Added nixos configs
This commit is contained in:
@@ -0,0 +1,33 @@
|
||||
# Baseline fonts for the system (NixOS 25.05+ / 26.05 compatible)
|
||||
#
|
||||
# Note:
|
||||
# - `noto-fonts-cjk` was deprecated/split into:
|
||||
# - noto-fonts-cjk-sans
|
||||
# - noto-fonts-cjk-serif
|
||||
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
let
|
||||
moduleName = "nixos-fonts";
|
||||
|
||||
has = name: builtins.hasAttr name pkgs;
|
||||
in
|
||||
{
|
||||
fonts = {
|
||||
# Keep your existing setup idea: install baseline font packages system-wide
|
||||
packages =
|
||||
(with pkgs; [
|
||||
noto-fonts
|
||||
noto-fonts-color-emoji
|
||||
])
|
||||
# CJK split (new)
|
||||
++ lib.optionals (has "noto-fonts-cjk-sans") [ pkgs.noto-fonts-cjk-sans ]
|
||||
++ lib.optionals (has "noto-fonts-cjk-serif") [ pkgs.noto-fonts-cjk-serif ];
|
||||
|
||||
# Optional: common baseline toggle (leave as-is if you already set it elsewhere)
|
||||
# enableDefaultPackages = lib.mkDefault true;
|
||||
};
|
||||
|
||||
# Breadcrumb for debugging
|
||||
environment.etc."nixlog/loaded.${moduleName}".text = "loaded\n";
|
||||
}
|
||||
@@ -0,0 +1,10 @@
|
||||
{ config, pkgs, lib, ... }:
|
||||
|
||||
let
|
||||
moduleName = "nixos-locale";
|
||||
in
|
||||
{
|
||||
time.timeZone = "Europe/Amsterdam";
|
||||
i18n.defaultLocale = "en_US.UTF-8";
|
||||
environment.etc."nixlog/loaded.${moduleName}".text = "loaded\n";
|
||||
}
|
||||
@@ -0,0 +1,54 @@
|
||||
# ~/nixos/modules/nixos/core/nix.nix
|
||||
#
|
||||
# Purpose:
|
||||
# - Shared baseline Nix configuration for ALL hosts
|
||||
# - Flakes enabled
|
||||
# - Reasonable garbage collection defaults
|
||||
# - Allow unfree packages (needed for Brave/Vivaldi/Opera etc.)
|
||||
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
let
|
||||
moduleName = "nixos-core-nix";
|
||||
in
|
||||
{
|
||||
# Required for Brave/Vivaldi/Opera and other proprietary software.
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
|
||||
nix = {
|
||||
# Enable flakes + nix-command everywhere (baseline)
|
||||
settings.experimental-features = [ "nix-command" "flakes" ];
|
||||
|
||||
# Why:
|
||||
# - Keeps the store from growing forever
|
||||
# - Still allows rollbacks for a while
|
||||
settings.auto-optimise-store = true;
|
||||
|
||||
# Reasonable default: allow Nix to use all CPU cores
|
||||
settings.max-jobs = lib.mkDefault "auto";
|
||||
};
|
||||
|
||||
# Automatic cleanup of old generations and store garbage
|
||||
#
|
||||
# Why:
|
||||
# - On multi-machine setups, store growth is one of the main annoyances.
|
||||
# - This is safe and keeps machines tidy.
|
||||
nix.gc = {
|
||||
automatic = true;
|
||||
dates = "weekly";
|
||||
options = "--delete-older-than 14d";
|
||||
};
|
||||
|
||||
# Keep a limited number of boot entries / system generations
|
||||
#
|
||||
# Why:
|
||||
# - Still safe for rollbacks
|
||||
# - Prevents /boot from filling up on some setups
|
||||
boot.loader.systemd-boot.configurationLimit = lib.mkDefault 10;
|
||||
|
||||
nix.settings.download-buffer-size = 67108864;
|
||||
|
||||
|
||||
# Optional: breadcrumb for debugging module load order
|
||||
environment.etc."nixlog/loaded.${moduleName}".text = "loaded\n";
|
||||
}
|
||||
@@ -0,0 +1,39 @@
|
||||
# ~/nixos/modules/nixos/core/security.nix
|
||||
#
|
||||
# Purpose:
|
||||
# - Security primitives that are shared across all hosts:
|
||||
# - polkit (desktop authorization framework)
|
||||
# - sudo baseline (privilege escalation)
|
||||
#
|
||||
# Keep this file conservative: it should not introduce host-specific behavior.
|
||||
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
{
|
||||
# Polkit is commonly needed on desktop systems (including Wayland compositors)
|
||||
# for privileged actions (network, power, mounting, etc.).
|
||||
security.polkit.enable = true;
|
||||
|
||||
# Sudo baseline.
|
||||
security.sudo = {
|
||||
enable = true;
|
||||
|
||||
# Hardening: only wheel members can *execute* sudo at all.
|
||||
# This reduces exposure if a non-wheel user exists.
|
||||
execWheelOnly = true;
|
||||
|
||||
# Keep password requirement (safer baseline).
|
||||
# If you want passwordless sudo for wheel, override elsewhere.
|
||||
wheelNeedsPassword = true;
|
||||
|
||||
# Optional: sane defaults; adjust as you like.
|
||||
extraConfig = ''
|
||||
Defaults timestamp_timeout=5
|
||||
Defaults pwfeedback
|
||||
'';
|
||||
};
|
||||
|
||||
# If you want to fully manage users declaratively (stronger security posture),
|
||||
# you can enable this — but it can surprise you if you expect to use `passwd`.
|
||||
# users.mutableUsers = false;
|
||||
}
|
||||
@@ -0,0 +1,29 @@
|
||||
{ config, pkgs, lib, ... }:
|
||||
|
||||
let
|
||||
username = "henrov";
|
||||
initialpwd= "Welkom01!";
|
||||
moduleName = "nixos-users";
|
||||
in
|
||||
{
|
||||
users.users.${username} = {
|
||||
#initialPassword = initialpwd;
|
||||
isNormalUser = true;
|
||||
|
||||
# Add your user to groups needed for admin + network + typical desktop input/video access
|
||||
extraGroups = [
|
||||
"wheel"
|
||||
"networkmanager"
|
||||
"video"
|
||||
"input"
|
||||
"audio"
|
||||
];
|
||||
|
||||
# If you want zsh explicitly per-user (instead of defaultUserShell):
|
||||
# shell = pkgs.zsh;
|
||||
};
|
||||
|
||||
# If you want a simple "proof this module was applied" marker at the *system* level:
|
||||
# (This creates /etc/nixos-users.loaded)
|
||||
environment.etc."nixos-users.loaded".text = "loaded\n";
|
||||
}
|
||||
Reference in New Issue
Block a user