foodogsquared/nixos-config
1
0
Fork 0
mirror of https://github.com/foo-dogsquared/nixos-config.git synced 2025-01-31 04:58:01 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

nixos/profiles/server: remove headless submodule

Browse Source 
Now this is moved as a "proper" profile module ala-nixpkgs. Also because
we can use not only on server systems.
This commit is contained in:
Gabriel Arazas 2024-01-22 12:19:36 +08:00
parent a4402aa04f
commit fc3f7eb7c7
No known key found for this signature in database
GPG Key ID: ADE0C41DAB221FCC
3 changed files with 20 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
configs/nixos/plover/default.nix
View File

@ -55,7 +55,6 @@
profiles.server = { profiles.server = {
enable = true; enable = true;
headless.enable = true;
hardened-config.enable = true; hardened-config.enable = true;
cleanup.enable = true; cleanup.enable = true;
}; };

14
modules/nixos/_private/profiles/server.nix
View File

@ -9,7 +9,6 @@ in
{ {
options.profiles.server = { options.profiles.server = {
enable = lib.mkEnableOption "server-related settings"; enable = lib.mkEnableOption "server-related settings";
headless.enable = lib.mkEnableOption "configuration for headless servers";
hardened-config.enable = lib.mkEnableOption "additional hardened configuration for NixOS systems"; hardened-config.enable = lib.mkEnableOption "additional hardened configuration for NixOS systems";
cleanup.enable = lib.mkEnableOption "cleanup service for the system"; cleanup.enable = lib.mkEnableOption "cleanup service for the system";
auto-upgrade.enable = lib.mkEnableOption "unattended system upgrades"; auto-upgrade.enable = lib.mkEnableOption "unattended system upgrades";
@ -71,19 +70,6 @@ in
i18n.supportedLocales = lib.mkForce [ "en_US.UTF-8/UTF-8" ]; i18n.supportedLocales = lib.mkForce [ "en_US.UTF-8/UTF-8" ];
}) })
# We're only covering the most basic settings here.
(lib.mkIf cfg.headless.enable {
# So does sounds...
sound.enable = false;
# ...and Bluetooth because it's so insecure.
hardware.bluetooth.enable = false;
# And other devices...
hardware.opentabletdriver.enable = false;
services.printing.enable = false;
})
# Most of the things here are based from the Securing Debian document. # Most of the things here are based from the Securing Debian document.
(lib.mkIf cfg.hardened-config.enable { (lib.mkIf cfg.hardened-config.enable {
# Don't replace it mid-way! DON'T TURN LEFT!!!! # Don't replace it mid-way! DON'T TURN LEFT!!!!

20
modules/nixos/profiles/headless.nix Normal file
View File

@ -0,0 +1,20 @@
# An extended version of the headless profile from nixpkgs. We're only covering
# the most basic settings here. This will be used both for desktop and server
# systems.
{ lib, modulesPath, ... }:
{
imports = [
"${modulesPath}/profiles/headless.nix"
];
# So does sounds...
sound.enable = lib.mkDefault false;
# ...and Bluetooth because it's so insecure.
hardware.bluetooth.enable = lib.mkDefault false;
# And other devices...
hardware.opentabletdriver.enable = lib.mkDefault false;
services.printing.enable = lib.mkDefault false;
}