diff options
Diffstat (limited to 'nixos/haruka/configuration.nix')
| -rw-r--r-- | nixos/haruka/configuration.nix | 86 |
1 files changed, 36 insertions, 50 deletions
diff --git a/nixos/haruka/configuration.nix b/nixos/haruka/configuration.nix index a36d8b3..f7c0ce4 100644 --- a/nixos/haruka/configuration.nix +++ b/nixos/haruka/configuration.nix @@ -16,7 +16,8 @@ sudo.wheelNeedsPassword = false; }; - boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages; + # Use latest LTS kernel (https://github.com/NixOS/nixpkgs/pull/341596) + boot.kernelPackages = pkgs.linuxPackages; boot.kernelParams = [ "console=tty1" "i915.fastboot=1" @@ -36,27 +37,14 @@ boot.zfs.forceImportAll = false; boot.zfs.allowHibernation = true; # NOTE: disable if using swap on ZFS - # GRUB bootloader - boot.loader.efi.canTouchEfiVariables = true; - boot.loader.grub = { - enable = true; - - efiSupport = true; - configurationLimit = 10; - device = "nodev"; - useOSProber = true; - copyKernels = true; - gfxmodeEfi = "1920x1200"; - fontSize = 32; - - extraEntries = '' - menuentry "Reboot" { - reboot - } - menuentry "Shutdown" { - halt - } - ''; + boot.loader.systemd-boot = { + # Managed by lanzaboote + enable = false; + editor = false; + configurationLimit = 16; + # TODO: https://github.com/NixOS/nixpkgs/pull/334526 + # bootCounting.enable = true; + # bootCounting.tries = 3; }; # Erase your darlings. @@ -126,17 +114,25 @@ services.openssh.enable = true; services.openssh.settings.PasswordAuthentication = false; - services.openssh.hostKeys = [ - { - path = "/persist/ssh/ssh_host_ed25519_key"; - type = "ed25519"; - } - { - path = "/persist/ssh/ssh_host_rsa_key"; - type = "rsa"; - bits = 4096; - } - ]; + + modules = { + secure-boot.enable = true; + + persistence = { + enable = true; + storagePath = "/persist"; + setupSshHostKeys = true; + + directories = [ + "/etc/NetworkManager/system-connections" + "/etc/cups" + "/var/lib/nixos" + "/var/lib/fprint" + "/var/lib/bluetooth" + "/var/lib/tailscale" + ]; + }; + }; sops.secrets.borg-haruka-rolling-pass = { }; services.borgbackup.jobs.haruka-rolling = { @@ -149,6 +145,7 @@ # Ephemeral user files "**/.cache" "**/.nix-profile" + "**/.config" # Rust build files "**/target" ]; @@ -184,8 +181,6 @@ services.openssh.knownHosts."hk-s020.rsync.net".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILcPl9x9JfRFwsn09NnDw/xBZbAN80ZQck+h6AqlVqPH"; - sound.enable = true; - services.pipewire = { enable = true; @@ -223,14 +218,6 @@ services.avahi.enable = true; services.avahi.nssmdns4 = true; - environment.persistence."/persist".directories = [ - "/etc/NetworkManager/system-connections" - "/etc/cups" - "/var/lib/fprint" - "/var/lib/bluetooth" - "/var/lib/tailscale" - ]; - services.pcscd.enable = true; programs.dconf.enable = true; @@ -297,8 +284,11 @@ fontDir.enable = true; packages = with pkgs; [ - (nerdfonts.override { fonts = [ "Iosevka" "JetBrainsMono" ]; }) + nerd-fonts.iosevka + nerd-fonts.iosevka-term + nerd-fonts.jetbrains-mono emacs-all-the-icons-fonts + iosevka jetbrains-mono nanum profont @@ -349,10 +339,8 @@ zsh.enableCompletion = true; }; - hardware.opengl.enable = true; - hardware.opengl.driSupport = true; - hardware.opengl.driSupport32Bit = true; - hardware.opengl.extraPackages = with pkgs; [ vaapiVdpau libvdpau-va-gl ]; + hardware.graphics.enable = true; + hardware.graphics.extraPackages = with pkgs; [ vaapiVdpau libvdpau-va-gl ]; xdg.portal = { enable = true; @@ -368,8 +356,6 @@ users.mutableUsers = false; - fileSystems."/persist".neededForBoot = true; - users.users = { root.hashedPasswordFile = config.sops.secrets.root-password.path; sefidel = { |