From fc3f7eb7c7e24b48269a2fcd10407f7138149d48 Mon Sep 17 00:00:00 2001 From: Gabriel Arazas Date: Mon, 22 Jan 2024 12:19:36 +0800 Subject: [PATCH] nixos/profiles/server: remove `headless` submodule Now this is moved as a "proper" profile module ala-nixpkgs. Also because we can use not only on server systems. --- configs/nixos/plover/default.nix | 1 - modules/nixos/_private/profiles/server.nix | 14 -------------- modules/nixos/profiles/headless.nix | 20 ++++++++++++++++++++ 3 files changed, 20 insertions(+), 15 deletions(-) create mode 100644 modules/nixos/profiles/headless.nix diff --git a/configs/nixos/plover/default.nix b/configs/nixos/plover/default.nix index 840309da..b2bdc1e7 100644 --- a/configs/nixos/plover/default.nix +++ b/configs/nixos/plover/default.nix @@ -55,7 +55,6 @@ profiles.server = { enable = true; - headless.enable = true; hardened-config.enable = true; cleanup.enable = true; }; diff --git a/modules/nixos/_private/profiles/server.nix b/modules/nixos/_private/profiles/server.nix index 567c8c43..07b322b6 100644 --- a/modules/nixos/_private/profiles/server.nix +++ b/modules/nixos/_private/profiles/server.nix @@ -9,7 +9,6 @@ in { options.profiles.server = { enable = lib.mkEnableOption "server-related settings"; - headless.enable = lib.mkEnableOption "configuration for headless servers"; hardened-config.enable = lib.mkEnableOption "additional hardened configuration for NixOS systems"; cleanup.enable = lib.mkEnableOption "cleanup service for the system"; auto-upgrade.enable = lib.mkEnableOption "unattended system upgrades"; @@ -71,19 +70,6 @@ in i18n.supportedLocales = lib.mkForce [ "en_US.UTF-8/UTF-8" ]; }) - # We're only covering the most basic settings here. - (lib.mkIf cfg.headless.enable { - # So does sounds... - sound.enable = false; - - # ...and Bluetooth because it's so insecure. - hardware.bluetooth.enable = false; - - # And other devices... - hardware.opentabletdriver.enable = false; - services.printing.enable = false; - }) - # Most of the things here are based from the Securing Debian document. (lib.mkIf cfg.hardened-config.enable { # Don't replace it mid-way! DON'T TURN LEFT!!!! diff --git a/modules/nixos/profiles/headless.nix b/modules/nixos/profiles/headless.nix new file mode 100644 index 00000000..76debf05 --- /dev/null +++ b/modules/nixos/profiles/headless.nix @@ -0,0 +1,20 @@ +# An extended version of the headless profile from nixpkgs. We're only covering +# the most basic settings here. This will be used both for desktop and server +# systems. +{ lib, modulesPath, ... }: + +{ + imports = [ + "${modulesPath}/profiles/headless.nix" + ]; + + # So does sounds... + sound.enable = lib.mkDefault false; + + # ...and Bluetooth because it's so insecure. + hardware.bluetooth.enable = lib.mkDefault false; + + # And other devices... + hardware.opentabletdriver.enable = lib.mkDefault false; + services.printing.enable = lib.mkDefault false; +}