From ec2d61b288d92822e8ca8753915dc0863b341166 Mon Sep 17 00:00:00 2001 From: cnst Date: Wed, 31 Jul 2024 18:44:51 +0200 Subject: [PATCH] security and such --- nixos/core/default.nix | 7 ------- nixos/core/system/default.nix | 10 +++++++++- nixos/core/system/security.nix | 6 ++++++ nixos/hosts/cnix/default.nix | 5 ----- 4 files changed, 15 insertions(+), 13 deletions(-) create mode 100644 nixos/core/system/security.nix diff --git a/nixos/core/default.nix b/nixos/core/default.nix index dd13017e..9152e1b9 100644 --- a/nixos/core/default.nix +++ b/nixos/core/default.nix @@ -7,18 +7,11 @@ ./home-manager.nix ./hyprland.nix ]; - security = { - rtkit.enable = true; - pam.services.hyprlock = {}; - }; programs.dconf.enable = true; - environment.localBinInPath = true; - console.useXkbConfig = true; environment.systemPackages = with pkgs; [ anyrun - stow ]; } diff --git a/nixos/core/system/default.nix b/nixos/core/system/default.nix index 29869517..59d83ded 100644 --- a/nixos/core/system/default.nix +++ b/nixos/core/system/default.nix @@ -8,9 +8,17 @@ imports = [ ./substituters.nix ./nixpkgs.nix + ./security.nix ]; - environment.systemPackages = [pkgs.git]; + environment = { + systemPackages = [ + pkgs.git + pkgs.scx + pkgs.stow + ]; + localBinInPath = true; + }; nix = { # pin the registry to avoid downloading and evaling a new nixpkgs version every time diff --git a/nixos/core/system/security.nix b/nixos/core/system/security.nix new file mode 100644 index 00000000..bd7d9e7b --- /dev/null +++ b/nixos/core/system/security.nix @@ -0,0 +1,6 @@ +{ + security = { + rtkit.enable = true; + pam.services.hyprlock = {}; + }; +} diff --git a/nixos/hosts/cnix/default.nix b/nixos/hosts/cnix/default.nix index 8308b678..e12fbe7f 100644 --- a/nixos/hosts/cnix/default.nix +++ b/nixos/hosts/cnix/default.nix @@ -1,13 +1,9 @@ { - inputs, - outputs, lib, config, pkgs, - system, ... }: let - homeDir = builtins.getEnv "HOME"; ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups; in { users.users.cnst = { @@ -39,7 +35,6 @@ in { ]; boot.kernelPackages = lib.mkForce pkgs.linuxPackages_cachyos; - environment.systemPackages = [pkgs.scx]; boot.kernelParams = [ "amd_pstate=active"