68 lines
1.2 KiB
Nix
68 lines
1.2 KiB
Nix
{ lib, ... }:
|
|
|
|
{
|
|
options.jalr = {
|
|
gui.enable = lib.mkEnableOption "GUI";
|
|
workstation.enable = lib.mkEnableOption "Workstation";
|
|
};
|
|
|
|
imports = [
|
|
../pkgs/modules.nix
|
|
./autologin.nix
|
|
./aws.nix
|
|
./bluetooth.nix
|
|
./bootloader
|
|
./dji-goggles.nix
|
|
./dnsmasq.nix
|
|
./fish.nix
|
|
./fonts.nix
|
|
./journald.nix
|
|
./kdeconnect.nix
|
|
./kvm-switch-enable-screen.nix
|
|
./libvirt.nix
|
|
./localization.nix
|
|
./mailserver
|
|
./mute-indicator.nix
|
|
./nix.nix
|
|
./obs.nix
|
|
./pipewire.nix
|
|
./podman.nix
|
|
./printers
|
|
./qbittorrent
|
|
./remarkable.nix
|
|
./sdr.nix
|
|
./sshd.nix
|
|
./sudo.nix
|
|
./sway.nix
|
|
./tor.nix
|
|
./tradebyte
|
|
./udmx.nix
|
|
./uefi.nix
|
|
./unfree.nix
|
|
./wireshark.nix
|
|
./yubikey-gpg.nix
|
|
];
|
|
|
|
config = {
|
|
boot = {
|
|
tmp.cleanOnBoot = true;
|
|
kernel.sysctl = {
|
|
"kernel.kptr_restrict" = 1;
|
|
"kernel.yama.ptrace_scope" = 1;
|
|
"kernel.kexec_load_disabled" = 1;
|
|
};
|
|
kernelParams = [
|
|
"lockdown=integrity"
|
|
];
|
|
};
|
|
|
|
security.polkit.enable = true;
|
|
|
|
security.acme = {
|
|
acceptTerms = true;
|
|
defaults = {
|
|
email = "security@jalr.de";
|
|
};
|
|
};
|
|
};
|
|
}
|