diff options
Diffstat (limited to 'nixos/alpha/configuration.nix')
| -rw-r--r-- | nixos/alpha/configuration.nix | 87 |
1 files changed, 39 insertions, 48 deletions
diff --git a/nixos/alpha/configuration.nix b/nixos/alpha/configuration.nix index f0fbf27..2098d1b 100644 --- a/nixos/alpha/configuration.nix +++ b/nixos/alpha/configuration.nix @@ -16,7 +16,8 @@ sudo.wheelNeedsPassword = false; }; - boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages; + # Use latest LTS kernel (https://github.com/NixOS/nixpkgs/pull/341596) + boot.kernelPackages = pkgs.linuxPackages; boot.kernelParams = [ # "nohibernate" "console=tty1" @@ -33,24 +34,16 @@ boot.zfs.forceImportAll = false; boot.zfs.allowHibernation = true; # NOTE: disable if using swap on ZFS - # GRUB bootloader - boot.loader.efi.canTouchEfiVariables = true; - boot.loader.grub = { - enable = true; - - efiSupport = true; - configurationLimit = 10; - device = "nodev"; - useOSProber = true; - copyKernels = true; - extraEntries = '' - menuentry "Reboot" { - reboot - } - menuentry "Shutdown" { - halt - } - ''; + boot.loader.systemd-boot = { + # Managed by lanzaboote + enable = false; + editor = false; + configurationLimit = 16; + # TODO: https://github.com/NixOS/nixpkgs/pull/334526 + # bootCounting.enable = true; + # bootCounting.tries = 3; + # bootCounting.enable = true; + # bootCounting.tries = 3; }; boot.initrd.postDeviceCommands = lib.mkAfter '' @@ -115,17 +108,25 @@ services.openssh.enable = true; services.openssh.settings.PasswordAuthentication = false; - services.openssh.hostKeys = [ - { - path = "/persist/ssh/ssh_host_ed25519_key"; - type = "ed25519"; - } - { - path = "/persist/ssh/ssh_host_rsa_key"; - type = "rsa"; - bits = 4096; - } - ]; + + modules = { + secure-boot.enable = true; + + persistence = { + enable = true; + storagePath = "/persist"; + setupSshHostKeys = true; + + directories = [ + "/etc/NetworkManager/system-connections" + "/var/lib/nixos" + "/var/lib/bluetooth" + "/var/lib/tailscale" + "/var/lib/libvirt" + "/etc/cups" + ]; + }; + }; sops.secrets.borg-alpha-rolling-pass = { }; services.borgbackup.jobs.alpha-rolling = { @@ -138,6 +139,7 @@ # Ephemeral user files "**/.cache" "**/.nix-profile" + "**/.config" # Rust build files "**/target" # Large, non-essential files @@ -175,8 +177,6 @@ services.openssh.knownHosts."hk-s020.rsync.net".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILcPl9x9JfRFwsn09NnDw/xBZbAN80ZQck+h6AqlVqPH"; - sound.enable = true; - services.pipewire = { enable = true; @@ -208,14 +208,6 @@ services.avahi.enable = true; services.avahi.nssmdns4 = true; - environment.persistence."/persist".directories = [ - "/etc/NetworkManager/system-connections" - "/var/lib/bluetooth" - "/var/lib/tailscale" - "/var/lib/libvirt" - "/etc/cups" - ]; - services.pcscd.enable = true; programs.dconf.enable = true; @@ -284,7 +276,8 @@ fontDir.enable = true; packages = with pkgs; [ - (nerdfonts.override { fonts = [ "Iosevka" "JetBrainsMono" ]; }) + nerd-fonts.iosevka + nerd-fonts.jetbrains-mono cozette dina-font emacs-all-the-icons-fonts @@ -342,16 +335,16 @@ remotePlay.openFirewall = true; dedicatedServer.openFirewall = true; }; - nixpkgs.allowedUnfree = [ "steam" "steam-original" "steam-run" "brgenml1lpr" ]; + nixpkgs.allowedUnfree = [ "steam" "steam-unwrapped" "brgenml1lpr" ]; + + madness.enable = true; environment.sessionVariables = { WLR_NO_HARDWARE_CURSORS = "1"; # Prevent cursors disappearing on nouveau }; - hardware.opengl.enable = true; - hardware.opengl.driSupport = true; - hardware.opengl.driSupport32Bit = true; - hardware.opengl.extraPackages = with pkgs; [ vaapiVdpau libvdpau-va-gl ]; + hardware.graphics.enable = true; + hardware.graphics.extraPackages = with pkgs; [ vaapiVdpau libvdpau-va-gl ]; xdg.portal = { enable = true; @@ -367,8 +360,6 @@ users.mutableUsers = false; - fileSystems."/persist".neededForBoot = true; - users.users = { root.hashedPasswordFile = config.sops.secrets.root-password.path; sefidel = { |