swarsel/.dotfiles
1
0
Fork 0
mirror of https://github.com/Swarsel/.dotfiles.git synced 2025-12-06 09:07:21 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: remove initialSetup flag

Browse source
This commit is contained in:
Leon Schwarzäugl 2025-07-05 03:33:12 +02:00
parent de3d35a9b2
commit b490763245
Signed by: swarsel
GPG key ID: 26A54C31F2A4FD84
8 changed files with 12 additions and 36 deletions
Download patch file Download diff file Expand all files Collapse all files

4
modules/nixos/common/lanzaboote.nix
View file

@ -5,9 +5,9 @@
boot = {
loader = {
efi.canTouchEfiVariables = true;
systemd-boot.enable = lib.swarselsystems.mkIfElse (config.swarselsystems.initialSetup || minimal || !config.swarselsystems.isSecureBoot) (lib.mkForce true) (lib.mkForce false);
systemd-boot.enable = lib.swarselsystems.mkIfElse (minimal || !config.swarselsystems.isSecureBoot) (lib.mkForce true) (lib.mkForce false);
};
lanzaboote = lib.mkIf (!config.swarselsystems.initialSetup && !minimal && config.swarselsystems.isSecureBoot) {
lanzaboote = lib.mkIf (!minimal && config.swarselsystems.isSecureBoot) {
enable = true;
pkiBundle = "/var/lib/sbctl";
configurationLimit = 6;

1
modules/nixos/common/sharedsetup.nix
View file

@ -19,7 +19,6 @@
default = "";
};
isCrypted = lib.mkEnableOption "uses full disk encryption";
initialSetup = lib.mkEnableOption "initial setup (no sops keys available)";
isImpermanence = lib.mkEnableOption "use impermanence on this system";
isSecureBoot = lib.mkEnableOption "use secure boot on this system";

6
modules/nixos/common/users.nix
View file

@ -8,12 +8,12 @@ in
sops.secrets.swarseluser = lib.mkIf (!config.swarselsystems.isPublic) { inherit sopsFile; neededForUsers = true; };
users = {
mutableUsers = lib.mkIf (!config.swarselsystems.initialSetup) false;
mutableUsers = lib.mkIf (!minimal) false;
users."${config.swarselsystems.mainUser}" = {
isNormalUser = true;
description = "Leon S";
password = lib.mkIf (config.swarselsystems.initialSetup || minimal) "setup";
hashedPasswordFile = lib.mkIf (!config.swarselsystems.initialSetup && !minimal) config.sops.secrets.swarseluser.path;
password = lib.mkIf minimal "setup";
hashedPasswordFile = lib.mkIf (!minimal) config.sops.secrets.swarseluser.path;
extraGroups = [ "wheel" ] ++ lib.optionals (!minimal) [ "networkmanager" "syncthing" "docker" "lp" "audio" "video" "vboxusers" "libvirtd" "scanner" ];
packages = with pkgs; [ ];
};