Bunch of stuff to get this ready for a two user system

2025-02-28 13:11:45 -05:00 · 2025-02-28 13:11:45 -05:00 · 7eb3b1a0fa
commit 7eb3b1a0fa
parent 2144d9ef61
119 changed files with 214 additions and 214 deletions
--- a/system/settings/default.nix
+++ b/system/settings/default.nix
@ -0,0 +1,9 @@
+{ ... }:
+{
+  imports = [
+    ./minimal
+    ./nix
+    ./security
+    ./timezone
+  ];
+}
--- a/system/settings/minimal/default.nix
+++ b/system/settings/minimal/default.nix
@ -0,0 +1,21 @@
+{ ... }:
+{
+  environment = {
+    defaultPackages = [ ];
+    stub-ld.enable = false;
+  };
+
+  documentation = {
+    doc.enable = false;
+    info.enable = false;
+    nixos.enable = false;
+  };
+
+  programs = {
+    nano.enable = false;
+    less.lessopen = null;
+    command-not-found.enable = false;
+  };
+
+  services.logrotate.enable = false;
+}
--- a/system/settings/nix/default.nix
+++ b/system/settings/nix/default.nix
@ -0,0 +1,23 @@
+{ config, lib, pkgs, unstable, ... }:
+{
+  imports = [ ./gc ];
+
+  options.nixpkgs.allowUnfreePackages = lib.mkOption {
+    type = with lib.types; listOf str;
+  };
+
+  config = {
+    nix.settings = {
+      experimental-features = [
+        "nix-command"
+        "flakes"
+      ];
+      auto-optimise-store = true;
+    };
+
+    _module.args.pkgsUnstable = import unstable {
+      inherit (pkgs.stdenv.hostPlatform) system;
+      inherit (config.nixpkgs) config;
+    };
+  };
+}
--- a/system/settings/nix/gc/default.nix
+++ b/system/settings/nix/gc/default.nix
@ -0,0 +1,8 @@
+{ ... }:
+{
+  nix.gc = {
+    automatic = true;
+    dates = "weekly";
+    options = "--delete-older-than 7d";
+  };
+}
--- a/system/settings/security/apparmor/default.nix
+++ b/system/settings/security/apparmor/default.nix
@ -0,0 +1,4 @@
+{ ... }:
+{
+  security.apparmor.enable = true;
+}
--- a/system/settings/security/default.nix
+++ b/system/settings/security/default.nix
@ -0,0 +1,7 @@
+{ ... }:
+{
+  imports = [
+    ./apparmor
+    ./doas
+  ];
+}
--- a/system/settings/security/doas/default.nix
+++ b/system/settings/security/doas/default.nix
@ -0,0 +1,18 @@
+{ pkgs, ... }:
+{
+  security = {
+    sudo.enable = false;
+    doas = {
+      enable = true;
+      extraRules = [
+        { # Give wheel root access
+          groups = [ "wheel" ];
+          keepEnv = true;
+          persist = true;
+        }
+      ];
+    };
+  };
+
+  environment.systemPackages = with pkgs; [ doas-sudo-shim ];
+}
--- a/system/settings/timezone/default.nix
+++ b/system/settings/timezone/default.nix
@ -0,0 +1,4 @@
+{ ... }:
+{
+  time.timeZone = "America/Toronto";
+}