Update repo-managed configs
This commit is contained in:
@@ -1,6 +1,18 @@
|
||||
{ config, pkgs, lib, ... }:
|
||||
|
||||
{
|
||||
|
||||
|
||||
# Stop nouveau from binding the NVIDIA GPU
|
||||
boot.blacklistedKernelModules = [ "nouveau" ];
|
||||
boot.kernelParams = [
|
||||
"intel_iommu=off"
|
||||
"dev_mem_signed_off=1"
|
||||
"modprobe.blacklist=nouveau"
|
||||
"nouveau.modeset=0"
|
||||
];
|
||||
|
||||
|
||||
imports = [
|
||||
./hardware-configuration.nix
|
||||
];
|
||||
@@ -17,7 +29,7 @@
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
|
||||
# Known-good baseline from niri-4screen.md
|
||||
boot.kernelParams = [ "intel_iommu=off" "dev_mem_signed_off=1" ];
|
||||
|
||||
|
||||
# ---
|
||||
# Identity
|
||||
@@ -121,11 +133,23 @@
|
||||
# ---
|
||||
# SSH
|
||||
# ---
|
||||
services.openssh.enable = true;
|
||||
services.openssh.openFirewall = true;
|
||||
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
openFirewall = true;
|
||||
settings = {
|
||||
PasswordAuthentication = true;
|
||||
KbdInteractiveAuthentication = true;
|
||||
PermitRootLogin = "no";
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
#services.openssh.enable = true;
|
||||
# services.openssh.openFirewall = true;
|
||||
# Defaulting to keys-only for safety. If you explicitly want password auth for the migration,
|
||||
# flip this to true.
|
||||
services.openssh.settings.PasswordAuthentication = false;
|
||||
#services.openssh.settings.PasswordAuthentication = false;
|
||||
|
||||
# Explicitly enable firewall (keep SSH as the only opened port via openFirewall above).
|
||||
networking.firewall.enable = true;
|
||||
@@ -148,11 +172,10 @@
|
||||
# ---
|
||||
# OpenGL (important for NVIDIA Wayland apps)
|
||||
# ---
|
||||
hardware.opengl = {
|
||||
enable = true;
|
||||
driSupport = true;
|
||||
driSupport32Bit = true;
|
||||
};
|
||||
hardware.graphics = {
|
||||
enable = true;
|
||||
enable32Bit = true;
|
||||
};
|
||||
|
||||
# ---
|
||||
# Audio (PipeWire)
|
||||
@@ -193,10 +216,11 @@
|
||||
settings = {
|
||||
default_session = {
|
||||
user = "greeter";
|
||||
command =
|
||||
"${pkgs.greetd.tuigreet}/bin/tuigreet --time --remember --cmd ${
|
||||
lib.escapeShellArg "${pkgs.niri}/bin/niri --session"
|
||||
}";
|
||||
command =
|
||||
"${pkgs.greetd.tuigreet}/bin/tuigreet --time --remember --cmd ${
|
||||
lib.escapeShellArg
|
||||
"${pkgs.bash}/bin/bash -lc 'mkdir -p ~/.local/state; exec ${pkgs.niri}/bin/niri --session 2>~/.local/state/niri.log'"
|
||||
}";
|
||||
};
|
||||
};
|
||||
};
|
||||
@@ -212,6 +236,11 @@
|
||||
|
||||
# Minimal system packages needed for the session and core usability
|
||||
environment.systemPackages = with pkgs; [
|
||||
waybar
|
||||
firefox
|
||||
google-chrome
|
||||
kitty
|
||||
fuzzel
|
||||
niri
|
||||
greetd.tuigreet
|
||||
xwayland
|
||||
@@ -227,7 +256,7 @@
|
||||
hardware.nvidia.modesetting.enable = true;
|
||||
hardware.nvidia.nvidiaSettings = true;
|
||||
hardware.nvidia.nvidiaPersistenced = true;
|
||||
|
||||
hardware.nvidia.open = false;
|
||||
# ---
|
||||
# NixOS release compatibility
|
||||
# ---
|
||||
|
||||
@@ -1,18 +1,33 @@
|
||||
# -----------------------------------------------------------------------------
|
||||
# PLACEHOLDER hardware-configuration.nix
|
||||
#
|
||||
# Replace this file with the REAL generated hardware configuration from the
|
||||
# NixOS installer before installing / switching to this host configuration.
|
||||
#
|
||||
# How:
|
||||
# 1) Boot the NixOS installer ISO
|
||||
# 2) Partition/mount target as planned
|
||||
# 3) Run: nixos-generate-config --root /mnt
|
||||
# 4) Copy the generated /mnt/etc/nixos/hardware-configuration.nix into:
|
||||
# hosts/sam-4screen-desktop/hardware-configuration.nix
|
||||
# -----------------------------------------------------------------------------
|
||||
|
||||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||
# and may be overwritten by future invocations. Please make changes
|
||||
# to /etc/nixos/configuration.nix instead.
|
||||
{ config, lib, pkgs, modulesPath, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[ (modulesPath + "/installer/scan/not-detected.nix")
|
||||
];
|
||||
|
||||
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "ums_cypress" "usbhid" "sd_mod" "sr_mod" ];
|
||||
boot.initrd.kernelModules = [ ];
|
||||
boot.kernelModules = [ "kvm-intel" ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
fileSystems."/" =
|
||||
{ device = "/dev/disk/by-uuid/fb26cb12-6cbf-4dd9-a53d-5fed72351334";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
fileSystems."/boot" =
|
||||
{ device = "/dev/disk/by-uuid/4A17-D854";
|
||||
fsType = "vfat";
|
||||
options = [ "fmask=0077" "dmask=0077" ];
|
||||
};
|
||||
|
||||
swapDevices =
|
||||
[ { device = "/dev/disk/by-uuid/7ec41b93-8977-4a56-a6be-5eff57b823b0"; }
|
||||
];
|
||||
|
||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user