unexplrd/nixos-blueprint
2
2
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

more work on hosts/ and modules/config

Browse Source 
Signed-off-by: unexplrd <unexplrd@linerds.us>
This commit is contained in:
unexplrd
2025-05-04 18:48:42 +03:00
parent a87f912600
commit 03bcc94645
27 changed files with 136 additions and 249 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
modules/nixos/config/boot/default.nix
View File

@ -29,8 +29,8 @@
# "module.sig_enforce=1"
];
initrd = {
systemd.enable = true; # needed for auto-unlocking with TPM
systemd.tpm2.enable = config.module.config.tpmDiskUnlock;
systemd.enable = true;
systemd.tpm2.enable = false;
};
};
}

2
modules/nixos/config/boot/lanzaboote.nix
View File

@ -1,7 +1,6 @@
{
config,
inputs,
lib,
...
}: {
imports = with inputs; [
@ -12,6 +11,5 @@
enable = config.module.config.secureBoot;
pkiBundle = "/var/lib/sbctl";
};
loader.systemd-boot.enable = lib.mkDefault (!config.boot.lanzaboote.enable);
};
}

1
modules/nixos/config/boot/loader.nix
View File

@ -7,7 +7,6 @@
timeout = 3;
efi.canTouchEfiVariables = true;
systemd-boot = {
enable = true;
consoleMode = "auto";
configurationLimit = lib.mkOverride 1337 10;
};

34
modules/nixos/config/default.nix
View File

@ -1,10 +1,12 @@
{
config,
inputs,
lib,
pkgs,
...
}: let
inherit (lib) mkDefault mkEnableOption mkIf;
inherit (config.networking) hostName;
cfg = config.module.config;
in {
imports = [
@ -28,12 +30,28 @@ in {
};
};
};
config = mkIf (cfg.vaapi
== "intel-media-driver") {
hardware.graphics.extraPackages = with pkgs; [
intel-compute-runtime
intel-media-driver
vpl-gpu-rt
];
};
config =
mkIf (cfg.vaapi
== "intel-media-driver") {
hardware.graphics.extraPackages = with pkgs; [
intel-compute-runtime
intel-media-driver
vpl-gpu-rt
];
}
// mkIf cfg.tpmDiskUnlock {
initrd.systemd.tpm2.enable = mkDefault true;
}
// mkIf cfg.useIwd {
networking = {
networkmanager.wifi.backend = "iwd";
wireless.iwd.enable = true;
};
}
// {
boot.loader.systemd-boot.enable =
if cfg.secureBoot
then false
else true;
};
}

16
modules/nixos/config/networking/default.nix
View File

@ -1,8 +1,18 @@
{
imports = [
./network-manager
];
networking = {
hosts = import ./hosts.nix;
networkmanager = {
ethernet.macAddress = "stable";
wifi = {
macAddress = "random";
scanRandMacAddress = true;
};
};
wireless.iwd.settings = {
settings = {
General.AddressRandomization = "network";
Settings.AlwaysRandomizeAddress = true;
};
};
};
}

15
modules/nixos/config/networking/network-manager/default.nix
View File

@ -1,15 +0,0 @@
{
imports = [
./wireless-iwd.nix
];
networking = {
networkmanager = {
enable = true;
ethernet.macAddress = "stable";
wifi = {
macAddress = "random";
scanRandMacAddress = true;
};
};
};
}

15
modules/nixos/config/networking/network-manager/wireless-iwd.nix
View File

@ -1,15 +0,0 @@
{config, ...}: {
networking = {
networkmanager.wifi.backend =
if config.module.config.useIwd
then "iwd"
else "wpa_supplicant";
wireless.iwd = {
enable = config.module.config.useIwd;
settings = {
General.AddressRandomization = "network";
Settings.AlwaysRandomizeAddress = true;
};
};
};
}

1
modules/nixos/config/users.nix
View File

@ -8,6 +8,7 @@
inherit (inputs) mysecrets;
sshKeys = f: "${mysecrets}/ssh/user/id_${f}_ed25519.pub";
in {
nix.settings.trusted-users = ["user"];
users.mutableUsers = false;
users.users = {
user = {

1
modules/nixos/system/wireless/default.nix
View File

@ -1,6 +1,5 @@
{
imports = [
./bluetooth.nix
./wifi.nix
];
}

29
modules/nixos/system/wireless/wifi.nix
View File

@ -1,29 +0,0 @@
{
lib,
config,
...
}:
with lib; let
cfg = config.wireless.wifi;
in {
options = {
wireless.wifi.enable =
mkEnableOption "enables wifi with iwd and MAC address randomisation";
};
config = mkIf cfg.enable {
networking = {
networkmanager.wifi = {
backend = "iwd";
macAddress = "random";
scanRandMacAddress = true;
};
wireless.iwd = {
enable = true;
settings = {
General.AddressRandomization = "network";
Settings.AlwaysRandomizeAddress = true;
};
};
};
};
}