,6 +36,12 @@
|
|||
url = "github:LnL7/nix-darwin";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
sops-nix = {
|
||||
url = "github:Mic92/sops-nix";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
|
||||
# TODO: Unused
|
||||
#nixos-hardware = {
|
||||
# url = "github:NixOS/nixos-hardware/master";
|
||||
# #inputs.nixpkgs.follows = "nixpkgs";
|
||||
|
@ -37,17 +50,6 @@
|
|||
# url = "github:nixpak/nixpak";
|
||||
# inputs.nixpkgs.follows = "nixpkgs";
|
||||
#};
|
||||
sops-nix = {
|
||||
url = "github:Mic92/sops-nix";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
disko = {
|
||||
url = "github:nix-community/disko";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
impermanence = {
|
||||
url = "github:nix-community/impermanence";
|
||||
};
|
||||
|
||||
## Non-Flake
|
||||
### Color scheme files
|
||||
|
@ -66,29 +68,61 @@
|
|||
outputs = { self,
|
||||
nixpkgs,
|
||||
berberman,
|
||||
disko,
|
||||
home-manager,
|
||||
hosts,
|
||||
hyprland,
|
||||
lanzaboote,
|
||||
nix-darwin,
|
||||
sops-nix,
|
||||
disko,
|
||||
impermanence,
|
||||
tokyonight,
|
||||
metacubexd,
|
||||
... } @ inputs: {
|
||||
|
||||
# nix-darwin (macOS)
|
||||
### NixOS
|
||||
nixosConfigurations = {
|
||||
"81FW-NixOS" = nixpkgs.lib.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
specialArgs = { inherit inputs; };
|
||||
modules = [
|
||||
./nixos # Entrypoint
|
||||
./machines/nixos/81fw-lenovo-legion-y7000 # Hardware-specific configurations
|
||||
./machines/nixos/81fw-lenovo-legion-y7000/machine-1 # Machine-specific configurations
|
||||
|
||||
./users/guanranwang/nixos.nix # Home Manager entrypoint (user-specific)
|
||||
|
||||
{ networking.hostName = "81FW-NixOS"; } # Hostname
|
||||
];
|
||||
};
|
||||
|
||||
## Currently un-used.
|
||||
"iMac-NixOS" = nixpkgs.lib.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
specialArgs = { inherit inputs; };
|
||||
modules = [
|
||||
./nixos
|
||||
./machines/nixos/imac-2017
|
||||
./machines/nixos/imac-2017/machine-1
|
||||
|
||||
./users/guanranwang/nixos.nix
|
||||
|
||||
{ networking.hostName = "iMac-NixOS"; }
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
### nix-darwin (macOS)
|
||||
darwinConfigurations = {
|
||||
"iMac-macOS" = nix-darwin.lib.darwinSystem {
|
||||
system = "x86_64-darwin";
|
||||
specialArgs = { inherit inputs; };
|
||||
modules = [
|
||||
./darwin # Entrypoint
|
||||
./machines/darwin/imac-2017 # Hardware-specific configurations
|
||||
# Machine-specific configurations (does such stuff even exist on nix-darwin)
|
||||
./users/guanranwang/darwin.nix # User-specific configurations
|
||||
# Flakes
|
||||
./darwin
|
||||
./machines/darwin/imac-2017
|
||||
|
||||
./users/guanranwang/darwin.nix
|
||||
|
||||
{ networking.hostName = "iMac-macOS"; }
|
||||
];
|
||||
|
@ -96,45 +130,14 @@
|
|||
};
|
||||
|
||||
|
||||
# NixOS
|
||||
nixosConfigurations = {
|
||||
"81fw-nixos" = nixpkgs.lib.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
specialArgs = { inherit inputs; };
|
||||
modules = [
|
||||
./nixos # Entrypoint
|
||||
./machines/nixos/81fw-lenovo-legion-y7000 # Hardware-specific configurations
|
||||
./machines/nixos/81fw-lenovo-legion-y7000/machine-1 # Machine-specific configurations
|
||||
./users/guanranwang/nixos.nix # User-specific configurations
|
||||
|
||||
{ networking.hostName = "81fw-nixos"; }
|
||||
];
|
||||
};
|
||||
|
||||
## Currently un-used.
|
||||
"imac-nixos" = nixpkgs.lib.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
specialArgs = { inherit inputs; };
|
||||
modules = [
|
||||
./nixos
|
||||
./machines/nixos/imac-2017
|
||||
./machines/nixos/imac-2017/machine-1
|
||||
./users/guanranwang/nixos.nix
|
||||
|
||||
{ networking.hostName = "imac-nixos"; }
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
# Home-Manager
|
||||
### Home-Manager
|
||||
# TODO: Actually figure out how this works
|
||||
homeConfigurations = {
|
||||
"guanranwang@81fw-nixos" = home-manager.lib.homeManagerConfiguration {
|
||||
pkgs = nixpkgs.legacyPackages.x86_64-linux;
|
||||
extraSpecialArgs = { inherit inputs; };
|
||||
modules = [
|
||||
sops-nix.homeManagerModules.sops
|
||||
|
||||
hyprland.homeManagerModules.default
|
||||
{
|
||||
wayland.windowManager.hyprland = {
|
||||
|
@ -153,7 +156,6 @@
|
|||
extraSpecialArgs = { inherit inputs; };
|
||||
modules = [
|
||||
sops-nix.homeManagerModules.sops
|
||||
|
||||
hyprland.homeManagerModules.default
|
||||
{
|
||||
wayland.windowManager.hyprland = {
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ disks ? [ "/dev/vdb" ], inputs, ... }:
|
||||
{ inputs, disks ? [ "/dev/vdb" ], ... }:
|
||||
|
||||
{
|
||||
imports = [ inputs.disko.nixosModules.disko ];
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
{ pkgs, lib, inputs, ... }:
|
||||
{ inputs, pkgs, ... }:
|
||||
|
||||
{
|
||||
imports = [ inputs.lanzaboote.nixosModules.lanzaboote ];
|
||||
|
||||
environment.systemPackages = with pkgs; [ sbctl ];
|
||||
boot.loader.systemd-boot.enable = lib.mkForce false;
|
||||
boot.loader.systemd-boot.enable = false;
|
||||
boot.lanzaboote = {
|
||||
enable = true;
|
||||
pkiBundle = "/etc/secureboot";
|
||||
|
|
|
@ -3,5 +3,6 @@
|
|||
{
|
||||
imports = [
|
||||
./hardware.nix
|
||||
../../../nixos/presets/desktop.nix
|
||||
];
|
||||
}
|
|
@ -5,6 +5,7 @@
|
|||
../hardware/misc/audio.nix
|
||||
../hardware/misc/bluetooth.nix
|
||||
../hardware/misc/opengl.nix
|
||||
../hardware/misc/tpm.nix
|
||||
../hardware/cpu/intel.nix
|
||||
../hardware/gpu/intel.nix
|
||||
../hardware/gpu/nvidia.nix
|
||||
|
|
|
@ -11,12 +11,12 @@
|
|||
(modulesPath + "/installer/scan/not-detected.nix") # what is this
|
||||
];
|
||||
|
||||
# from nixos-hardware
|
||||
boot.kernelParams = [ "hid_apple.iso_layout=0" ];
|
||||
hardware.facetimehd.enable = true; # cam already works before adding this, not sure what is the point
|
||||
|
||||
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" "sdhci_pci" ];
|
||||
|
||||
# Options from github:NixOS/nixos-hardware
|
||||
boot.kernelParams = [ "hid_apple.iso_layout=0" ];
|
||||
hardware.facetimehd.enable = true; # TODO: Camera already works before adding this, not sure what is the point...
|
||||
|
||||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||
# still possible to use this option, but it's recommended to use it in conjunction
|
||||
|
|
|
@ -7,7 +7,9 @@
|
|||
loader = {
|
||||
efi.canTouchEfiVariables = true;
|
||||
systemd-boot = {
|
||||
enable = lib.mkDefault true; # use lanzaboote instead for secureboot
|
||||
enable = lib.mkDefault true; # mkDefault for Lanzaboote
|
||||
editor = false; # Disabled for security
|
||||
### Utilities
|
||||
#netbootxyz.enable = true;
|
||||
#memtest86.enable = true;
|
||||
};
|
||||
|
|
|
@ -4,5 +4,7 @@
|
|||
imports = [
|
||||
./boot.nix
|
||||
./kernel.nix
|
||||
./plymouth.nix
|
||||
./sysctl.nix
|
||||
];
|
||||
}
|
|
@ -1,10 +1,9 @@
|
|||
{ pkgs, ... }:
|
||||
|
||||
{
|
||||
# NOTE: secureboot enabled in flake.nix
|
||||
boot = {
|
||||
#kernelPackages = pkgs.linuxPackages_latest; # latest kernel
|
||||
kernelPackages = pkgs.linuxPackages_zen; # zen kernel, often outdated
|
||||
#kernelPackages = pkgs.linuxKernel.Packages.linux_6_1;
|
||||
#kernelPackages = pkgs.linuxPackages_latest; # latest linux kernel
|
||||
kernelPackages = pkgs.linuxPackages_zen; # latest linux-zen kernel
|
||||
#kernelPackages = pkgs.linuxKernel.Packages.linux_6_1; # linux 6.1 LTS kernel
|
||||
};
|
||||
}
|
||||
|
|
5
nixos/boot/plymouth.nix
Normal file
5
nixos/boot/plymouth.nix
Normal file
|
@ -0,0 +1,5 @@
|
|||
{ lib, ... }:
|
||||
|
||||
{
|
||||
boot.plymouth.enable = lib.mkDefault true; # mkDefault for headless devices, check out server.nix
|
||||
}
|
|
@ -8,7 +8,6 @@
|
|||
./nix
|
||||
./packages
|
||||
./power-management
|
||||
./security
|
||||
#./specialisation # dont actually use this
|
||||
./users
|
||||
];
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
{ ... }:
|
||||
|
||||
# Internationalisation settings
|
||||
# IME settings are at /etc/nixos/modules/graphical/input.nix
|
||||
# Internationalisation configurations
|
||||
# Use Home Manager for IME configurations
|
||||
{
|
||||
i18n = {
|
||||
defaultLocale = "en_US.UTF-8";
|
||||
|
@ -27,4 +27,6 @@
|
|||
# keyMap = "us";
|
||||
# useXkbConfig = true; # use xkbOptions in tty.
|
||||
# };
|
||||
|
||||
services.xserver.layout = "us"; # keymap in x11
|
||||
}
|
|
@ -6,7 +6,6 @@
|
|||
./network-manager
|
||||
|
||||
./dhcp.nix
|
||||
./dns
|
||||
./firewall.nix
|
||||
./proxy.nix
|
||||
./timezone.nix
|
||||
|
|
|
@ -3,6 +3,6 @@
|
|||
{
|
||||
imports = [
|
||||
./dns.nix
|
||||
#./systemd-resolved.nix
|
||||
#./systemd-resolved.nix # Returns NXDOMAIN in China Mainland, will investegate...
|
||||
];
|
||||
}
|
|
@ -7,6 +7,6 @@
|
|||
dnssec = "true";
|
||||
domains = [ "~." ];
|
||||
fallbackDns = [ "8.8.8.8#dns.google" "8.8.4.4#dns.google" "2001:4860:4860::8888#dns.google" "2001:4860:4860::8844#dns.google" ];
|
||||
#extraConfig = "DNSOverTLS=yes"; # broken as well
|
||||
extraConfig = "DNSOverTLS=yes";
|
||||
};
|
||||
}
|
|
@ -1,6 +1,10 @@
|
|||
{ ... }:
|
||||
|
||||
{
|
||||
nix.settings.experimental-features = [ "nix-command" "flakes" ]; # enable flakes
|
||||
programs.command-not-found.enable = false; # Unavailable in Flakes build
|
||||
# Enable Flakes
|
||||
nix.settings.experimental-features = [ "nix-command" "flakes" ];
|
||||
|
||||
# Does not work with Flake based configurations
|
||||
system.copySystemConfiguration = false;
|
||||
programs.command-not-found.enable = false;
|
||||
}
|
||||
|
|
|
@ -2,10 +2,10 @@
|
|||
|
||||
{
|
||||
nix = {
|
||||
# hard linking
|
||||
### Auto hard linking
|
||||
settings.auto-optimise-store = true;
|
||||
|
||||
# auto delete older NixOS builds
|
||||
### Automatically delete older NixOS builds
|
||||
gc = {
|
||||
automatic = true;
|
||||
dates = "weekly";
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ ... }:
|
||||
{ lib, ... }:
|
||||
|
||||
{
|
||||
nix.settings = {
|
||||
|
@ -29,15 +29,13 @@
|
|||
nixos.enable = false;
|
||||
};
|
||||
|
||||
#nix.useSandbox = false;
|
||||
|
||||
system = {
|
||||
# Copy the NixOS configuration file and link it from the resulting system
|
||||
# (/run/current-system/configuration.nix). This is useful in case you
|
||||
# accidentally delete configuration.nix.
|
||||
|
||||
# Does not work with flake based configurations
|
||||
#copySystemConfiguration = true;
|
||||
copySystemConfiguration = lib.mkDefault true;
|
||||
|
||||
|
||||
# This value determines the NixOS release from which the default
|
||||
|
|
|
@ -2,9 +2,8 @@
|
|||
|
||||
{
|
||||
imports = [
|
||||
./core.nix
|
||||
./hardware.nix
|
||||
./graphical
|
||||
|
||||
./overlays
|
||||
./unfree
|
||||
];
|
||||
|
|
|
@ -6,7 +6,9 @@
|
|||
|
||||
#./flatpak.nix
|
||||
./fonts.nix
|
||||
./gnome-keyring.nix
|
||||
./graphical.nix
|
||||
./polkit.nix
|
||||
./xdg.nix
|
||||
];
|
||||
}
|
||||
|
|
|
@ -2,7 +2,6 @@
|
|||
|
||||
{
|
||||
services.xserver = {
|
||||
layout = "us"; # keymap in x11
|
||||
libinput = {
|
||||
enable = true;
|
||||
touchpad = {
|
||||
|
@ -18,7 +17,7 @@
|
|||
};
|
||||
};
|
||||
|
||||
# Removes debounce time
|
||||
### Removes debounce time
|
||||
# https://www.reddit.com/r/linux_gaming/comments/ku6gth
|
||||
environment.etc."libinput/local-overrides.quirks".text = ''
|
||||
[Never Debounce]
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
{ ... }:
|
||||
|
||||
{
|
||||
programs.xwayland.enable = true;
|
||||
hardware.nvidia.nvidiaSettings = false; # nvidia settings menu, wont do anything on wayland
|
||||
programs.xwayland.enable = true; # enable XWayland
|
||||
hardware.nvidia.nvidiaSettings = false; # NVIDIA settings menu, wont do anything on wayland
|
||||
environment.sessionVariables = {
|
||||
"NIXOS_OZONE_WL" = "1"; # let electron applications use wayland
|
||||
};
|
||||
|
|
|
@ -29,6 +29,6 @@
|
|||
monospace = [ "JetBrainsMono Nerd Font" "JetBrains Mono" "FiraCode Nerd Font" "Fira Code" "Noto Sans Mono" ];
|
||||
};
|
||||
};
|
||||
# fontconfig is too limited here, use `$HOME/.config/fontconfig/fonts.conf` instead
|
||||
# fontconfig is too limited here, and appling it globally is **bad**, use Home Manager instead
|
||||
};
|
||||
}
|
||||
|
|
12
nixos/packages/graphical/gnome-keyring.nix
Normal file
12
nixos/packages/graphical/gnome-keyring.nix
Normal file
|
@ -0,0 +1,12 @@
|
|||
{ pkgs, ... }:
|
||||
|
||||
{
|
||||
# gnome keyring
|
||||
services.gnome.gnome-keyring.enable = true;
|
||||
programs.seahorse.enable = true;
|
||||
security.pam.services."gnome-keyring".text = ''
|
||||
auth optional ${pkgs.gnome.gnome-keyring}/lib/security/pam_gnome_keyring.so
|
||||
session optional ${pkgs.gnome.gnome-keyring}/lib/security/pam_gnome_keyring.so auto_start
|
||||
password optional ${pkgs.gnome.gnome-keyring}/lib/security/pam_gnome_keyring.so
|
||||
'';
|
||||
}
|
|
@ -1,8 +1,6 @@
|
|||
{ pkgs, ... }:
|
||||
|
||||
{
|
||||
boot.plymouth.enable = true;
|
||||
security.polkit.enable = true;
|
||||
services = {
|
||||
# GNOME applications
|
||||
gvfs.enable = true; # nautilus
|
||||
|
@ -25,10 +23,5 @@
|
|||
end = "${pkgs.libnotify}/bin/notify-send 'GameMode Deactivated' 'GameMode Deactivated. Back to normal mode. ⏹️'";
|
||||
};
|
||||
};
|
||||
clash-verge = {
|
||||
#enable = true;
|
||||
autoStart = true; # not working at all, edit: works on gnome
|
||||
tunMode = true;
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,6 +1,7 @@
|
|||
{ pkgs, ... }:
|
||||
|
||||
{
|
||||
security.polkit.enable = true;
|
||||
environment.systemPackages = with pkgs; [ polkit_gnome ];
|
||||
|
||||
# polkit_gnome autostart for wms
|
|
@ -2,10 +2,7 @@
|
|||
|
||||
{
|
||||
hardware = {
|
||||
# Enable redistriutable firmware
|
||||
enableRedistributableFirmware = true;
|
||||
|
||||
# Enable all firmware
|
||||
#enableAllFirmware = true;
|
||||
};
|
||||
|
||||
|
|
|
@ -1 +0,0 @@
|
|||
# no i dont actually own a server
|
|
@ -10,15 +10,15 @@
|
|||
"facetimehd-firmware" # ../hardware/hardwares/imac-2017.nix
|
||||
|
||||
# flatpak-able
|
||||
"discord"
|
||||
"google-chrome"
|
||||
"lunar-client"
|
||||
"osu-lazer-bin"
|
||||
"osu-lazer-bin-2023.1008.0" # what?
|
||||
"spotify"
|
||||
"steam"
|
||||
"steam-original"
|
||||
"microsoft-edge-stable"
|
||||
"qq"
|
||||
#"discord"
|
||||
#"google-chrome"
|
||||
#"lunar-client"
|
||||
#"microsoft-edge-stable"
|
||||
#"qq"
|
||||
];
|
||||
}
|
||||
|
|
|
@ -4,7 +4,7 @@
|
|||
imports = [
|
||||
./cpu-governor.nix
|
||||
./system76-scheduler.nix
|
||||
#./tlp.nix # ] conflicts
|
||||
#./tlp.nix # ] Conflicts with each other, only choose one
|
||||
./power-profiles-daemon.nix # ]
|
||||
];
|
||||
}
|
|
@ -1,9 +1,17 @@
|
|||
{ config, ... }:
|
||||
|
||||
# Imported by default, check out ./desktop.nix or ./server.nix
|
||||
{
|
||||
# Installed packages (System wide)
|
||||
environment = {
|
||||
defaultPackages = [];
|
||||
#defaultPackages = [];
|
||||
};
|
||||
|
||||
users.mutableUsers = false;
|
||||
environment.etc.machine-id.text = "b08dfa6083e7567a1921a715000001fb"; # whonix id
|
||||
security = {
|
||||
apparmor.enable = true;
|
||||
sudo.execWheelOnly = true;
|
||||
};
|
||||
|
||||
# Programs
|
||||
|
@ -25,9 +33,18 @@
|
|||
NixOS ${config.system.nixos.label} ${config.system.nixos.codeName} (\m) - \l
|
||||
--my-next-gpu-wont-be-nvidia
|
||||
'';
|
||||
|
||||
openssh = {
|
||||
enable = true;
|
||||
settings = {
|
||||
PermitRootLogin = "no";
|
||||
PasswordAuthentication = false;
|
||||
};
|
||||
};
|
||||
|
||||
#cron.enable = true;
|
||||
#dbus.enable = true;
|
||||
openssh.enable = true;
|
||||
|
||||
# BTRFS De-Dupe
|
||||
# bruh how to make it not a background job
|
||||
# i want to run it manually
|
8
nixos/presets/desktop.nix
Normal file
8
nixos/presets/desktop.nix
Normal file
|
@ -0,0 +1,8 @@
|
|||
{ ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
./core.nix
|
||||
../packages/graphical
|
||||
];
|
||||
}
|
9
nixos/presets/server.nix
Executable file
9
nixos/presets/server.nix
Executable file
|
@ -0,0 +1,9 @@
|
|||
{ ... }:
|
||||
|
||||
# no i dont actually own a server
|
||||
{
|
||||
imports = [
|
||||
./core.nix
|
||||
];
|
||||
boot.plymouth.enable = false;
|
||||
}
|
|
@ -1,13 +0,0 @@
|
|||
{ ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
./security.nix
|
||||
|
||||
./gnome-keyring.nix
|
||||
./machine-id.nix
|
||||
./polkit.nix
|
||||
./sysctl.nix
|
||||
./tpm.nix
|
||||
];
|
||||
}
|
|
@ -1,11 +0,0 @@
|
|||
{ pkgs, ... }:
|
||||
|
||||
{
|
||||
# gnome keyring
|
||||
services.gnome.gnome-keyring.enable = true;
|
||||
security.pam.services."gnome-keyring".text = ''
|
||||
auth optional ${pkgs.gnome.gnome-keyring}/lib/security/pam_gnome_keyring.so
|
||||
session optional ${pkgs.gnome.gnome-keyring}/lib/security/pam_gnome_keyring.so auto_start
|
||||
password optional ${pkgs.gnome.gnome-keyring}/lib/security/pam_gnome_keyring.so
|
||||
'';
|
||||
}
|
|
@ -1,6 +0,0 @@
|
|||
{ ... }:
|
||||
|
||||
{
|
||||
# whonix id
|
||||
environment.etc.machine-id.text = "b08dfa6083e7567a1921a715000001fb";
|
||||
}
|
|
@ -1,15 +0,0 @@
|
|||
{ ... }:
|
||||
|
||||
{
|
||||
security = {
|
||||
apparmor.enable = true;
|
||||
sudo.execWheelOnly = true;
|
||||
};
|
||||
|
||||
boot.loader.systemd-boot.editor = false;
|
||||
|
||||
services.openssh.settings = {
|
||||
PermitRootLogin = "no";
|
||||
PasswordAuthentication = false;
|
||||
};
|
||||
}
|
|
@ -1,5 +1,5 @@
|
|||
{ ... }:
|
||||
|
||||
{
|
||||
users.mutableUsers = false;
|
||||
|
||||
}
|
Loading…
Reference in a new issue