diff --git a/flake.lock b/flake.lock index 82f7495..1915b5a 100644 --- a/flake.lock +++ b/flake.lock @@ -131,26 +131,6 @@ "type": "github" } }, - "mynex": { - "inputs": { - "nixpkgs": [ - "nixos" - ] - }, - "locked": { - "lastModified": 1614175572, - "narHash": "sha256-SyEZ0ic75KpvUr7VO3oqoMeyhQzgH8em0/oknG6b4y8=", - "owner": "yusdacra", - "repo": "nix-exprs", - "rev": "c6c61fe656f6afa69ee4e7fdbc79289e42b857d6", - "type": "gitlab" - }, - "original": { - "owner": "yusdacra", - "repo": "nix-exprs", - "type": "gitlab" - } - }, "naersk": { "inputs": { "nixpkgs": [ @@ -283,7 +263,6 @@ "devshell": "devshell", "flake-compat": "flake-compat", "home": "home", - "mynex": "mynex", "naersk": "naersk", "nixos": "nixos", "nixos-hardware": "nixos-hardware", diff --git a/flake.nix b/flake.nix index 9443717..19a7b71 100644 --- a/flake.nix +++ b/flake.nix @@ -21,10 +21,6 @@ pkgs.url = "path:./pkgs"; pkgs.inputs.nixpkgs.follows = "nixos"; - mynex = { - url = "gitlab:yusdacra/nix-exprs"; - inputs.nixpkgs.follows = "nixos"; - }; nixosPersistence.url = "github:nix-community/impermanence"; }; diff --git a/modules/module-list.nix b/modules/module-list.nix index 1e3ec72..e94ccd5 100644 --- a/modules/module-list.nix +++ b/modules/module-list.nix @@ -1 +1 @@ -[ ] +[ ./security/mitigations.nix ] diff --git a/modules/security/mitigations.nix b/modules/security/mitigations.nix new file mode 100644 index 0000000..454084e --- /dev/null +++ b/modules/security/mitigations.nix @@ -0,0 +1,27 @@ +{ config, lib, ... }: +with lib; +let + inherit (builtins) readFile fetchurl; + + cfg = config.security.mitigations; + + cmdline = '' + ibrs noibpb nopti nospectre_v2 nospectre_v1 l1tf=off nospec_store_bypass_disable no_stf_barrier mds=off tsx=on tsx_async_abort=off mitigations=off''; +in +{ + options = { + security.mitigations.disable = mkOption { + type = types.bool; + default = false; + description = '' + Whether to disable spectre and meltdown mitigations in the kernel. Do + not use this in mission critical deployments, or on any machine you do + not have physical access to. + ''; + }; + }; + + config = mkIf cfg.disable { + boot.kernelParams = splitString " " cmdline; + }; +} diff --git a/users/profiles/hikari.nix b/users/modules/hikari/default.nix similarity index 96% rename from users/profiles/hikari.nix rename to users/modules/hikari/default.nix index 41bd38e..490c2a3 100644 --- a/users/profiles/hikari.nix +++ b/users/modules/hikari/default.nix @@ -1,9 +1,10 @@ -{ lib, config, pkgs, ... }: -with lib; -let cfg = config.wayland.windowManager.hikari; +{ config, lib, ... }@args: +let + pkgs = args.pkgs; + cfg = config.wayland.windowManager.hikari; in { - options.wayland.windowManager.hikari = { + options.wayland.windowManager.hikari = with lib; { enable = mkEnableOption "hikari window manager"; xwayland = mkOption { type = types.bool; @@ -15,8 +16,8 @@ in }; }; - config = mkIf cfg.enable { - home.packages = with pkgs; [ hikari ] ++ (optional cfg.xwayland xwayland); + config = lib.mkIf cfg.enable { + home.packages = with pkgs; [ hikari ] ++ (lib.optional cfg.xwayland xwayland); xdg = { enable = true; @@ -52,7 +53,7 @@ in "*" { xkb = { layout = "tr" - } + } } } pointers { diff --git a/users/modules/module-list.nix b/users/modules/module-list.nix index e18e705..c6938ae 100644 --- a/users/modules/module-list.nix +++ b/users/modules/module-list.nix @@ -1,2 +1 @@ -[ ] - +[ ./hikari/default.nix ] diff --git a/users/patriot/default.nix b/users/patriot/default.nix index d3304f7..fbf5d71 100644 --- a/users/patriot/default.nix +++ b/users/patriot/default.nix @@ -84,7 +84,7 @@ in }; home-manager.users.patriot = - { config, pkgs, ... }: + { config, pkgs, suites, ... }: let name = "Yusuf Bera Ertan"; email = "y.bera003.06@protonmail.com"; @@ -295,7 +295,7 @@ in ''; in { - imports = [ ../profiles/hikari.nix ]; + imports = suites.base; # needs to be fixed to use nix profile??? /*gtk = {