79 lines
1.5 KiB
Nix
79 lines
1.5 KiB
Nix
{ lib, ... }:
|
|
|
|
{
|
|
options.jalr = {
|
|
gui = {
|
|
enable = lib.mkEnableOption "GUI";
|
|
desktop = lib.mkOption {
|
|
type = lib.types.nullOr (lib.types.enum [ "sway" "gnome" ]);
|
|
default = "sway";
|
|
description = "Desktop environment to install";
|
|
};
|
|
};
|
|
workstation.enable = lib.mkEnableOption "Workstation";
|
|
};
|
|
|
|
imports = [
|
|
../pkgs/modules.nix
|
|
./adb.nix
|
|
./autologin.nix
|
|
./aws.nix
|
|
./bluetooth.nix
|
|
./bootloader
|
|
./dji-goggles.nix
|
|
./dnsmasq.nix
|
|
./fish.nix
|
|
./fonts.nix
|
|
./gnome.nix
|
|
./journald.nix
|
|
./kdeconnect.nix
|
|
./kvm-switch-enable-screen.nix
|
|
./libvirt.nix
|
|
./localization.nix
|
|
./mailserver
|
|
./matrix
|
|
./mute-indicator.nix
|
|
./network-manager.nix
|
|
./nix.nix
|
|
./obs.nix
|
|
./pipewire.nix
|
|
./podman.nix
|
|
./printers
|
|
./qbittorrent
|
|
./remarkable.nix
|
|
./sdr.nix
|
|
./sshd.nix
|
|
./sudo.nix
|
|
./sway.nix
|
|
./tor.nix
|
|
./udmx.nix
|
|
./uefi.nix
|
|
./unfree.nix
|
|
./upgrade-diff.nix
|
|
./wireshark.nix
|
|
./yubikey-gpg.nix
|
|
];
|
|
|
|
config = {
|
|
boot = {
|
|
tmp.cleanOnBoot = true;
|
|
kernel.sysctl = {
|
|
"kernel.kptr_restrict" = 1;
|
|
"kernel.yama.ptrace_scope" = 1;
|
|
"kernel.kexec_load_disabled" = 1;
|
|
};
|
|
kernelParams = [
|
|
"lockdown=integrity"
|
|
];
|
|
};
|
|
|
|
security.polkit.enable = true;
|
|
|
|
security.acme = {
|
|
acceptTerms = true;
|
|
defaults = {
|
|
email = "security@jalr.de";
|
|
};
|
|
};
|
|
};
|
|
}
|