feat: add minimal config support (WIP)

2025-12-06 09:07:21 +01:00 · 2025-07-04 19:54:45 +02:00 · 2025-07-04 19:54:45 +02:00 · 49b557befa
commit 49b557befa
parent 34badc91d5
26 changed files with 726 additions and 599 deletions
--- a/modules/nixos/client/packages.nix
+++ b/modules/nixos/client/packages.nix
@ -1,8 +1,9 @@
-{ lib, config, pkgs, ... }:
+{ lib, config, pkgs, minimal, ... }:
 {
  options.swarselsystems.modules.packages = lib.mkEnableOption "install packages";
  config = lib.mkIf config.swarselsystems.modules.packages {
-    environment.systemPackages = with pkgs; [
+
+    environment.systemPackages = with pkgs; lib.optionals (!minimal) [
      # yubikey packages
      gnupg
      yubikey-personalization
@ -73,9 +74,19 @@

      elk-to-svg

+    ] ++ lib.optionals minimal [
+      curl
+      git
+      gnupg
+      rsync
+      ssh-to-age
+      sops
+      vim
+      just
+      sbctl
    ];

-    nixpkgs.config.permittedInsecurePackages = [
+    nixpkgs.config.permittedInsecurePackages = lib.mkIf (!minimal) [
      "jitsi-meet-1.0.8043"
      "electron-29.4.6"
      "SDL_ttf-2.0.11"
--- a/modules/nixos/client/polkit.nix
+++ b/modules/nixos/client/polkit.nix
@ -1,19 +1,20 @@
-{ lib, config, ... }:
+{ lib, config, minimal, ... }:
 {
  options.swarselsystems.modules.security = lib.mkEnableOption "security config";
  config = lib.mkIf config.swarselsystems.modules.security {

    security = {
-      pam.services = {
+      pam.services = lib.mkIf (!minimal) {
        login.u2fAuth = true;
        sudo.u2fAuth = true;
        swaylock.u2fAuth = true;
        swaylock.fprintAuth = false;
      };
-      polkit.enable = true;
+      polkit.enable = lib.mkIf (!minimal) true;

      sudo.extraConfig = ''
        Defaults    env_keep+=SSH_AUTH_SOCK
+      '' + lib.optionalString (!minimal) ''
        Defaults    env_keep+=XDG_RUNTIME_DIR
        Defaults    env_keep+=WAYLAND_DISPLAY
      '';