diff options
Diffstat (limited to 'nixos/haruka/configuration.nix')
| -rw-r--r-- | nixos/haruka/configuration.nix | 77 |
1 files changed, 29 insertions, 48 deletions
diff --git a/nixos/haruka/configuration.nix b/nixos/haruka/configuration.nix index a36d8b3..89050f4 100644 --- a/nixos/haruka/configuration.nix +++ b/nixos/haruka/configuration.nix @@ -36,27 +36,14 @@ boot.zfs.forceImportAll = false; boot.zfs.allowHibernation = true; # NOTE: disable if using swap on ZFS - # GRUB bootloader - boot.loader.efi.canTouchEfiVariables = true; - boot.loader.grub = { - enable = true; - - efiSupport = true; - configurationLimit = 10; - device = "nodev"; - useOSProber = true; - copyKernels = true; - gfxmodeEfi = "1920x1200"; - fontSize = 32; - - extraEntries = '' - menuentry "Reboot" { - reboot - } - menuentry "Shutdown" { - halt - } - ''; + boot.loader.systemd-boot = { + # Managed by lanzaboote + enable = false; + editor = false; + configurationLimit = 16; + # TODO: https://github.com/NixOS/nixpkgs/pull/334526 + # bootCounting.enable = true; + # bootCounting.tries = 3; }; # Erase your darlings. @@ -126,17 +113,25 @@ services.openssh.enable = true; services.openssh.settings.PasswordAuthentication = false; - services.openssh.hostKeys = [ - { - path = "/persist/ssh/ssh_host_ed25519_key"; - type = "ed25519"; - } - { - path = "/persist/ssh/ssh_host_rsa_key"; - type = "rsa"; - bits = 4096; - } - ]; + + modules = { + secure-boot.enable = true; + + persistence = { + enable = true; + storagePath = "/persist"; + setupSshHostKeys = true; + + directories = [ + "/etc/NetworkManager/system-connections" + "/etc/cups" + "/var/lib/nixos" + "/var/lib/fprint" + "/var/lib/bluetooth" + "/var/lib/tailscale" + ]; + }; + }; sops.secrets.borg-haruka-rolling-pass = { }; services.borgbackup.jobs.haruka-rolling = { @@ -184,8 +179,6 @@ services.openssh.knownHosts."hk-s020.rsync.net".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILcPl9x9JfRFwsn09NnDw/xBZbAN80ZQck+h6AqlVqPH"; - sound.enable = true; - services.pipewire = { enable = true; @@ -223,14 +216,6 @@ services.avahi.enable = true; services.avahi.nssmdns4 = true; - environment.persistence."/persist".directories = [ - "/etc/NetworkManager/system-connections" - "/etc/cups" - "/var/lib/fprint" - "/var/lib/bluetooth" - "/var/lib/tailscale" - ]; - services.pcscd.enable = true; programs.dconf.enable = true; @@ -349,10 +334,8 @@ zsh.enableCompletion = true; }; - hardware.opengl.enable = true; - hardware.opengl.driSupport = true; - hardware.opengl.driSupport32Bit = true; - hardware.opengl.extraPackages = with pkgs; [ vaapiVdpau libvdpau-va-gl ]; + hardware.graphics.enable = true; + hardware.graphics.extraPackages = with pkgs; [ vaapiVdpau libvdpau-va-gl ]; xdg.portal = { enable = true; @@ -368,8 +351,6 @@ users.mutableUsers = false; - fileSystems."/persist".neededForBoot = true; - users.users = { root.hashedPasswordFile = config.sops.secrets.root-password.path; sefidel = { |