swarsel/.dotfiles
1
0
Fork 0
mirror of https://github.com/Swarsel/.dotfiles.git synced 2026-04-14 21:29:12 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: winters <> summers parity
Some checks are pending
Build and Deploy / build (push) Waiting to run
Details
Build and Deploy / deploy (push) Blocked by required conditions
Details
Flake check / Check flake (push) Waiting to run
Details

Browse source
This commit is contained in:
Leon Schwarzäugl 2026-01-10 15:56:09 +01:00
parent 7cacce85a0
commit 04e3bcefc3
Signed by: swarsel
GPG key ID: 26A54C31F2A4FD84
144 changed files with 3628 additions and 732 deletions
Download patch file Download diff file Expand all files Collapse all files

8
modules/nixos/common/globals.nix
View file

@ -189,6 +189,14 @@ in
type = types.nullOr types.str;
default = null;
};
serviceAddress = mkOption {
type = types.nullOr types.str;
default = null;
};
homeServiceAddress = mkOption {
type = types.nullOr types.str;
default = null;
};
isHome = mkOption {
type = types.bool;
default = false;

13
modules/nixos/common/lanzaboote.nix
View file

@ -1,18 +1,25 @@
{ lib, pkgs, config, minimal, ... }:
let
inherit (config.swarselsystems) isSecureBoot isImpermanence;
in
{
options.swarselmodules.lanzaboote = lib.mkEnableOption "lanzaboote config";
config = lib.mkIf config.swarselmodules.lanzaboote {
environment.systemPackages = lib.mkIf config.swarselsystems.isSecureBoot [
environment.systemPackages = lib.mkIf isSecureBoot [
pkgs.sbctl
];
environment.persistence."/persist" = lib.mkIf (isImpermanence && isSecureBoot) {
directories = [{ directory = "/var/lib/sbctl"; }];
};
boot = {
loader = {
efi.canTouchEfiVariables = true;
systemd-boot.enable = lib.swarselsystems.mkIfElse (minimal || !config.swarselsystems.isSecureBoot) (lib.mkForce true) (lib.mkForce false);
systemd-boot.enable = lib.swarselsystems.mkIfElse (minimal || !isSecureBoot) (lib.mkForce true) (lib.mkForce false);
};
lanzaboote = lib.mkIf (!minimal && config.swarselsystems.isSecureBoot) {
lanzaboote = lib.mkIf (!minimal && isSecureBoot) {
enable = true;
pkiBundle = "/var/lib/sbctl";
configurationLimit = 6;

2
modules/nixos/common/pii.nix
View file

@ -53,7 +53,7 @@ in
secrets = lib.mkOption {
readOnly = true;
default = lib.mapAttrs (_: x: importEncrypted x { inherit lib nodes inputs; }) config.repo.secretFiles;
default = lib.mapAttrs (_: x: importEncrypted x { inherit lib nodes inputs; inherit (inputs.topologyPrivate) topologyPrivate; }) config.repo.secretFiles;
type = lib.types.unspecified;
description = "Exposes the loaded repo secrets. This option is read-only.";
};