refactor: seperate into modules
This commit is contained in:
parent
a28b270551
commit
ac9c4f75fd
21
flake.lock
21
flake.lock
@ -131,26 +131,6 @@
|
|||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"mynex": {
|
|
||||||
"inputs": {
|
|
||||||
"nixpkgs": [
|
|
||||||
"nixos"
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1614175572,
|
|
||||||
"narHash": "sha256-SyEZ0ic75KpvUr7VO3oqoMeyhQzgH8em0/oknG6b4y8=",
|
|
||||||
"owner": "yusdacra",
|
|
||||||
"repo": "nix-exprs",
|
|
||||||
"rev": "c6c61fe656f6afa69ee4e7fdbc79289e42b857d6",
|
|
||||||
"type": "gitlab"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "yusdacra",
|
|
||||||
"repo": "nix-exprs",
|
|
||||||
"type": "gitlab"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"naersk": {
|
"naersk": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"nixpkgs": [
|
"nixpkgs": [
|
||||||
@ -283,7 +263,6 @@
|
|||||||
"devshell": "devshell",
|
"devshell": "devshell",
|
||||||
"flake-compat": "flake-compat",
|
"flake-compat": "flake-compat",
|
||||||
"home": "home",
|
"home": "home",
|
||||||
"mynex": "mynex",
|
|
||||||
"naersk": "naersk",
|
"naersk": "naersk",
|
||||||
"nixos": "nixos",
|
"nixos": "nixos",
|
||||||
"nixos-hardware": "nixos-hardware",
|
"nixos-hardware": "nixos-hardware",
|
||||||
|
@ -21,10 +21,6 @@
|
|||||||
|
|
||||||
pkgs.url = "path:./pkgs";
|
pkgs.url = "path:./pkgs";
|
||||||
pkgs.inputs.nixpkgs.follows = "nixos";
|
pkgs.inputs.nixpkgs.follows = "nixos";
|
||||||
mynex = {
|
|
||||||
url = "gitlab:yusdacra/nix-exprs";
|
|
||||||
inputs.nixpkgs.follows = "nixos";
|
|
||||||
};
|
|
||||||
nixosPersistence.url = "github:nix-community/impermanence";
|
nixosPersistence.url = "github:nix-community/impermanence";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -1 +1 @@
|
|||||||
[ ]
|
[ ./security/mitigations.nix ]
|
||||||
|
27
modules/security/mitigations.nix
Normal file
27
modules/security/mitigations.nix
Normal file
@ -0,0 +1,27 @@
|
|||||||
|
{ config, lib, ... }:
|
||||||
|
with lib;
|
||||||
|
let
|
||||||
|
inherit (builtins) readFile fetchurl;
|
||||||
|
|
||||||
|
cfg = config.security.mitigations;
|
||||||
|
|
||||||
|
cmdline = ''
|
||||||
|
ibrs noibpb nopti nospectre_v2 nospectre_v1 l1tf=off nospec_store_bypass_disable no_stf_barrier mds=off tsx=on tsx_async_abort=off mitigations=off'';
|
||||||
|
in
|
||||||
|
{
|
||||||
|
options = {
|
||||||
|
security.mitigations.disable = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
default = false;
|
||||||
|
description = ''
|
||||||
|
Whether to disable spectre and meltdown mitigations in the kernel. Do
|
||||||
|
not use this in mission critical deployments, or on any machine you do
|
||||||
|
not have physical access to.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config = mkIf cfg.disable {
|
||||||
|
boot.kernelParams = splitString " " cmdline;
|
||||||
|
};
|
||||||
|
}
|
@ -1,9 +1,10 @@
|
|||||||
{ lib, config, pkgs, ... }:
|
{ config, lib, ... }@args:
|
||||||
with lib;
|
let
|
||||||
let cfg = config.wayland.windowManager.hikari;
|
pkgs = args.pkgs;
|
||||||
|
cfg = config.wayland.windowManager.hikari;
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
options.wayland.windowManager.hikari = {
|
options.wayland.windowManager.hikari = with lib; {
|
||||||
enable = mkEnableOption "hikari window manager";
|
enable = mkEnableOption "hikari window manager";
|
||||||
xwayland = mkOption {
|
xwayland = mkOption {
|
||||||
type = types.bool;
|
type = types.bool;
|
||||||
@ -15,8 +16,8 @@ in
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = lib.mkIf cfg.enable {
|
||||||
home.packages = with pkgs; [ hikari ] ++ (optional cfg.xwayland xwayland);
|
home.packages = with pkgs; [ hikari ] ++ (lib.optional cfg.xwayland xwayland);
|
||||||
|
|
||||||
xdg = {
|
xdg = {
|
||||||
enable = true;
|
enable = true;
|
@ -1,2 +1 @@
|
|||||||
[ ]
|
[ ./hikari/default.nix ]
|
||||||
|
|
||||||
|
@ -84,7 +84,7 @@ in
|
|||||||
};
|
};
|
||||||
|
|
||||||
home-manager.users.patriot =
|
home-manager.users.patriot =
|
||||||
{ config, pkgs, ... }:
|
{ config, pkgs, suites, ... }:
|
||||||
let
|
let
|
||||||
name = "Yusuf Bera Ertan";
|
name = "Yusuf Bera Ertan";
|
||||||
email = "y.bera003.06@protonmail.com";
|
email = "y.bera003.06@protonmail.com";
|
||||||
@ -295,7 +295,7 @@ in
|
|||||||
'';
|
'';
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
imports = [ ../profiles/hikari.nix ];
|
imports = suites.base;
|
||||||
|
|
||||||
# needs to be fixed to use nix profile???
|
# needs to be fixed to use nix profile???
|
||||||
/*gtk = {
|
/*gtk = {
|
||||||
|
Loading…
Reference in New Issue
Block a user