refactor: seperate into modules

2021-05-03 09:19:54 +03:00 · 2021-05-03 09:19:54 +03:00 · ac9c4f75fd
commit ac9c4f75fd
parent a28b270551
7 changed files with 39 additions and 37 deletions
--- a/flake.lock
+++ b/flake.lock
@ -131,26 +131,6 @@
        "type": "github"
      }
    },
-    "mynex": {
-      "inputs": {
-        "nixpkgs": [
-          "nixos"
-        ]
-      },
-      "locked": {
-        "lastModified": 1614175572,
-        "narHash": "sha256-SyEZ0ic75KpvUr7VO3oqoMeyhQzgH8em0/oknG6b4y8=",
-        "owner": "yusdacra",
-        "repo": "nix-exprs",
-        "rev": "c6c61fe656f6afa69ee4e7fdbc79289e42b857d6",
-        "type": "gitlab"
-      },
-      "original": {
-        "owner": "yusdacra",
-        "repo": "nix-exprs",
-        "type": "gitlab"
-      }
-    },
    "naersk": {
      "inputs": {
        "nixpkgs": [
@ -283,7 +263,6 @@
        "devshell": "devshell",
        "flake-compat": "flake-compat",
        "home": "home",
-        "mynex": "mynex",
        "naersk": "naersk",
        "nixos": "nixos",
        "nixos-hardware": "nixos-hardware",
--- a/flake.nix
+++ b/flake.nix
@ -21,10 +21,6 @@

      pkgs.url = "path:./pkgs";
      pkgs.inputs.nixpkgs.follows = "nixos";
-      mynex = {
-        url = "gitlab:yusdacra/nix-exprs";
-        inputs.nixpkgs.follows = "nixos";
-      };
      nixosPersistence.url = "github:nix-community/impermanence";
    };

--- a/modules/module-list.nix
+++ b/modules/module-list.nix
@ -1 +1 @@
-[ ]
+[ ./security/mitigations.nix ]
--- a/modules/security/mitigations.nix
+++ b/modules/security/mitigations.nix
@ -0,0 +1,27 @@
+{ config, lib, ... }:
+with lib;
+let
+  inherit (builtins) readFile fetchurl;
+
+  cfg = config.security.mitigations;
+
+  cmdline = ''
+    ibrs noibpb nopti nospectre_v2 nospectre_v1 l1tf=off nospec_store_bypass_disable no_stf_barrier mds=off tsx=on tsx_async_abort=off mitigations=off'';
+in
+{
+  options = {
+    security.mitigations.disable = mkOption {
+      type = types.bool;
+      default = false;
+      description = ''
+        Whether to disable spectre and meltdown mitigations in the kernel. Do
+        not use this in mission critical deployments, or on any machine you do
+        not have physical access to.
+      '';
+    };
+  };
+
+  config = mkIf cfg.disable {
+    boot.kernelParams = splitString " " cmdline;
+  };
+}
--- a/users/modules/hikari/default.nix
+++ b/users/modules/hikari/default.nix
@ -1,9 +1,10 @@
-{ lib, config, pkgs, ... }:
-with lib;
-let cfg = config.wayland.windowManager.hikari;
+{ config, lib, ... }@args:
+let
+  pkgs = args.pkgs;
+  cfg = config.wayland.windowManager.hikari;
 in
 {
-  options.wayland.windowManager.hikari = {
+  options.wayland.windowManager.hikari = with lib; {
    enable = mkEnableOption "hikari window manager";
    xwayland = mkOption {
      type = types.bool;
@ -15,8 +16,8 @@ in
    };
  };

-  config = mkIf cfg.enable {
-    home.packages = with pkgs; [ hikari ] ++ (optional cfg.xwayland xwayland);
+  config = lib.mkIf cfg.enable {
+    home.packages = with pkgs; [ hikari ] ++ (lib.optional cfg.xwayland xwayland);

    xdg = {
      enable = true;
--- a/users/modules/module-list.nix
+++ b/users/modules/module-list.nix
@ -1,2 +1 @@
-[ ]
-
+[ ./hikari/default.nix ]
--- a/users/patriot/default.nix
+++ b/users/patriot/default.nix
@ -84,7 +84,7 @@ in
  };

  home-manager.users.patriot =
-    { config, pkgs, ... }:
+    { config, pkgs, suites, ... }:
    let
      name = "Yusuf Bera Ertan";
      email = "y.bera003.06@protonmail.com";
@ -295,7 +295,7 @@ in
      '';
    in
    {
-      imports = [ ../profiles/hikari.nix ];
+      imports = suites.base;

      # needs to be fixed to use nix profile???
      /*gtk = {