diff options
Diffstat (limited to 'nixos/alpha')
| -rw-r--r-- | nixos/alpha/configuration.nix | 78 | ||||
| -rw-r--r-- | nixos/alpha/hardware-configuration.nix | 1 |
2 files changed, 34 insertions, 45 deletions
diff --git a/nixos/alpha/configuration.nix b/nixos/alpha/configuration.nix index f0fbf27..033438f 100644 --- a/nixos/alpha/configuration.nix +++ b/nixos/alpha/configuration.nix @@ -33,24 +33,16 @@ boot.zfs.forceImportAll = false; boot.zfs.allowHibernation = true; # NOTE: disable if using swap on ZFS - # GRUB bootloader - boot.loader.efi.canTouchEfiVariables = true; - boot.loader.grub = { - enable = true; - - efiSupport = true; - configurationLimit = 10; - device = "nodev"; - useOSProber = true; - copyKernels = true; - extraEntries = '' - menuentry "Reboot" { - reboot - } - menuentry "Shutdown" { - halt - } - ''; + boot.loader.systemd-boot = { + # Managed by lanzaboote + enable = false; + editor = false; + configurationLimit = 16; + # TODO: https://github.com/NixOS/nixpkgs/pull/334526 + # bootCounting.enable = true; + # bootCounting.tries = 3; + # bootCounting.enable = true; + # bootCounting.tries = 3; }; boot.initrd.postDeviceCommands = lib.mkAfter '' @@ -115,17 +107,25 @@ services.openssh.enable = true; services.openssh.settings.PasswordAuthentication = false; - services.openssh.hostKeys = [ - { - path = "/persist/ssh/ssh_host_ed25519_key"; - type = "ed25519"; - } - { - path = "/persist/ssh/ssh_host_rsa_key"; - type = "rsa"; - bits = 4096; - } - ]; + + modules = { + secure-boot.enable = true; + + persistence = { + enable = true; + storagePath = "/persist"; + setupSshHostKeys = true; + + directories = [ + "/etc/NetworkManager/system-connections" + "/var/lib/nixos" + "/var/lib/bluetooth" + "/var/lib/tailscale" + "/var/lib/libvirt" + "/etc/cups" + ]; + }; + }; sops.secrets.borg-alpha-rolling-pass = { }; services.borgbackup.jobs.alpha-rolling = { @@ -175,8 +175,6 @@ services.openssh.knownHosts."hk-s020.rsync.net".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILcPl9x9JfRFwsn09NnDw/xBZbAN80ZQck+h6AqlVqPH"; - sound.enable = true; - services.pipewire = { enable = true; @@ -208,14 +206,6 @@ services.avahi.enable = true; services.avahi.nssmdns4 = true; - environment.persistence."/persist".directories = [ - "/etc/NetworkManager/system-connections" - "/var/lib/bluetooth" - "/var/lib/tailscale" - "/var/lib/libvirt" - "/etc/cups" - ]; - services.pcscd.enable = true; programs.dconf.enable = true; @@ -344,14 +334,14 @@ }; nixpkgs.allowedUnfree = [ "steam" "steam-original" "steam-run" "brgenml1lpr" ]; + madness.enable = true; + environment.sessionVariables = { WLR_NO_HARDWARE_CURSORS = "1"; # Prevent cursors disappearing on nouveau }; - hardware.opengl.enable = true; - hardware.opengl.driSupport = true; - hardware.opengl.driSupport32Bit = true; - hardware.opengl.extraPackages = with pkgs; [ vaapiVdpau libvdpau-va-gl ]; + hardware.graphics.enable = true; + hardware.graphics.extraPackages = with pkgs; [ vaapiVdpau libvdpau-va-gl ]; xdg.portal = { enable = true; @@ -367,8 +357,6 @@ users.mutableUsers = false; - fileSystems."/persist".neededForBoot = true; - users.users = { root.hashedPasswordFile = config.sops.secrets.root-password.path; sefidel = { diff --git a/nixos/alpha/hardware-configuration.nix b/nixos/alpha/hardware-configuration.nix index 5ec5d86..8c40065 100644 --- a/nixos/alpha/hardware-configuration.nix +++ b/nixos/alpha/hardware-configuration.nix @@ -21,6 +21,7 @@ fileSystems."/boot" = { device = "/dev/disk/by-uuid/12CE-A600"; fsType = "vfat"; + options = [ "umask=0077" ]; }; fileSystems."/nix" = |