Update repo-managed configs
This commit is contained in:
@@ -1,6 +1,18 @@
|
||||
{ config, pkgs, lib, ... }:
|
||||
|
||||
{
|
||||
|
||||
|
||||
# Stop nouveau from binding the NVIDIA GPU
|
||||
boot.blacklistedKernelModules = [ "nouveau" ];
|
||||
boot.kernelParams = [
|
||||
"intel_iommu=off"
|
||||
"dev_mem_signed_off=1"
|
||||
"modprobe.blacklist=nouveau"
|
||||
"nouveau.modeset=0"
|
||||
];
|
||||
|
||||
|
||||
imports = [
|
||||
./hardware-configuration.nix
|
||||
];
|
||||
@@ -17,7 +29,7 @@
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
|
||||
# Known-good baseline from niri-4screen.md
|
||||
boot.kernelParams = [ "intel_iommu=off" "dev_mem_signed_off=1" ];
|
||||
|
||||
|
||||
# ---
|
||||
# Identity
|
||||
@@ -121,11 +133,23 @@
|
||||
# ---
|
||||
# SSH
|
||||
# ---
|
||||
services.openssh.enable = true;
|
||||
services.openssh.openFirewall = true;
|
||||
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
openFirewall = true;
|
||||
settings = {
|
||||
PasswordAuthentication = true;
|
||||
KbdInteractiveAuthentication = true;
|
||||
PermitRootLogin = "no";
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
#services.openssh.enable = true;
|
||||
# services.openssh.openFirewall = true;
|
||||
# Defaulting to keys-only for safety. If you explicitly want password auth for the migration,
|
||||
# flip this to true.
|
||||
services.openssh.settings.PasswordAuthentication = false;
|
||||
#services.openssh.settings.PasswordAuthentication = false;
|
||||
|
||||
# Explicitly enable firewall (keep SSH as the only opened port via openFirewall above).
|
||||
networking.firewall.enable = true;
|
||||
@@ -148,11 +172,10 @@
|
||||
# ---
|
||||
# OpenGL (important for NVIDIA Wayland apps)
|
||||
# ---
|
||||
hardware.opengl = {
|
||||
enable = true;
|
||||
driSupport = true;
|
||||
driSupport32Bit = true;
|
||||
};
|
||||
hardware.graphics = {
|
||||
enable = true;
|
||||
enable32Bit = true;
|
||||
};
|
||||
|
||||
# ---
|
||||
# Audio (PipeWire)
|
||||
@@ -193,10 +216,11 @@
|
||||
settings = {
|
||||
default_session = {
|
||||
user = "greeter";
|
||||
command =
|
||||
"${pkgs.greetd.tuigreet}/bin/tuigreet --time --remember --cmd ${
|
||||
lib.escapeShellArg "${pkgs.niri}/bin/niri --session"
|
||||
}";
|
||||
command =
|
||||
"${pkgs.greetd.tuigreet}/bin/tuigreet --time --remember --cmd ${
|
||||
lib.escapeShellArg
|
||||
"${pkgs.bash}/bin/bash -lc 'mkdir -p ~/.local/state; exec ${pkgs.niri}/bin/niri --session 2>~/.local/state/niri.log'"
|
||||
}";
|
||||
};
|
||||
};
|
||||
};
|
||||
@@ -212,6 +236,11 @@
|
||||
|
||||
# Minimal system packages needed for the session and core usability
|
||||
environment.systemPackages = with pkgs; [
|
||||
waybar
|
||||
firefox
|
||||
google-chrome
|
||||
kitty
|
||||
fuzzel
|
||||
niri
|
||||
greetd.tuigreet
|
||||
xwayland
|
||||
@@ -227,7 +256,7 @@
|
||||
hardware.nvidia.modesetting.enable = true;
|
||||
hardware.nvidia.nvidiaSettings = true;
|
||||
hardware.nvidia.nvidiaPersistenced = true;
|
||||
|
||||
hardware.nvidia.open = false;
|
||||
# ---
|
||||
# NixOS release compatibility
|
||||
# ---
|
||||
|
||||
Reference in New Issue
Block a user